CVE-2023-38025

SpotCam Co., Ltd. SpotCam FHD 2’s hidden Telnet function has a vulnerability of OS command injection. An remote unauthenticated attacker can exploit this vulnerability to execute command injection attack to arbitrary system commands or disrupt service...

Zyxel NBG6604 Command Injection Vulnerability (CNVD-2023-64085)

The Zyxel NBG6604 is a dual-band wireless router from China's Hopkins Zyxel. The Zyxel NBG6604 V1.01ABIR.1C0 suffers from a command injection vulnerability that stems from a failure to properly filter constructed command special characters, commands, etc. in the NTP function. An attacker can...

CVE-2023-3267

When adding a remote backup location, an authenticated user can pass arbitrary OS commands through the username field. The username is passed without sanitization into CMD running as NT/Authority System. An authenticated attacker can leverage this vulnerability to execute arbitrary code with...

CVE-2023-3264

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database. A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or...

CVE-2023-3262

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database.A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or...

CVE-2023-3264

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database. A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or...

CVE-2023-3262

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database.A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or...

CVE-2023-38641

A vulnerability has been identified in SICAM TOOLBOX II All versions V07.10. The affected application's database service is executed as NT AUTHORITY\SYSTEM. This could allow a local attacker to execute operating system commands with elevated privileges...

The vulnerability of microprogrammed software in web panels for controlling and monitoring processes in industrial systems from PHOENIX CONTACTs WP 6xxx exists due to the lack of measures taken to neutralize special elements used in the operating system command. This vulnerability allows a intruder to gain unauthorized access to the device.

The vulnerability of microprogrammed software in web panels for controlling and monitoring processes in industrial systems exists due to the lack of measures taken to neutralize special elements used in the operating system command set. Exploiting this vulnerability can allow a malicious actor,...

CVE-2023-33378

Connected IO v2.1.0 and prior has an argument injection vulnerability in its AT command message in its communication protocol, enabling attackers to execute arbitrary OS commands on devices...

Connected IO Operating System Command Injection Vulnerability

Connected IO is a leading hardware, software and cloud-based IoT and machine-to-machine solution from US-based Connected IO, Inc. A security vulnerability previously existed in Connected IO version v2.1.0 that stemmed from having a command as part of its communication protocol that allowed the...

Connected IO Parameter Injection Vulnerability

Connected IO is a leading hardware, software and cloud-based IoT and machine-to-machine solution from US-based Connected IO, Inc. A security vulnerability exists in Connected IO ER2000 v2.1.0 and earlier versions, which stems from a parameter injection vulnerability in the iptables command in the...

Design/Logic Flaw

A vulnerability in the privilege management functionality of all Cisco BroadWorks server types could allow an authenticated, local attacker to elevate privileges to root on an affected system. This vulnerability is due to incorrect implementation of user role permissions. An attacker could exploi...

Suprema BioStar 2 Operating System Command Injection Vulnerability

Suprema BioStar 2 is a web-based biometric security smart lock platform from Suprema Korea. A security vulnerability exists in Suprema BioStar 2 versions prior to V2.9.1, which stems from a vulnerability that allows an authenticated user to execute arbitrary operating system commands on the BioSt...

The vulnerability of Cisco BroadWorks server software arises from the lack of measures taken to neutralize specific elements, allowing attackers to elevate their privileges to the root level.

The vulnerability of Cisco BroadWorks server software exists due to the lack of measures taken to neutralize special elements used in the operating system command. Exploiting this vulnerability can allow attackers to elevate their privileges to the root level...

PT-2023-4177 · Mlflow · Mlflow

Name of the Vulnerable Software and Affected Versions: MLflow versions prior to 2.6.0 Description: The issue exists due to the failure to neutralize special elements used in an operating system command. This could allow an attacker to execute arbitrary commands or cause a denial of service. The...

The vulnerability of the access point management function in microprogrammed software for Zyxel USG FLEX, USG FLEX 50(W), USG20(W)-VPN, ATP, and VPN allows a hacker to execute arbitrary commands.

The vulnerability of the access point management function in Zyxel USG FLEX, USG FLEX 50W, USG20W-VPN, ATP, and VPN software for network devices is related to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a...

The vulnerability of the Free Time WiFi Hotspot function in the microprogrammed networking devices of Zyxel USG FLEX and VPN allows a intruder to execute arbitrary commands.

The vulnerability of the Free Time WiFi Hotspot function in the microprogrammed networking devices of Zyxel USG FLEX and VPN relates to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execut...

Hikvision Hybrid SAN Ds-a71024 Firmware - Multiple Remote Code Execution Exploit

Exploit Title: Hikvision Hybrid SAN Ds-a71024 Firmware - Multiple Remote Code Execution Exploit Author: Thurein Soe CVE : CVE-2022-28171 Vendor Homepage: https://www.hikvision.com Software Link: N/A Refence Link: https://cve.report/CVE-2022-28171 Version: Filmora 12: Ds-a71024 Firmware, Ds-a71024...

Zyxel USG FLEX 操作系统命令注入漏洞

Zyxel USG FLEX is a firewall from China Hopkins Zyxel. It provides flexible VPN options IPsec, SSL or L2TP to provide flexible and secure remote access for remote work and management. A security vulnerability exists in the Zyxel USG FLEX that stems from a command injection in the Free Time WiFi...