CVE-2023-5684

A vulnerability was found in Byzoro Smart S85F Management Platform up to 20231012. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /importexport.php. The manipulation leads to os command injection. The attack can be launched remotely. The...

Command injection

A vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20231012. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /importexport.php. The manipulation leads to os command injection. The attack can be launched...

CVE-2023-30806

The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /cgi-bin/login.cgi endpoint. This is due to...

VulnCheck KEV: CVE-2021-33552

Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code...

VulnCheck KEV: CVE-2021-33553

Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code...

CVE-2023-41029

Command injection vulnerability in the homemng.htm endpoint in Juplink RX4-1500 Wifi router firmware versions V1.0.2, V1.0.3, V1.0.4, and V1.0.5 allows authenticated remote attackers to execute commands as root via specially crafted HTTP requests to the vulnerable endpoint...

CVE-2023-38033

ASUS RT-AC86U unused Traffic Analyzer legacy Statistic function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services...

PT-2023-7492 · Asus · Asus Rt-Ac86U

Name of the Vulnerable Software and Affected Versions: ASUS RT-AC86U affected versions not specified Description: The issue is related to the insufficient filtering of special characters in the Traffic Analyzer legacy Statistic function of the ASUS RT-AC86U router. A remote attacker with regular...

CVE-2023-4711

A vulnerability, which was classified as critical, has been found in D-Link DAR-8000-10 up to 20230819. Affected by this issue is some unknown functionality of the file /log/decodmail.php. The manipulation of the argument file leads to os command injection. The attack may be launched remotely. Th...

FBI confirms Barracuda patch is not effective for exploited ESG appliances

In an FBI Flash about a Barracuda ESG vulnerability, listed as CVE-2023-2868, the FBI has stated that the patches released by Barracuda in response to this CVE were ineffective for anyone previously infected. Although both Barracude and Mandiant have already made this determination, the agency sa...

CVE-2023-4542

A vulnerability was found in D-Link DAR-8000-10 up to 20230809. It has been classified as critical. This affects an unknown part of the file /app/sys1.php. The manipulation of the argument cmd with the input id leads to os command injection. It is possible to initiate the attack remotely. The...

PT-2023-4591 · D Link · D-Link Dar-8000-10

Name of the Vulnerable Software and Affected Versions: D-Link DAR-8000-10 up to 20230809 Description: A critical issue affects the file /app/sys1.php, where the manipulation of the cmd argument with the input id leads to os command injection. This can be initiated remotely. The exploit has been...

CVE-2023-4414

A vulnerability was found in Byzoro Smart S85F Management Platform up to 20230807. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /log/decodmail.php. The manipulation of the argument file leads to command injection. The attack can be...

CVE-2023-4414

The CVE-2023-4414 entry concerns Byzoro/Beijing Baichuo Smart S85F Management Platform up to 20230807. Affected component: /log/decodmail.php. Issue: manipulation of the file argument leads to remote command injection. Impact is described as critical with high confidentiality, integrity, and avai...

CVE-2023-4412

A vulnerability was found in TOTOLINK EX1200L ENV9.3.5u.6146B20201023 and classified as critical. This issue affects the function setWanCfg. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The...

CVE-2023-4411

A vulnerability has been found in TOTOLINK EX1200L ENV9.3.5u.6146B20201023 and classified as critical. This vulnerability affects the function setTracerouteCfg. The manipulation leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and m...

CVE-2023-4410

A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L ENV9.3.5u.6146B20201023. This affects the function setDiagnosisCfg. The manipulation leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may...

PT-2023-4624 · Totolink · Totolink Ex1200T

Name of the Vulnerable Software and Affected Versions: TOTOLINK EX1200L version EN V9.3.5u.6146 B20201023 Description: A critical issue has been found, affecting the setTracerouteCfg function, which can lead to os command injection. This can be exploited remotely. The issue is related to errors i...

PT-2023-29100 · Totolink · Totolink Ex1200T

Name of the Vulnerable Software and Affected Versions: TOTOLINK EX1200L version EN V9.3.5u.6146 B20201023 Description: A critical issue was found, affecting the setDiagnosisCfg function, which leads to os command injection. This can be initiated remotely. Recommendations: For TOTOLINK EX1200L...

New OpenSSH Vulnerability Exposes Linux Systems to Remote Command Injection

Details have emerged about a now-patched flaw in OpenSSH that could be potentially exploited to run arbitrary commands remotely on compromised hosts under specific conditions. "This vulnerability allows a remote attacker to potentially execute arbitrary commands on vulnerable OpenSSH's forwarded...