19628 matches found
Acronis Cyber Infrastructure 5.1.x < 5.1.1-71 / 5.2.x < 5.2.1-69 / 5.3.x < 5.3.1-53 / 5.4.x < 5.4.4-132 / < 5.0.1-61 (SEC-6452)
The version of Acronis Cyber Infrastructure installed on the remote host is prior to 5.0.1-61, 5.1.1-71, 5.2.1-69, 5.3.1-53, or 5.4.4-132. It is, therefore, affected by a vulnerability as referenced in the SEC-6452 advisory. - Remote command execution due to use of default passwords. The followin...
CVE-2024-8077
A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862B20230228. It has been classified as critical. This affects the function setTracerouteCfg. The manipulation leads to os command injection. It is possible to initiate the attack remotely. NOTE: The vendor was contacted early about this...
Remote Command Execution Vulnerability in H2 Component of e-cology Product of Panmicro Networks Technology Co.
e-cology is a new and efficient collaborative office system created by Panavision for medium and large organizations. A remote command execution vulnerability exists in the H2 component of the e-cology product of Panmicro Networks Technology Co. The vulnerability allows obtaining an administrator...
PT-2024-6664 · D Link · D-Link Di-8100
Name of the Vulnerable Software and Affected Versions: D-Link DI-8100G version 17.12.20A1 Description: The issue is related to a command injection vulnerability via the sub47A60C function in the upgrade filter.asp file. This vulnerability is associated with the failure to neutralize special...
PT-2024-30174 · Trendnet · Trendnet Tew-752Dru
Name of the Vulnerable Software and Affected Versions: TRENDnet TEW-752DRU version 1.03B01 Description: The issue is due to a lack of length verification for the service field in gena.cgi, leading to a buffer overflow. This can cause the remote target device to crash or allow attackers to execute...
CVE-2024-7907
A vulnerability, which was classified as critical, has been found in TOTOLINK X6000R 9.4.0cu.85220230719. This issue affects the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument rtLogServer leads to command injection. The attack may be initiated remotely. T...
PT-2024-6467 · Totolink · Totolink X6000R
Name of the Vulnerable Software and Affected Versions: TOTOLINK X6000R version 9.4.0cu.852 20230719 Description: A critical issue has been found in the TOTOLINK X6000R, affecting the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument rtLogServer leads to...
CVE-2024-7896
A vulnerability was found in Tosei Online Store Management System ネット店舗管理システム 4.02/4.03/4.04. It has been rated as critical. Affected by this issue is some unknown functionality of the file /cgi-bin/p1ftpserver.php. The manipulation of the argument adrtxt leads to command injection. The attack ma...
PT-2024-14840 · Undefined · Undefined
"Source": "CVE FEED", "Title": "CVE-2023-5888 - Apache Web Server Remote Command Execution Vulnerability", "Content": "CVE ID : CVE-2023-5888 Published : Aug. 16, 2024, 7:15 p.m. | 38 minutes ago Description : Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-7246...
PT-2024-30218 · Tenda · Tenda Fh1201
Name of the Vulnerable Software and Affected Versions: Tenda FH1201 version 1.2.0.14 Description: An issue in the handler function in "/goform/telnet" allows attackers to execute arbitrary commands via a crafted HTTP request. Recommendations: For Tenda FH1201 version 1.2.0.14, as a temporary...
The export function of the graphical user interface of the artificial intelligence-based security threat detection software FortiAIOps is vulnerable, allowing a perpetrator to execute arbitrary commands.
The vulnerability of the export function of the graphical user interface of the artificial intelligence-based security threat detection software FortiAIOps relates to the absence of a mechanism to neutralize elements in the CSV file. Exploiting this vulnerability allows an attacker operating...
Backdoor.Win32.Nightmare.25 MVID-2024-0687 Code Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/0fe8f37543e8face08941899add38e35.txt Contact: [email protected] Media: x.com/malvuln Threat: Backdoor.Win32.Nightmare.25 Vulnerability: Unauthenticated Remote Command Execution Family:...
PT-2024-38516
Name of the Vulnerable Software and Affected Versions TeamT5 ThreatSonar Anti-Ransomware versions through 3.4.5 Description ThreatSonar Anti-Ransomware from TeamT5 does not properly validate the content of uploaded files. This allows remote attackers with administrator privileges on the product...
Malicious code in artifact-lab-3-package-34b21b63 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a814378a8188b464c5289007203c2b20c3ec2a0383ee18bd96e0f41ad44d7982 Packages showing simple variants of revshell with targets to ngrok. Most probably experiments. Later versions moved to use Burp Collaborator to exfiltrate simp...
PT-2024-41041 · Qtech · Qtech Gigabit Spf Wifi Gateway
Name of the Vulnerable Software and Affected Versions: Qtech Gigabit SPF WiFi Gateway affected versions not specified Description: The issue is related to inadequate access control in the Qtech Gigabit SPF WiFi Gateway's firmware, allowing a remote attacker to execute arbitrary commands on the...
CVE-2024-42366
VRCX is an assistant/companion application for VRChat. In versions prior to 2024.03.23, a CefSharp browser with over-permission and cross-site scripting via overlay notification can be combined to result in remote command execution. These vulnerabilities are patched in VRCX 2023.12.24. In additio...
CVE-2024-42366 VR Overlay RCE
VRCX is an assistant/companion application for VRChat. In versions prior to 2024.03.23, a CefSharp browser with over-permission and cross-site scripting via overlay notification can be combined to result in remote command execution. These vulnerabilities are patched in VRCX 2023.12.24. In additio...
CVE-2024-42366 VR Overlay RCE
VRCX is an assistant/companion application for VRChat. In versions prior to 2024.03.23, a CefSharp browser with over-permission and cross-site scripting via overlay notification can be combined to result in remote command execution. These vulnerabilities are patched in VRCX 2023.12.24. In additio...
CVE-2024-42366 VR Overlay RCE
VRCX is an assistant/companion application for VRChat. In versions prior to 2024.03.23, a CefSharp browser with over-permission and cross-site scripting via overlay notification can be combined to result in remote command execution. These vulnerabilities are patched in VRCX 2023.12.24. In additio...
CVE-2024-42366
Summary of CVE-2024-42366 (VR Overlay RCE) VRCX, a VRChat assistant/companion app, contained a vulnerability in versions prior to 2024.03.23 where a CefSharp browser with elevated privileges could be combined with an overlay notification to perform remote command execution (RCE). The issue is doc...