CVE-2023-2817

The CVE-2023-2817 issue is a post-authentication stored cross-site scripting vulnerability in Craft CMS versions up to 4.4.11. It allows HTML/script injection in field names, which triggers when those fields are added to a category or section and visited on Categories/Entries pages. Several conne...

CVE-2023-2817

A post-authentication stored cross-site scripting vulnerability exists in Craft CMS versions = 4.4.11. HTML, including script tags can be injected into field names which, when the field is added to a category or section, will trigger when users visit the Categories or Entries pages respectively...

Fortigate 7.0.1 Stack Overflow

c@ubuntu:/LABS$ cat fp17.py !/usr/bin/env python3 fortigate 7.0.1 postauth stack overflow 0day more: https://code610.blogspot.com/2023/04/fuzzing-fortigate-7.html Pid: 00243, application: newcli, Firmware: FortiGate-VM64 v7.0.1,build0157b0157,210714 GA Release, Signal 6 received, Backtrace:...

CVE-2023-22919

The post-authentication command injection vulnerability in the Zyxel NBG6604 firmware version V1.01ABIR.0C0 could allow an authenticated attacker to execute some OS commands remotely by sending a crafted HTTP request...

CVE-2023-22919

The post-authentication command injection vulnerability in the Zyxel NBG6604 firmware version V1.01ABIR.0C0 could allow an authenticated attacker to execute some OS commands remotely by sending a crafted HTTP request...

Command injection

The post-authentication command injection vulnerability in the Zyxel NBG6604 firmware version V1.01ABIR.0C0 could allow an authenticated attacker to execute some OS commands remotely by sending a crafted HTTP request...

Zyxel Firewall Devices Vulnerable to Remote Code Execution Attacks — Patch Now

Networking equipment maker Zyxel has released patches for a critical security flaw in its firewall devices that could be exploited to achieve remote code execution on affected systems. The issue, tracked as CVE-2023-28771, is rated 9.8 on the CVSS scoring system. Researchers from TRAPA Security...

CVE-2023-22918

A post-authentication information exposure vulnerability in the CGI program of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50W firmware versions 4.16 through 5.35, USG20W-VPN firmware versions 4.16 through 5.35, VPN series...

CVE-2023-27991

The post-authentication command injection vulnerability in the CLI command of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50W firmware versions 4.16 through 5.35, USG20W-VPN firmware versions 4.16 through 5.35, and VPN series...

CVE-2023-27991

The post-authentication command injection vulnerability in the CLI command of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50W firmware versions 4.16 through 5.35, USG20W-VPN firmware versions 4.16 through 5.35, and VPN series...

CVE-2023-22913

A post-authentication command injection vulnerability in the “accountoperator.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote authenticated attacker to modify device configuration data,...

CVE-2023-2141

An unsafe .NET object deserialization in DELMIA Apriso Release 2017 through Release 2022 could lead to post-authentication remote code execution...

CVE-2023-2141 Unsafe .NET object deserialization affecting DELMIA Apriso Release 2017 through Release 2022

An unsafe .NET object deserialization in DELMIA Apriso Release 2017 through Release 2022 could lead to post-authentication remote code execution...

CVE-2023-2141

CVE-2023-2141 concerns an unsafe .NET object deserialization in DELMIA Apriso (2017–2022) that could lead to post-authentication remote code execution. Root cause: deserialization of untrusted .NET objects in the affected DELMIA Apriso releases. Impact is described as remote code execution with h...

PT-2023-18182 · Dassault Systèmes · Delmia Apriso

Name of the Vulnerable Software and Affected Versions: DELMIA Apriso versions 2017 through 2022 Description: An unsafe .NET object deserialization could lead to post-authentication remote code execution. Recommendations: For DELMIA Apriso versions 2017 through 2022, update to a version that fixes...

CVE-2022-4934

A post-auth command injection vulnerability in the exception wizard of Sophos Web Appliance older than version 4.3.10.4 allows administrators to execute arbitrary code...

PT-2023-2216 · Sophos · Sophos Web Appliance

Name of the Vulnerable Software and Affected Versions: Sophos Web Appliance versions prior to 4.3.10.4 Description: A post-auth command injection vulnerability in the exception wizard of Sophos Web Appliance allows administrators to execute arbitrary code. The vulnerability is related to the...

CVE-2023-1456

A vulnerability, which was classified as critical, has been found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6. This issue affects some unknown processing of the component NAT Configuration Handler. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been...

Command injection

A vulnerability, which was classified as critical, has been found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6. This issue affects some unknown processing of the component NAT Configuration Handler. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been...

SUSE CVE-2017-7692

SquirrelMail 1.4.22 and other versions before 201704270200-SVN allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. It's possible to exploit this vulnerability to execute arbitrary shell commands on the remote server. The problem is in the...