Linksys E7350 安全漏洞

The Linksys E7350 is a wireless router device from Leadsys. A security vulnerability exists in the handling of the ifname parameter in the Linksys E7350 apclicancelwps function, which can be exploited by a remote attacker to submit a special request that can be used in the application context to...

NETGEAR DGN1000 访问控制错误漏洞

The NETGEAR DGN1000 is a wireless router from NETGEAR for home and small office networking. An authentication bypass vulnerability exists in the NETGEAR DGN1000 prior to version 1.1.00.48. An attacker can exploit this vulnerability to take full control of the device by sending a constructed HTTP...

TOTOLINK A6000R 安全漏洞

The TOTOLINK A6000R is a high-performance wireless router that utilizes advanced technology and design to provide users with an outstanding networking experience. A security vulnerability exists in the handling of the opmode parameter in the TOTOLINK A6000R actionreboot function, which can be...

CVE-2023-28354

An issue in Opsview Monitor Agent 6.8 allows an unauthenticated remote attacker to call NRPE via check_nrpe and escape NRPE plugin execution by sending command control characters, enabling remote execution of commands on the target as NT_AUTHORITY\SYSTEM. This is documented in multiple sources (N...

CVE-2023-28354

An issue was discovered in Opsview Monitor Agent 6.8. An unauthenticated remote attacker can call checknrpe against affected targets, specifying known NRPE plugins, which in default installations are configured to accept command control characters and pass them to command-line interpreters for NR...

Opsview Monitor Agent 安全漏洞

Opsview Monitor Agent is a monitoring platform agent program from Opsview. A security vulnerability exists in Opsview Monitor Agent version 0.3.9.700 2022-09-28 and earlier, which stems from the ability of an unauthenticated remote attacker to invoke the checknrpe specified plug-in, which allows...

cups security update

1:2.2.6-62 - RHEL-60338 CVE-2024-47175 cups: remote command injection via attacker controlled data in PPD file...

The vulnerability of the hnap_main() function in D-LINK DIR-806 wireless router software allows a hacker to execute arbitrary commands, gain unauthorized access to protected information, or cause service failures.

The vulnerability of the hnapmain function in D-LINK DIR-806 wireless routers is related to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows an attacker to execute arbitrary commands remotely, gain unauthorized...

PT-2025-1386 · Opsview · Opsview Monitor Agent

Name of the Vulnerable Software and Affected Versions: Opsview Monitor Agent version 6.8 Description: A problem was discovered in Opsview Monitor Agent where an unauthenticated remote attacker can call check nrpe against affected targets, specifying known NRPE plugins. In default installations,...

RHEL 8 : cups (RHSA-2025:0083)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:0083 advisory. The Common UNIX Printing System CUPS provides a portable printing layer for Linux, UNIX, and similar operating systems. Security Fixes: cups: libppd:...

PT-2025-3384 · Totolink · Totolink X5000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK X5000R version V9.1.0cu.2350 B20230313 Description: The issue is related to the setVpnAccountCfg function, specifically the /web/cgi-bin/cstecgi.cgi endpoint, where the desc parameter is not properly sanitized, allowing an attacker t...

Low: Red Hat Security Advisory: cups security update

An update for cups is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

cups: libppd: remote command injection via attacker controlled data in PPD file

A security vulnerability was found in OpenPrinting CUPS. The function ppdCreatePPDFromIPP2 in the libppd library is responsible for generating a PostScript Printer Description PPD file based on attributes retrieved from an Internet Printing Protocol IPP response. Essentially, it takes printer...

AlmaLinux 8 : cups (ALSA-2025:0083)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:0083 advisory. cups: libppd: remote command injection via attacker controlled data in PPD file CVE-2024-47175 Tenable has extracted the preceding description block directly from...

ALSA-2025:0083 Low: cups security update

The Common UNIX Printing System CUPS provides a portable printing layer for Linux, UNIX, and similar operating systems. Security Fixes: cups: libppd: remote command injection via attacker controlled data in PPD file CVE-2024-47175 For more details about the security issues, including the impact, ...

Low: cups security update

The Common UNIX Printing System CUPS provides a portable printing layer for Linux, UNIX, and similar operating systems. Security Fixes: cups: libppd: remote command injection via attacker controlled data in PPD file CVE-2024-47175 For more details about the security issues, including the impact, ...

CVE-2024-54007

Multiple command injection vulnerabilities exist in the web interface of the 501 Wireless Client Bridge which could lead to authenticated remote command execution. Successful exploitation of these vulnerabilities result in the ability of an attacker to execute arbitrary commands as a privileged...

CVE-2024-54006 Authenticated Remote Command Injection Vulnerability in the Web Interface of a 501 Wireless Client Bridge

Multiple command injection vulnerabilities exist in the web interface of the 501 Wireless Client Bridge which could lead to authenticated remote command execution. Successful exploitation of these vulnerabilities result in the ability of an attacker to execute arbitrary commands as a privileged...

CVE-2024-54006 Authenticated Remote Command Injection Vulnerability in the Web Interface of a 501 Wireless Client Bridge

Multiple command injection vulnerabilities exist in the web interface of the 501 Wireless Client Bridge which could lead to authenticated remote command execution. Successful exploitation of these vulnerabilities result in the ability of an attacker to execute arbitrary commands as a privileged...

CVE-2024-54006

CVE-2024-54006 affects the Hewlett Packard Enterprise 501 Wireless Client Bridge web interface. Multiple command-injection vulnerabilities allow authenticated remote command execution, enabling an attacker with administrative credentials to run arbitrary commands as a privileged OS user. The CVSS...