CVE-2024-25998

An unauthenticated remote attacker can perform a command injection in the OCPP Service with limited privileges due to improper input validation...

CVE-2024-2352

1Panel up to 1.10.1-lts is affected by CVE-2024-2352 via command injection in the function baseApi.UpdateDeviceSwap (file /api/v1/toolbox/device/update/swap). The issue arises from untrusted input in the Path argument (example: 123123123\nopen -a Calculator), which can be exploited remotely. Publ...

PT-2024-2010 · Totolink · Totolink X6000R

Name of the Vulnerable Software and Affected Versions: Totolink X6000R version 9.4.0cu.852 20230719 Description: A critical issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation of the argument ip leads to os command injection. The...

Exploit for OS Command Injection in Zyxel Usg_Flex_100W_Firmware

CVE-2022-30525 Zyxel Firewall Remote Command Injection A py...

PT-2024-9318 · NetGear · Netgear R7000

Name of the Vulnerable Software and Affected Versions: Netgear R7000 version 1.0.11.136 Description: The issue is related to a Command Injection vulnerability in the RMT invite.cgi script, specifically via the device name2 parameter. This vulnerability can be exploited by a remote attacker to...

CVE-2023-32462

Dell OS10 Networking Switches running 10.5.2.x and above contain an OS command injection vulnerability when using remote user authentication. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands and possible system...

CVE-2024-22093

The CVE-2024-22093 issue affects BIG-IP in Appliance mode where an authenticated attacker can exploit an undisclosed iControl REST endpoint to perform remote command injection and cross the security boundary. Affected versions include BIG-IP Next/BIG-IP (all modules) on 17.x with fixes in 17.1.1,...

F5 BIG-IP Security Vulnerabilities

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, and load balancing. A security vulnerability exists in the F5 BIG-IP that stems from a remote command injection vulnerability in the iControl REST endpoint on a...

PT-2024-19202 · Icontrol · Icontrol

The issue is related to an authenticated remote command injection in an undisclosed iControl REST endpoint on multi-bladed systems when running in appliance mode. A successful exploit can allow the attacker to cross a security boundary. The affected software is iControl, but the specific versions...

VulnCheck KEV: CVE-2016-10108

Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/googleanalytics.php URL via a modified arg parameter in the POST data...

CVE-2023-46359

An OS command injection vulnerability in Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier, may allow an unauthenticated remote attacker to execute arbitrary commands on the system via a specifically crafted arguments passed to the connectivity check feature...

CVE-2024-1115

A vulnerability was found in openBI up to 1.0.8 and classified as critical. This issue affects the function dlfile of the file /application/websocket/controller/Setting.php. The manipulation of the argument phpPath leads to os command injection. The attack may be initiated remotely. The exploit h...

Buffalo LS210D Security Vulnerability

Buffalo LS210D is a hard disk drive from Buffalo Japan. A security vulnerability exists in the Buffalo LS210D version 1.78-0.03. A remote attacker can exploit this vulnerability to inject arbitrary commands into the NAS as root...

PT-2024-15962 · Unknown · Asterisk-Cli +1

Name of the Vulnerable Software and Affected Versions: Issabel PBX version 4.0.0 Description: A critical issue affects the processing of the file /index.php?menu=asterisk cli of the component Asterisk-Cli. The manipulation of the argument Command leads to os command injection. The attack may be...

CVE-2024-0919

A vulnerability was found in TRENDnet TEW-815DAP 1.0.2.0. It has been classified as critical. This affects the function dosetNTP of the component POST Request Handler. The manipulation of the argument NtpDstStart/NtpDstEnd leads to command injection. It is possible to initiate the attack remotely...

CVE-2024-0918

A vulnerability was found in TRENDnet TEW-800MB 1.0.1.0 and classified as critical. Affected by this issue is some unknown functionality of the component POST Request Handler. The manipulation of the argument DeviceURL leads to os command injection. The attack may be launched remotely. The exploi...

Command Injection

Nginx-ui is vulnerable to Remote Command Injection. The vulnerability is caused due a lack of proper authorization checks in the SaveSettings function. This issue may lead to authenticated Remote Code Execution, Privilege Escalation, and Information Disclosure...

Siemens CP-8031 安全漏洞

The SICAM A8000 rtu remote terminal unit series is a modular family of devices for remote control and automation applications in all areas of energy supply. A command injection vulnerability exists in the Siemens CPCI85 Firmware of SICAM A8000 Devices, which can be exploited by an authenticated,...

Exploit for CVE-2022-36267

CVE-2022-36267 - Airspan AirSpot 5410 Unauthenticated Remote C...

CVE-2024-0297

A vulnerability was found in Totolink N200RE 9.3.5u.6139B20201216 and classified as critical. This issue affects the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to os command injection. The attack may be initiated remotely. The...