19641 matches found
The vulnerability of TP-Link Archer C5400X(EU) Wi-Fi routers’ microprogramming software lies in the lack of measures taken to clean data at the control level. This allows attackers to execute arbitrary commands with elevated privileges.
The vulnerability of TP-Link Archer C5400XEU Wi-Fi routers’ microprogramming software is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands with elevated privileges...
awkblog vulnerable to OS command injection
Overview awkblog provided by Keisuke Nakayama contains an OS command injection vulnerability CWE-78. Keigo YAMAZAKI of LAC Co., Ltd. / Nuligen Security Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impa...
PT-2024-4058 · Totolink · Totolink Lr350
Name of the Vulnerable Software and Affected Versions: TOTOLINK LR350 version V9.3.5u.6369 B20220309 Description: The issue is related to the NTPSyncWithHost function in the TOTOLINK LR350 router's firmware, which lacks input validation. This can be exploited by a remote attacker to execute...
The vulnerability of the /view/vpn/autovpn/sub_commit.php file in the Ruijie RG-UAC router microprogramming software allows a perpetrator to execute any command they desire.
The vulnerability of the /view/vpn/autovpn/subcommit.php file in the Ruijie RG-UAC router microprogramming software exists due to the failure to address the special elements used in the operating system command. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of the /view/vpn/autovpn/online.php file in the Ruijie RG-UAC router microprogramming software allows a hacker to execute any command they desire.
The vulnerability of the /view/vpn/autovpn/online.php file of the Ruijie RG-UAC router microprogramming software exists due to the failure to address the special elements used in the operating system command. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of the /view/systemConfig/sys_user/user_commit.php file in the Ruijie RG-UAC router microprogramming system allows a attacker to execute any command they desire.
The vulnerability of the /view/systemConfig/sysuser/usercommit.php file in the Ruijie RG-UAC network management tool exists due to the failure to eliminate special elements used in the operating system command. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands...
The vulnerability of the /view/vpn/autovpn/online_check.php file in the Ruijie RG-UAC router micro-programming software allows a perpetrator to execute any command they desire.
The vulnerability of the /view/vpn/autovpn/onlinecheck.php file in the Ruijie RG-UAC router microprogramming software exists due to the failure to address the special elements used in the operating system command. Exploiting this vulnerability allows a remote attacker to execute arbitrary command...
The vulnerability of the addVlan function (/view/networkConfig/vlan/vlan_add_commit.php) in the Tenda FH1206 router software allows a hacker to trigger a service failure.
The vulnerability of the addVlan function /view/networkConfig/vlan/vlanaddcommit.php of the Tenda FH1206 router software relates to the failure to take measures to neutralize special elements used in operating system commands. Exploiting this vulnerability allows a malicious actor to execute...
The vulnerability of the OXMF template parser component in the OX App Suite software allows a perpetrator to execute arbitrary commands and gain access to read, modify, or delete data.
The vulnerability of the OXMF template parser component in the OX App Suite program lies in the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely and gain acces...
The vulnerability of the /view/networkConfig/GRE/gre_edit_commit.php file in the Ruijie RG-UAC router microprogramming software allows a attacker to execute any command they desire.
The vulnerability of the /view/networkConfig/GRE/greeditcommit.php file in the Ruijie RG-UAC router microprogramming software exists due to the failure to address the special elements used in the operating system command. Exploiting this vulnerability allows a remote attacker to execute arbitrary...
CVE-2023-46694
Vtenext 21.02 allows an authenticated attacker to upload arbitrary files, potentially enabling them to execute remote commands. This flaw exists due to the application's failure to enforce proper authentication controls when accessing the Ckeditor file manager functionality...
CVE-2023-46694
Vtenext 21.02 allows an authenticated attacker to upload arbitrary files, potentially enabling them to execute remote commands. This flaw exists due to the application's failure to enforce proper authentication controls when accessing the Ckeditor file manager functionality...
Important: Red Hat Security Advisory: pcp security update
An update for pcp is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...
pcp: exposure of the redis server backend allows remote command execution via pmproxy
A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the privileges of the Redis user. This issue can only be exploited when pmproxy is running. By default, pmproxy is not running and needs to be...
Vtenext 安全漏洞
Vtenext is a Customer Relationship Management system from the Italian company Vtenext that helps users manage the CRM process in their business activities. A security vulnerability exists in Vtenext version 21.02, which arises from the application's failure to implement proper authentication...
PT-2024-13371 · Vtenext +1 · Vtenext +1
Name of the Vulnerable Software and Affected Versions: Vtenext version 21.02 Description: The issue allows an authenticated attacker to upload arbitrary files, potentially enabling them to execute remote commands. This flaw exists due to the application's failure to enforce proper authentication...
RHEL 8 : pcp (RHSA-2024:3392)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3392 advisory. Performance Co-Pilot PCP is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance...
CVE-2024-5403
CVE-2024-5403 affects ASKEY 5G NR Small Cell. The issue is an OS/command-injection vulnerability caused by improper filtering of user input for certain functionalities, enabling remote attackers with administrator privileges to execute arbitrary system commands on the remote server. CVSSv3.1 metr...
CVE-2024-5400
Openfind Mail2000 does not properly filter parameters of specific CGI. Remote attackers with regular privileges can exploit this vulnerability to execute arbitrary system commands on the remote server...
CVE-2024-5399
Openfind Mail2000 does not properly filter parameters of specific API. Remote attackers with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the remote server...