CVE-2022-23770

This vulnerability could allow a remote attacker to execute remote commands with improper validation of parameters of certain API constructors. Remote attackers could use this vulnerability to execute malicious commands such as directory traversal...

The vulnerability in the web interface for managing microprogrammed software routers of Cisco Small Business RV110W, RV130, RV130W, and RV215W allows a perpetrator to execute arbitrary commands or cause service failures.

The vulnerability in the web interface for managing microprogrammed software routers of Cisco Small Business RV110W, RV130, RV130W, and RV215W arises from the copying of buffers without checking the size of the input data during the processing of user fields in incoming HTTP packets. Exploiting...

UNIMO Technology digital video recorders vulnerable to missing authentication for critical functions

Overview Multiple digital video recorders provided by UNIMO Technology Co., Ltd do not perform authentication for some critical functions CWE-306 in the device management web interface. The reporter states that attacks exploiting this vulnerability have been observed. Yoshiki Mori, Ushimaru Hayat...

CVE-2019-25071

A vulnerability was found in Apple iPhone up to 12.4.1. It has been declared as critical. Affected by this vulnerability is Siri. Playing an audio or video file might be able to initiate Siri on the same device which makes it possible to execute commands remotely. Exploit details have been...

Design/Logic Flaw

A vulnerability was found in Apple iPhone up to 12.4.1. It has been declared as critical. Affected by this vulnerability is Siri. Playing an audio or video file might be able to initiate Siri on the same device which makes it possible to execute commands remotely. Exploit details have been...

Kaseya VSA SQL Injection Vulnerability

ConnectWise ManagedITSync integration for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database...

Aruba ClearPass Policy Manager Remote Command Injection Vulnerability (CNVD-2022-55530)

Aruba ClearPass Policy Manager is an application from Aruba, Inc. that provides a secure access management system for wireless networks. remote commands are present in Aruba ClearPass Policy Manager versions 6.10.4 and earlier, 6.9.9 and earlier, and 6.8.9-HF2 and earlier. injection vulnerability...

NewStart CGSL MAIN 6.02 : p11-kit Multiple Vulnerabilities (NS-SA-2022-0066)

The remote NewStart CGSL host, running version MAIN 6.02, has p11-kit packages installed that are affected by multiple vulnerabilities: - An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple integer overflows have been discovered in the array allocations in the p11-kit library and...

The vulnerability of the PTC Axeda platform for creating and deploying corporate-level applications lies in the lack of authentication for critical functions, which allows a malicious actor to disable certain services.

The vulnerability of the PTC Axeda platform for creating and deploying corporate-level applications is related to the lack of authentication for critical functions. Exploiting this vulnerability could allow a malicious actor to disable certain services by sending specially crafted commands remote...

CVE-2022-25247

Axeda agent All versions and Axeda Desktop Server for Windows All versions may allow an attacker to send certain commands to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to obtain full file-system access and...

CVE-2022-27001

Arris TR3300 v1.0.13 were discovered to contain a command injection vulnerability in the dhcp function via the hostname parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

PTC Axeda agent 路径遍历漏洞

PTC Axeda agent is an agent software from PTC. A security vulnerability exists in PTC Axeda agent that allows an attacker to send specific commands to specific ports without authentication. Successful exploitation of this vulnerability could allow a remote, unauthenticated attacker to shut down...

The vulnerability of the embedded software of NETGEAR’s routers such as R8000, RAX200, R8000P, R7900P, RBR850, RBS850, and RBK852 lies in the lack of measures to sanitize input data. This allows attackers to execute arbitrary commands.

The vulnerability of the embedded software of NETGEAR routers such as R8000, RAX200, R8000P, R7900P, RBR850, RBS850, and RBK852 lies in the lack of measures for cleaning incoming data. Exploiting this vulnerability can allow a remote attacker to execute arbitrary commands...

PT-2022-11934 · Synology · Synology Diskstation Manager

Name of the Vulnerable Software and Affected Versions: Synology DiskStation Manager DSM versions prior to 7.0.1-42218-2 Description: The issue is related to improper neutralization of special elements used in an SQL command, also known as SQL Injection, in the Log Management functionality. This...

The vulnerability of NETGEAR’s Wi-Fi router software, including models RBK752, RBR750, RBS750, RBK852, RBR850, and RBS850, arises from insufficient cleaning of input data. This allows attackers to execute arbitrary commands.

The vulnerability of NETGEAR Wi-Fi router microprogramming systems, such as RBK752, RBR750, RBS750, RBK852, RBR850, and RBS850, is related to insufficient cleaning of input data. Exploiting this vulnerability can allow a remote attacker to execute arbitrary commands...

CVE-2021-33965

China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /api/ZRMesh/setZRMesh which receives parameters by POST request, and the parameter meshenable and meshdevice have a command injection vulnerability. An attacker can use the vulnerability to execute remote commands...

Command injection

China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /api/ZRMesh/setZRMesh which receives parameters by POST request, and the parameter meshenable and meshdevice have a command injection vulnerability. An attacker can use the vulnerability to execute remote commands...

CVE-2021-33964

China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /api/ZRRuleFilter/setfirewalllevel which receives parameters by POST request, and the parameter firewalllevel has a command injection vulnerability. An attacker can use the vulnerability to execute remote commands...

CVE-2021-33965

China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /api/ZRMesh/setZRMesh which receives parameters by POST request, and the parameter meshenable and meshdevice have a command injection vulnerability. An attacker can use the vulnerability to execute remote commands...

CVE-2021-33964

China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /api/ZRRuleFilter/setfirewalllevel which receives parameters by POST request, and the parameter firewalllevel has a command injection vulnerability. An attacker can use the vulnerability to execute remote commands...