Xiongmai DVR/NVR 操作系统命令注入漏洞

Xiongmai DVR/NVR is an embedded system and control platform developed by Xiongmai Corporation, used for video surveillance devices. Version 4.03.R11 of Xiongmai DVR/NVR contains a vulnerability related to operating system command injection. This vulnerability stems from the shell metacharacter in...

CVE-2026-20764

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by providing malicious input via the device hostname configuration which is later processed during system setup, resulting in remote...

CVE-2026-20764 Copeland XWEB and XWEB Pro OS Command Injection

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by providing malicious input via the device hostname configuration which is later processed during system setup, resulting in remote...

CVE-2025-34233

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 VA/SaaS deployments contain a protection mechanism failure vulnerability within the filegetcontents function. When an administrator configures a printer’s hostname or...

CVE-2025-8830

The CVE-2025-8830 issue affects Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 devices up to 20250801. It centers on the function sub_3517C in /goform/setWan, where manipulating the Hostname argument leads to an OS command injection. The vulnerability can be triggered remotely and has had publ...

Cross-site Scripting (XSS)

Overview webssh is a Web based ssh client Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Login Page when user-supplied input in the hostname or port parameters is not properly sanitised. An attacker can inject and execute arbitrary JavaScript code in the...

Schneider Electric EcoStruxure IT Data Center Expert Remote Command Execution

Vulnerability Details Affected Vendor: Schneider Electric Affected Product: EcoStruxure IT Data Center Expert Affected Version: 8.3 and prior Platform: CentOS CWE Classification: CWE-1286: Improper Validation of Syntactic Correctness of Input, CWE-94: Improper Control of Generation of Code 'Code...

D-Link DIR-600L 安全漏洞

The D-Link DIR-600L is an entry-level wireless router from China's AUO D-Link that supports 150Mbps wireless transmission and four 100 megabit wired ports. The D-Link DIR-600L suffers from a buffer overflow vulnerability that stems from the formSetWanL2TP function parameter host failing to proper...

D-Link DWR-M961 安全漏洞

The D-Link DWR-M961 is a router from China-based AUO D-Link. The D-Link DWR-M961 suffers from a buffer overflow vulnerability that originates from the parameter Hostname in the file /boafrm/formStaticDHCP that fails to properly validate the length of the input data, which can be exploited by an...

CVE-2019-6697

An Improper Neutralization of Input vulnerability affecting FortiGate version 6.2.0 through 6.2.1, 6.0.0 through 6.0.6 in the hostname parameter of a DHCP packet under DHCP monitor page may allow an unauthenticated attacker in the same network as the FortiGate to perform a Stored Cross Site...

CVE-2023-51731

This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Hostname parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interfac...

CVE-2022-44794

An issue was discovered in Object First Ootbi BETA build 1.0.7.712. Management protocol has a flow which allows a remote attacker to execute arbitrary Bash code with root privileges. The command that sets the hostname doesn't validate input parameters. As a result, arbitrary data goes directly to...

Object First 安全漏洞

Object First is a Veeam best-of-breed storage solution from Object First. A security vulnerability exists in Object First version 1.0.7.712, which stems from the command to set the hostname not validating the input parameters, resulting in arbitrary data that can be directed to the Bash...

CVE-2021-40222

Rittal CMC PU III Web management Version affected: V3.11.002. Version fixed: V3.17.10 is affected by a remote code execution vulnerablity. It is possible to introduce shell code to create a reverse shell in the PU-Hostname field of the TCP/IP Configuration dialog. Web application fails to sanitiz...

UBUNTU-CVE-2016-0634

The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine...

[oss-security] OpenFiler - Arbitrary Code Execution & Stored XSS

hi, Multiple vulnerabilities were discovered in the latest version of OpenFiler appliance, 2.99.1 as reported herehttps://forums.openfiler.com/index.php?/topic/6720-arbitrary-code-execution-stored-xss-vulnerability-in-openfiler-latest-version-2991/, here http://www.exploit-db.com/exploits/33247 a...

CVE-1999-1389

US Robotics/3Com Total Control Chassis with Frame Relay between 3.6.22 and 3.7.24 does not properly enforce access filters when the "set host prompt" setting is made for a port, which allows attackers to bypass restrictions by providing the hostname twice at the "host: " prompt...