The vulnerability of the SSH and Telnet protocol implementations of the D-Link DSL6740C modem’s microprogramming software allows a intruder to execute arbitrary commands.

The vulnerability of SSH and Telnet protocols implemented by the microprogramming software of the D-Link DSL6740C modem lies in the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute...

The vulnerability of the SetNetworkTomographySettings() function in D-Link DIR-823G router’s microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the SetNetworkTomographySettings function in D-Link DIR-823G router microprogramming software is related to the failure to take measures to neutralize special elements used in the operating system’s processing of the Address parameter. Exploiting this vulnerability allows a...

The vulnerability in the web interface for managing Ethernet switches of Palo Alto Networks, which is controlled by the PAN-OS operating system, allows a perpetrator to execute arbitrary commands.

The vulnerability of the Web interface for managing Ethernet switches in Palo Alto Networks, which is controlled by the PAN-OS operating system, stems from the lack of measures taken to neutralize special elements used in the operating system’s commands. Exploiting this vulnerability allows a...

The vulnerability of the SSH and Telnet protocol implementations of the D-Link DSL6740C modem’s microprogramming software allows a intruder to execute arbitrary commands.

The vulnerability of the SSH and Telnet protocols implemented by the D-Link DSL6740C modem’s microprogramming system exists due to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute...

The vulnerability of the microprogrammed software of the D-Link DSL6740C modem, related to the lack of measures to neutralize special elements, allows a violator to execute arbitrary commands.

The vulnerability of the D-Link DSL6740C modem’s microprogramming software exists due to the lack of measures taken to neutralize the special elements used in the operating system’s commands. Exploiting this vulnerability allows a malicious actor to remotely inject and execute arbitrary system...

The vulnerability of the CGI microprogramming interface of Zyxel’s GS1900 series routers allows attackers to execute arbitrary commands.

The vulnerability of the CGI microprogramming interface of Zyxel routers series GS1900 is related to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

CVE-2023-20036

A vulnerability in the web UI of Cisco IND could allow an authenticated, remote attacker to execute arbitrary commands with administrative privileges on the underlying operating system of an affected device. This vulnerability is due to improper input validation when uploading a Device Pack. An...

EUVD-2023-24215

A vulnerability in the web UI of Cisco IND could allow an authenticated, remote attacker to execute arbitrary commands with administrative privileges on the underlying operating system of an affected device. This vulnerability is due to improper input validation when uploading a Device Pack. An...

Zero-Day Exploitation Targeting Palo Alto Networks Firewall Management Interfaces

On Friday, November 8, 2024, cybersecurity firm Palo Alto Networks PAN published a bulletin PAN-SA-2024-0015 advising firewall customers to take steps to secure their firewall management interfaces amid unverified rumors of a possible new vulnerability. Rapid7 threat intelligence teams have also...

CVE-2022-1884

A remote command execution vulnerability exists in gogs/gogs versions =0.12.7 when deployed on a Windows server. The vulnerability arises due to improper validation of the treepath parameter during file uploads. An attacker can set treepath=.git. to upload a file into the .git directory, allowing...

CVE-2022-1884

A remote command execution vulnerability exists in gogs/gogs versions =0.12.7 when deployed on a Windows server. The vulnerability arises due to improper validation of the treepath parameter during file uploads. An attacker can set treepath=.git. to upload a file into the .git directory, allowing...

EUVD-2022-6003

A remote command execution vulnerability exists in gogs/gogs versions =0.12.7 when deployed on a Windows server. The vulnerability arises due to improper validation of the treepath parameter during file uploads. An attacker can set treepath=.git. to upload a file into the .git directory, allowing...

CVE-2022-1884 Remote Command Execution in gogs/gogs

A remote command execution vulnerability exists in gogs/gogs versions =0.12.7 when deployed on a Windows server. The vulnerability arises due to improper validation of the treepath parameter during file uploads. An attacker can set treepath=.git. to upload a file into the .git directory, allowing...

CVE-2022-1884 Remote Command Execution in gogs/gogs

A remote command execution vulnerability exists in gogs/gogs versions =0.12.7 when deployed on a Windows server. The vulnerability arises due to improper validation of the treepath parameter during file uploads. An attacker can set treepath=.git. to upload a file into the .git directory, allowing...

GeoVision EOL 操作系统命令注入漏洞

GeoVision EOL is a series of surveillance devices from the Chinese company GeoVision. GeoVision EOL suffers from an operating system command injection vulnerability that originates from an unauthenticated, remote attacker being able to inject and execute arbitrary system commands on the device...

Synology BeePhotos 操作系统命令注入漏洞

Synology BeePhotos is a photo backup program from China-based Synology Inc. The operating system command injection vulnerability exists in Synology BeePhotos versions prior to 1.0.2-10026 and 1.1.0-10053, which stems from improper neutralization of a special element in the Task Manager component,...

CVE-2024-11120

Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received relat...

FortiManager fgfmd remote command execution

Added: 11/15/2024 Background FortiManager is an integrated platform for the centralized management of products in a Fortinet security infrastructure. Problem Missing authentication in the fgfmd service could allow a remote attacker to execute arbitrary commands. Resolution Upgrade to FortiManager...

The vulnerability of the OCPP microprogramming software for modular control devices for DC charging stations and wall-mounted charging devices from Phoenix Contact CHARX SEC-3100 allows a intruder to execute arbitrary commands.

The vulnerability of the OCPP microprogramming software for modular control devices for DC charging stations and wall-mounted charging devices from Phoenix Contact’s CHARX SEC-3100 exists due to insufficient verification of input data. Exploiting this vulnerability could allow a malicious actor t...

The vulnerability of the vif_disable function in the microprogramming software of the TOTOLINK A6000R router allows a hacker to execute arbitrary commands.

The vulnerability of the vifdisable function in the microprogramming software of the TOTOLINK A6000R router exists due to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrar...