Yealink Device Management Platform Pre-authentication Remote Command Injection (CVE-2021-27561)

Binary data yealinkdevicemanagementplatformCVE-2021-27561.nbin...

PT-2024-32996 · Ruijie · Ruijie Rg-Uac

Name of the Vulnerable Software and Affected Versions: Ruijie RG-UAC versions prior to 20240507 Description: A critical vulnerability exists in Ruijie RG-UAC. The manipulation of the name argument in an unknown function of the file /view/networkConfig/physicalInterface/interface commit.php leads ...

CVE-2024-4505

CVE-2024-4505 concerns Ruijie RG-UAC (up to 20240428). The issue is an OS command injection in the PHP file /view/IPV6/ipv6Addr/ip_addr_add_commit.php, triggered by manipulating the arguments prelen/ethname. It is exploitable remotely and has been publicly disclosed. Multiple sources (NVD, Red Ha...

PT-2024-31426 · Ruijie · Ruijie Rg-Uac

Name of the Vulnerable Software and Affected Versions: Ruijie RG-UAC up to 20240428 Description: A critical issue has been found in Ruijie RG-UAC, affecting an unknown functionality of the file /view/IPV6/naborTable/add commit.php. The manipulation of the ip addr/mac addr argument leads to os...

PT-2024-31421 · Ruijie · Ruijie Rg-Uac

Name of the Vulnerable Software and Affected Versions: Ruijie RG-UAC up to 20240428 Description: A critical issue has been found, allowing for OS command injection through the manipulation of the oldipmask, oldgateway, and olddevname arguments in an unknown function of the file...

VulnCheck KEV: CVE-2023-3608

A vulnerability was found in Ruijie BCR810W 2.5.10. It has been rated as critical. This issue affects some unknown processing of the component Tracert Page. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may...

CVE-2023-50217

D-Link G416 awsfile rm Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists...

CVE-2023-41201

D-Link DAP-1325 HNAP SetSetupWizardStatus Enabled Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerabilit...

CVE-2023-41200

D-Link DAP-1325 HNAP SetHostIPv6StaticSettings StaticPrefixLength Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit...

CVE-2023-34278

D-Link DIR-2150 SetSysEmailSettings EmailFrom Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this...

D-Link DAP-1325 安全漏洞

D-Link DAP-1325 is a wireless network extender made by D-Link, which is mainly used to extend the wireless network coverage, support the conversion of wired network and wireless network or connect to different wireless networks. The D-Link DAP-1325 suffers from a command injection remote code...

D-Link DAP-1325 安全漏洞

D-Link DAP-1325 is a wireless access point/bridge made by D-Link, which is mainly used to extend the wireless network coverage, support the conversion of wired network to wireless network or connect different wireless networks. The D-Link DAP-1325 suffers from a Command Injection Remote Code...

D-Link DIR-X3260 安全漏洞

D-Link DIR-X3260 is a Wi-Fi 6 router from China-based AUO D-Link. A security vulnerability exists in the D-Link DIR-X3260 that stems from a command injection remote code execution vulnerability...

CVE-2024-3191

A vulnerability, which was classified as critical, has been found in MailCleaner up to 2023.03.14. This issue affects some unknown processing of the component Email Handler. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the...

CVE-2024-3193

A vulnerability has been found in MailCleaner up to 2023.03.14 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Admin Endpoints. The manipulation leads to os command injection. The attack can be launched remotely. The exploit has been disclos...

CVE-2023-1000

A vulnerability was found in cyanomiko dcnnt-py up to 0.9.0. It has been classified as critical. Affected is the function main of the file dcnnt/plugins/notifications.py of the component Notification Handler. The manipulation leads to command injection. It is possible to launch the attack remotel...

CVE-2024-33343

D-Link DIR-822+ V1.0.5 was found to contain a command injection in ChgSambaUserSettings function of prog.cgi, which allows remote attackers to execute arbitrary commands via shell...

RHEL 6 : foreman-proxy (RHSA-2014:0770)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2014:0770 advisory. The foreman-proxy package provides a RESTful API to manage DNS, DHCP, TFTP, and Puppet settings, and can be used as part of Foreman. A shell command...

CVE-2024-3908

A vulnerability classified as critical has been found in Tenda AC500 2.0.1.91307. Affected is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed...

CVE-2024-3871 Authenticated Remote Command Injection in Delta Electronics DVW

The Delta Electronics DVW-W02W2-E2 devices expose a web administration interface to users. This interface implements multiple features that are affected by command injections and stack overflows vulnerabilities. Successful exploitation of these flaws would allow remote unauthenticated attackers t...