Dell Virtual Appliance Manager 操作系统命令注入漏洞

Dell Virtual Appliance Manager is a virtual appliance manager from Dell USA. A command injection vulnerability exists in Dell Virtual Appliance Manager, which can be exploited by an attacker to cause arbitrary operating system commands to be executed on an affected system...

The vulnerability of the sub_4119A0 function in the microprogramming software of the TOTOLINK X6000R router allows a hacker to execute arbitrary code.

The vulnerability of the sub4119A0 function shttpd in the TOTOLINK X6000R router microprogramming system exists due to the lack of measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the microprogrammed software of the FXC AE1021 and FXC AE1021PE routers lies in the failure to take measures to neutralize special elements used in the operating system’s command set. This allows attackers to execute arbitrary commands.

The vulnerability of the microprogrammed routing devices FXC AE1021 and FXC AE1021PE lies in the lack of measures to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the sub_4119A0 function in the microprogramming software of the TOTOLINK X6000R router allows a hacker to execute arbitrary code.

The vulnerability of the sub4119A0 function shttpd in the TOTOLINK X6000R router microprogramming system exists due to the lack of measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the sub_4119A0 function in the microprogramming software of the TOTOLINK X6000R router allows a hacker to execute arbitrary code.

The vulnerability of the sub4119A0 function shttpd in the TOTOLINK X6000R router microprogramming system exists due to the lack of measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

CVE-2023-37928

A post-authentication command injection vulnerability in the WSGI server of the Zyxel NAS326 firmware version V5.21AAZF.14C0 and NAS542 firmware version V5.21ABAG.11C0 could allow an authenticated attacker to execute some operating system OS commands by sending a crafted URL to a vulnerable devic...

Command injection

A command injection vulnerability in the “showzysyncservercontents” function of the Zyxel NAS326 firmware version V5.21AAZF.14C0 and NAS542 firmware version V5.21ABAG.11C0 could allow an unauthenticated attacker to execute some operating system OS commands by sending a crafted HTTP POST request...

CVE-2023-4474

The improper neutralization of special elements in the WSGI server of the Zyxel NAS326 firmware version V5.21AAZF.14C0 and NAS542 firmware version V5.21ABAG.11C0 could allow an unauthenticated attacker to execute some operating system OS commands by sending a crafted URL to a vulnerable device...

CVE-2023-4473

A command injection vulnerability in the web server of the Zyxel NAS326 firmware version V5.21AAZF.14C0 and NAS542 firmware version V5.21ABAG.11C0 could allow an unauthenticated attacker to execute some operating system OS commands by sending a crafted URL to a vulnerable device...

CVE-2023-37927

The improper neutralization of special elements in the CGI program of the Zyxel NAS326 firmware version V5.21AAZF.14C0 and NAS542 firmware version V5.21ABAG.11C0 could allow an authenticated attacker to execute some operating system OS commands by sending a crafted URL to a vulnerable device...

CVE-2023-35138

A command injection vulnerability in the “showzysyncservercontents” function of the Zyxel NAS326 firmware version V5.21AAZF.14C0 and NAS542 firmware version V5.21ABAG.11C0 could allow an unauthenticated attacker to execute some operating system OS commands by sending a crafted HTTP POST request...

PT-2023-7333 · Zyxel · Zyxel Nas326 +1

Name of the Vulnerable Software and Affected Versions: Zyxel NAS326 version V5.21AAZF.14C0 Zyxel NAS542 version V5.21ABAG.11C0 Description: The issue arises from the improper neutralization of special elements in the WSGI server, allowing an unauthenticated attacker to execute some operating syst...

Ray Operating System Command Injection Vulnerability

Ray is a unified framework for scaling AI and Python applications open-sourced by ray-project. Ray suffers from an OS command injection vulnerability that stems from a command injection vulnerability in the cpuprofile URL parameter. An attacker can exploit this vulnerability to run the Ray...

The vulnerability of the microprogrammed remote terminal block INEA ME RTU lies in the lack of measures taken to neutralize special elements used in the operating system’s commands. This allows a perpetrator to execute arbitrary operating system commands.

The vulnerability of the microprogrammed remote terminal block INEA ME RTU exists due to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary operating system commands...

Design/Logic Flaw

Squidex is an open source headless CMS and content management hub. Affected versions are subject to an arbitrary file write vulnerability in the backup restore feature which allows an authenticated attacker to gain remote code execution RCE. Squidex allows users with the squidex.admin.restore...

CVE-2023-46253 Remote code execution in Squidex

Squidex is an open source headless CMS and content management hub. Affected versions are subject to an arbitrary file write vulnerability in the backup restore feature which allows an authenticated attacker to gain remote code execution RCE. Squidex allows users with the squidex.admin.restore...

PT-2023-7573 · Cisco · Cisco Firepower Management Center

Name of the Vulnerable Software and Affected Versions: Cisco Firepower Management Center FMC Software affected versions not specified Description: The issue exists due to insufficient validation of user-supplied input for certain configuration options in the web-based management interface of Cisc...

CVE-2023-45869

ILIAS 7.25 2023-09-12 allows any authenticated user to execute arbitrary operating system commands remotely, when a highly privileged account accesses an XSS payload. The injected commands are executed via the exec function in the execQuoted method of the ilUtil class...

CVE-2023-45869

ILIAS 7.25 2023-09-12 allows any authenticated user to execute arbitrary operating system commands remotely, when a highly privileged account accesses an XSS payload. The injected commands are executed via the exec function in the execQuoted method of the ilUtil class...

CVE-2023-45869

ILIAS 7.25 2023-09-12 allows any authenticated user to execute arbitrary operating system commands remotely, when a highly privileged account accesses an XSS payload. The injected commands are executed via the exec function in the execQuoted method of the ilUtil class...