QNAP Systems QTS 操作系统命令注入漏洞

QNAP Systems QTS is an operating system used by China Weilian Technology QNAP Systems for entry to mid-level QNAP NAS. An operating system command injection vulnerability exists in QNAP Systems QTS version 4.3.6.2805 build 20240619 and prior versions, which stems from the inclusion of an operatin...

EMC AlphaStor Device Manager Arbitrary Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'EMC AlphaStor Device Manager Arbitrary Command Execution', 'Description' = %q EMC AlphaStor Device Manager is prone to a remote command-injection...

CVE-2024-8213

A vulnerability classified as critical has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. Affected is th...

CVE-2024-8210

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. It has been classified as critical. This...

CVE-2024-8127

The CVE-2024-8127 family affects D-Link NAS/DVR devices (DNS-120, DNR-202L, DNS-315L, DNS-320/320L/320LW/321, DNR-322L, DNS-323/325/326/327L, DNR-326, DNS-340L/343/345, DNS-726-4, DNS-1100-4, DNS-1200-05, DNS-1550-04) with a command-injection in the CGI unzip function of /cgi-bin/webfile_mgr.cgi ...

PT-2024-38822 · D Link · Dns-320L +18

Name of the Vulnerable Software and Affected Versions: D-Link DNS-120 up to 20240814 D-Link DNR-202L up to 20240814 D-Link DNS-315L up to 20240814 D-Link DNS-320 up to 20240814 D-Link DNS-320L up to 20240814 D-Link DNS-320LW up to 20240814 D-Link DNS-321 up to 20240814 D-Link DNR-322L up to...

CVE-2024-8077

A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862B20230228. It has been classified as critical. This affects the function setTracerouteCfg. The manipulation leads to os command injection. It is possible to initiate the attack remotely. NOTE: The vendor was contacted early about this...

CVE-2024-7907

A vulnerability, which was classified as critical, has been found in TOTOLINK X6000R 9.4.0cu.85220230719. This issue affects the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument rtLogServer leads to command injection. The attack may be initiated remotely. T...

PT-2024-6467 · Totolink · Totolink X6000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK X6000R version 9.4.0cu.852 20230719 Description: A critical issue has been found in the TOTOLINK X6000R, affecting the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument rtLogServer leads to...

CVE-2024-7896

A vulnerability was found in Tosei Online Store Management System ネット店舗管理システム 4.02/4.03/4.04. It has been rated as critical. Affected by this issue is some unknown functionality of the file /cgi-bin/p1ftpserver.php. The manipulation of the argument adrtxt leads to command injection. The attack ma...

CVE-2024-7579

A vulnerability was found in Alien Technology ALR-F800 up to 19.10.24.00. It has been declared as critical. Affected by this vulnerability is the function popen of the file /var/www/cgi-bin/upgrade.cgi of the component File Name Handler. The manipulation of the argument uploadedFile leads to os...

PT-2024-7881 · D Link · D-Link Di-8003

Name of the Vulnerable Software and Affected Versions: D-Link DI-8003 version 16.07.16A1 Description: A critical issue has been identified, affecting the function upgrade filter asp of the file /upgrade filter.asp. The manipulation of the argument path leads to os command injection. This issue ca...

CVE-2024-7470

A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. It has been rated as critical. This issue affects the function sslvpnconfigmod of the file /vpn/vpntemplatestyle.php of the component Web Interface. The manipulation of the argument template/stylenum leads to os...

PT-2024-38350 · Vivotek · Vivotek Cc8160

Name of the Vulnerable Software and Affected Versions: Vivotek CC8160 VVTK-0100d affected versions not specified Description: A critical vulnerability affects the function getenv of the file upload file.cgi. The manipulation of the argument QUERY STRING leads to command injection. It is possible ...

CVE-2024-7029

Commands can be injected over the network and executed without authentication...

Horizon Business Services Caterease 安全漏洞

Horizon Business Services Caterease is an event planning and catering software from Horizon Business Services, USA. A security vulnerability exists in Horizon Business Services Caterease versions 16.0.1.1663 through 24.0.1.2405 and later versions, which stems from improper neutralization of...

CVE-2024-7181

A vulnerability classified as critical was found in TOTOLINK A3600R 4.1.2cu.5182B20201102. This vulnerability affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument telnetenabled leads to command injection. The attack can be initiated remotely. The...

CVE-2024-7181

A vulnerability classified as critical was found in TOTOLINK A3600R 4.1.2cu.5182B20201102. This vulnerability affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument telnetenabled leads to command injection. The attack can be initiated remotely. The...

CVE-2024-7175

A vulnerability has been found in TOTOLINK A3600R 4.1.2cu.5182B20201102 and classified as critical. This vulnerability affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ipDoamin leads to os command injection. The attack can be initiated...

PT-2024-38137 · Totolink · Totolink A3600R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3600R version 4.1.2cu.5182 B20201102 Description: A critical issue has been found that affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ipDoamin leads to os command injection...