19628 matches found
CVE-2024-44333
D-Link DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to Remote Command Execution. An attacker can achieve arbitrary command execution by sending a carefully crafted malicious...
PT-2024-6518 · D Link · Di-7200Gv2 +4
Name of the Vulnerable Software and Affected Versions: D-Link DI-7003GV2 version 24.04.18D1 D-Link DI-7100G+V2 version 24.04.18D1 D-Link DI-7100GV2 version 24.04.18D1 D-Link DI-7200GV2 version 24.04.18E1 D-Link DI-7300G+V2 version 24.04.18D1 D-Link DI-7400G+V2 version 24.04.18D1 Description: The...
CVE-2024-44334
CVE-2024-44334 affects D-Link DI-7003GV2, DI-7100G+V2, DI-7100GV2, DI-7200GV2, DI-7300G+V2, and DI-7400G+V2 with firmware 24.04.18D1/D1/E1. Root cause: insufficient parameter filtering in the CGI upgrade_filter.asp function allowing Remote Command Execution. Impact: high (Remote Command Execution...
D-Link多款产品 安全漏洞
D-Link DI-7003G and others are a wireless router from China-based AUO D-Link. A security vulnerability exists in various D-Link products. An attacker exploiting the vulnerability can remotely execute commands. The following products and versions are affected: D-Link DI-7003G v19.12.24A1, DI-7003G...
PT-2024-32391 · Dataease +1 · Dataease +1
Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 1.18.25 Description: DataEase is an open source data visualization analysis tool. The PostgreSQL data source function allows customization of JDBC connection parameters and the PG server target. However, the...
Vulnerability of QTS and QuTS operating systems, as well as Qnap network devices, arises from the lack of measures taken to neutralize special elements used in the operating system commands. This allows attackers to execute arbitrary commands.
The vulnerability of QTS and QuTS operating systems, as well as Qnap network devices, is related to the failure to take measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...
PT-2024-8974 · Dell · Dell Enterprise Sonic Os
Name of the Vulnerable Software and Affected Versions: Dell Enterprise SONiC OS versions 4.1.x through 4.2.x Description: The issue is related to an improper neutralization of special elements used in an OS command, which can be exploited by a high-privileged attacker with remote access to execut...
QNAP Systems QTS 操作系统命令注入漏洞
QNAP Systems QTS is an operating system used by China Weilian Technology QNAP Systems for entry to mid-level QNAP NAS. An operating system command injection vulnerability exists in QNAP Systems QTS version 4.3.6.2805 build 20240619 and prior versions, which stems from the inclusion of an operatin...
PT-2024-31141 · Unknown · Wayos Fbm-291W
Name of the Vulnerable Software and Affected Versions: WAYOS FBM-291W version 19.09.11 Description: The issue is related to Command Execution via msp info htm. This vulnerability occurs through the "msp info htm" endpoint, allowing for command execution. Recommendations: For WAYOS FBM-291W versio...
Backdoor.Win32.JustJoke.21 (BackDoor Pro - v2.0b4) MVID-2024-0689 Code Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/4dc39c05bcc93e600dd8de16f2f7c599.txt Contact: [email protected] Media: x.com/malvuln Threat: Backdoor.Win32.JustJoke.21 BackDoor Pro - v2.0b4 Vulnerability: Unauthenticated Remote Command...
CVE-2024-42991
MCMS v5.4.1 has front-end file upload vulnerability which can lead to remote command execution...
CVE-2024-42991
MCMS v5.4.1 has front-end file upload vulnerability which can lead to remote command execution...
CVE-2024-42991
MCMS v5.4.1 has front-end file upload vulnerability which can lead to remote command execution...
CVE-2024-42991
CVE-2024-42991 affects MCMS v5.4.1, where a front-end file upload vulnerability can lead to remote command execution. The Red Hat / NVD / OSV / CVE records agree on the symptom; exploitation details are not provided in the connected documents. A practical mitigation mentioned in PT-2024-30245 is ...
MingSoft MCMS 安全漏洞
MingSoft MCMS is a complete open source J2ee system from China's MingFei MingSoft. A security vulnerability exists in MingSoft MCMS version v5.4.1, which stems from improper handling of the front-end file upload function, and could lead to remote command execution...
PT-2024-30245 · Mcms · Mcms
Name of the Vulnerable Software and Affected Versions: MCMS version 5.4.1 Description: The issue is related to a front-end file upload vulnerability in MCMS, which can lead to remote command execution. This allows an attacker to execute commands remotely. Recommendations: For MCMS version 5.4.1,...
CVE-2024-42991
MCMS v5.4.1 has front-end file upload vulnerability which can lead to remote command execution...
PT-2024-6139 · Zyxel · Wax655E +4
Name of the Vulnerable Software and Affected Versions: Zyxel NWA1123ACv3 versions 6.70ABVT.4 and earlier Zyxel WAC500 versions 6.70ABVS.4 and earlier Zyxel WAX655E versions 7.00ACDO.1 and earlier Zyxel WBE530 versions 7.00ACLE.1 and earlier Zyxel USG LITE 60AX version V2.00ACIP.2 Description: The...
The vulnerability of the Graph Template component of the Centreon IT infrastructure monitoring software’s web interface allows a attacker to execute arbitrary SQL commands.
The vulnerability of the Graph Template component of the Centreon IT infrastructure monitoring software’s web interface is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands remotely...
D-Link DIR-600 / DIR-300 Unauthenticated Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'D-Link DIR-600 / DIR-300 Unauthenticated Remote Command Execution', 'Description' = %q This module exploits an OS Command Injection vulnerability...