MAL-2024-12287 Malicious code in hmac2 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 055915f62eab8a5fe37b7501a3ed565a2aba267bdd69e82acaa13525bacf41a1 The package contains obfuscated code that exfiltrate basic data, and then executes commands delivered from remote server --- Category: MALICIOUS - The campaign...

The software’s vulnerability regarding backup and disaster recovery in HBS 3 Hybrid Backup Sync. This allows a hacker to execute arbitrary commands on QNAP network devices.

The vulnerability of the HBS 3 Hybrid Backup Sync software regarding backup and disaster recovery operations is related to the lack of measures taken to neutralize special elements used in the operating system. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

PT-2024-9704 · Draytek · Draytek Vigor3900

Name of the Vulnerable Software and Affected Versions: Draytek Vigor3900 version 1.5.1.3 Description: The issue is related to the ldap search dn function in the mainfunction.cgi script of the Draytek Vigor3900 web interface. It allows attackers to inject malicious commands and execute arbitrary...

CVE-2023-33246

A vulnerability was found in Apache RocketMQ where, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification. This flaw allows an attacker to use...

CyberPanel 安全漏洞

CyberPanel is a web hosting control panel with built-in DNS and email servers by Usman Nasir, an individual developer. CyberPanel has a security vulnerability that originates from getresetstatus in dns/views.py that allows remote attackers to bypass authentication and execute arbitrary commands v...

The vulnerability of the SetGuestZoneRouterSettings function in D-Link’s DIR-822 and DIR-878 router microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the SetGuestZoneRouterSettings function in D-Link DIR-822 and DIR-878 router microprogramming systems lies in the lack of measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

PT-2024-7401

Name of the Vulnerable Software and Affected Versions: HBS 3 Hybrid Backup Sync versions prior to 25.1.1.673 Description: The issue is related to an OS command injection vulnerability. This vulnerability could allow remote attackers to execute commands. It is reported that over 113,000 instances...

The vulnerability in the web interface for managing Cisco Firepower Management Center software allows a perpetrator to execute arbitrary commands.

The vulnerability of the web-based interface for managing Cisco Firepower Management Center FMC software involves deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to execute arbitrary commands remotely...

The vulnerability of the ate_iwpriv_set() and ate_ifconfig_set() functions (/goform/ate) in the Tenda AC1206 router microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the ateiwprivset and ateifconfigset functions /goform/ate of the Tenda AC1206 router software is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the microprogrammed control system of the ABB AC 800M is related to errors in processing input data, allowing a intruder to execute arbitrary commands.

The vulnerability of the ABB AC 800M controller’s microprogramming software is related to errors in processing input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands by sending specially crafted MMS packets remotely...

CVE-2024-10429

A vulnerability classified as critical has been found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. Affected is the function setipv6 of the file internet.cgi. The manipulation of the argument IPv6OpMode/IPv6IPAddr/IPv6WANIPAddr/IPv6GWAddr leads to command injection. It is possible to...

CVE-2024-10428

A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been rated as critical. This issue affects the function setipv6 of the file firewall.cgi. The manipulation of the argument dhcpGateway leads to command injection. The attack may be initiated remotely. The...

CVE-2024-10429

The CVE-2024-10429 entry concerns WAVLINK WN530H4, WN530HG4 and WN572HG3 devices. Affected is the function set_ipv6 in the file internet.cgi, where manipulation of the IPv6OpMode/IPv6IPAddr/IPv6WANIPAddr/IPv6GWAddr arguments leads to command injection. The issue enables remote execution and has b...

PT-2024-16274 · Wavlink · Wavlink Wn572Hp3 +1

Name of the Vulnerable Software and Affected Versions: WAVLINK WN530H4 versions up to 20221028 WAVLINK WN530HG4 versions up to 20221028 WAVLINK WN572HG3 versions up to 20221028 Description: A critical vulnerability has been found, affecting the function set ipv6 of the file internet.cgi. The...

Fortinet FortiWeb ] Restricted user can execute arbitrary commands with root privileges (OS command Injection). (FG-IR-20-120)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-20-120 advisory. - An OS command injection vulnerability in FortiWeb's management interface 6.3.7 and below, 6.2.3 and below, 6.1.x, 6.0.x, 5.9...

Fortinet FortiWeb OS command injection vulnerability (FG-IR-21-116)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-21-116 advisory. - An OS command injection vulnerability in FortiWeb's management interface 6.3.7 and below, 6.2.3 and below, 6.1.x, 6.0.x, 5.9...

RLSA-2024:7463 Important: cups-filters security update

The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System CUPS distribution but is now maintained independently. Security Fixes: cups-browsed: cups-browsed binds on UDP INADDRANY:631 trusting any packet from any source...

Security Bulletin: IBM Datapower Operations Dashboard could allow remote attacker to execute arbitrary commands on the system CVE-2017-16100

Summary dns-sync is used by the IBM Datapower Operations Dashboard implementation of networking operations Vulnerability Details CVEID:CVE-2017-16100 DESCRIPTION: Node.js dns-sync module could allow a remote attacker to execute arbitrary commands on the system, caused by the improper validation o...

Cisco Adaptive Security Appliance Software SSH Remote Command Injection Vulnerability (cisco-sa-asa-ssh-rce-gRAuPEUF)

A vulnerability in the SSH subsystem of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker to execute operating system commands as root. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by...

Cisco Adaptive Security Appliance SSH Remote Command Injection Vulnerability

Cisco Adaptive Security Appliance ASA is a comprehensive network security appliance developed by Cisco that provides firewall, VPN, IPS, and other security features. It supports both physical and virtual deployments and can adapt to the security needs of networks of different sizes. A remote...