The vulnerability of the communication protocol implementation for microprogrammed router software ER2000, related to the implementation or modification of arguments, allows a perpetrator to execute arbitrary OS commands on devices.

The vulnerability of the communication protocol implementation for Connected IO microprogrammed routers involves the introduction or modification of arguments. Exploiting this vulnerability allows a malicious actor to execute arbitrary OS commands on devices remotely...

CVE-2023-30801

All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. The administrator is not forced to change the default credentials. As of 4.5.5, this issue has not been fixed. A remote attacker can use the default credentials to authenticate and...

CVE-2023-30801

All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. The administrator is not forced to change the default credentials. As of 4.5.5, this issue has not been fixed. A remote attacker can use the default credentials to authenticate and...

CVE-2023-30801

All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. The administrator is not forced to change the default credentials. As of 4.5.5, this issue has not been fixed. A remote attacker can use the default credentials to authenticate and...

CVE-2023-30801

CVE-2023-30801 affects qbittorrent up to version 4.5.5, where the web UI uses default credentials and admins are not forced to change them. A remote attacker could authenticate via the Web UI's external program feature and execute OS commands. Exploitation reports existed in the wild in March 202...

CVE-2023-30801

All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. The administrator is not forced to change the default credentials. As of 4.5.5, this issue has not been fixed. A remote attacker can use the default credentials to authenticate and...

The vulnerability of the command-line interface of ArubaOS systems allows a hacker to execute arbitrary commands.

The vulnerability of the command-line interface of ArubaOS exists because measures to neutralize special elements used in operating system commands have not been taken. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of TP-Link Archer A10’s microprogramming software arises from the lack of measures taken to neutralize special elements used in the operating system’s command set. This allows attackers to execute arbitrary operating system commands.

The vulnerability of TP-Link Archer A10 router’s microprogramming software exists due to the lack of measures taken to neutralize the special elements used in the operating system’s command set. Exploiting this vulnerability allows a remote attacker to execute arbitrary operating system commands...

CVE-2023-4092 SQL injection vulnerability in Fujitsu Arconte Áurea

SQL injection vulnerability in Arconte Áurea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to read sensitive data from the database, modify data insert/update/delete, perform database administration operations and, in some cases, execute commands on the...

Fujitsu Arconte Áurea SQL Injection Vulnerability

Fujitsu Arconte Áurea is a view recording system from Fujitsu Japan. A security vulnerability exists in Fujitsu Arconte Áurea versions prior to 1.5.0.0. An attacker could exploit the vulnerability to read sensitive data from the database, modify data insert/update/delete, perform database...

CVE-2023-21521

An SQL Injection vulnerability in the Management Console Operator Audit Trail of BlackBerry AtHoc version 7.15 could allow an attacker to potentially read sensitive data from the database, modify database data Insert/Update/Delete, execute administration operations on the database, recover the...

CVE-2023-21521

An SQL Injection vulnerability in the Management Console Operator Audit Trail of BlackBerry AtHoc version 7.15 could allow an attacker to potentially read sensitive data from the database, modify database data Insert/Update/Delete, execute administration operations on the database, recover the...

CVE-2023-39224

Archer C5 firmware all versions and Archer C7 firmware versions prior to 'Archer C7JPV2230602' allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Note that Archer C5 is no longer supported, therefore the update for this product is not provided...

CVE-2023-38588

Archer C3150 firmware versions prior to 'Archer C3150JPV2230511' allows a network-adjacent authenticated attacker to execute arbitrary OS commands...

TP-LINK Archer C2 Authorization Issues Vulnerability

The TP-LINK Archer C2 is a wireless router from China P&L TP-LINK. A security vulnerability exists in versions prior to Archer C20 V1230616, which stems from the presence of an incorrect authentication vulnerability that allows network-adjacent, unauthenticated attackers to execute arbitrary...

CVE-2023-4310

BeyondTrust Privileged Remote Access PRA and Remote Support RS versions 23.2.1 and 23.2.2 contain a command injection vulnerability which can be exploited through a malicious HTTP request. Successful exploitation of this vulnerability can allow an unauthenticated remote attacker to execute...

Command injection

BeyondTrust Privileged Remote Access PRA and Remote Support RS versions 23.2.1 and 23.2.2 contain a command injection vulnerability which can be exploited through a malicious HTTP request. Successful exploitation of this vulnerability can allow an unauthenticated remote attacker to execute...

CVE-2023-4310

BeyondTrust Privileged Remote Access PRA and Remote Support RS versions 23.2.1 and 23.2.2 contain a command injection vulnerability which can be exploited through a malicious HTTP request. Successful exploitation of this vulnerability can allow an unauthenticated remote attacker to execute...

CVE-2023-4310

BeyondTrust Privileged Remote Access PRA and Remote Support RS versions 23.2.1 and 23.2.2 contain a command injection vulnerability which can be exploited through a malicious HTTP request. Successful exploitation of this vulnerability can allow an unauthenticated remote attacker to execute...

The vulnerability of microprogrammed software in web panels for controlling and monitoring processes in industrial systems from PHOENIX CONTACTs WP 6xxx exists due to the lack of measures taken to neutralize special elements used in the operating system command set. This vulnerability allows a perpetrator to execute arbitrary code.

The vulnerability of microprogrammed software in web panels for controlling and monitoring processes in industrial systems exists due to the lack of measures taken to neutralize special elements used in the operating system command. Exploiting this vulnerability allows a malicious actor to execut...