Lucene search
K

19649 matches found

VulnCheck KEV
VulnCheck KEV
added 2024/05/05 12:0 a.m.5 views

VulnCheck KEV: CVE-2023-3608

A vulnerability was found in Ruijie BCR810W 2.5.10. It has been rated as critical. This issue affects some unknown processing of the component Tracert Page. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may...

8.8CVSS5.7AI score0.10909EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/05/05 12:0 a.m.6 views

PT-2024-31426 · Ruijie · Ruijie Rg-Uac

Name of the Vulnerable Software and Affected Versions: Ruijie RG-UAC up to 20240428 Description: A critical issue has been found in Ruijie RG-UAC, affecting an unknown functionality of the file /view/IPV6/naborTable/add commit.php. The manipulation of the ip addr/mac addr argument leads to os...

7.2CVSS7.5AI score0.06918EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2024/05/05 12:0 a.m.3 views

PT-2024-31421 · Ruijie · Ruijie Rg-Uac

Name of the Vulnerable Software and Affected Versions: Ruijie RG-UAC up to 20240428 Description: A critical issue has been found, allowing for OS command injection through the manipulation of the oldipmask, oldgateway, and olddevname arguments in an unknown function of the file...

7.2CVSS5.7AI score0.07068EPSS
Exploits0References9
OSV
OSV
added 2024/05/03 3:16 a.m.5 views

CVE-2023-50217

D-Link G416 awsfile rm Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists...

8.8CVSS6.2AI score0.00916EPSS
Exploits0References2
OSV
OSV
added 2024/05/03 3:15 a.m.5 views

CVE-2023-41200

D-Link DAP-1325 HNAP SetHostIPv6StaticSettings StaticPrefixLength Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit...

8.8CVSS6.2AI score0.01187EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2024/05/03 3:15 a.m.3 views

CVE-2023-41201

D-Link DAP-1325 HNAP SetSetupWizardStatus Enabled Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerabilit...

8.8CVSS6.3AI score0.01187EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/05/03 2:15 a.m.3 views

CVE-2023-34278

D-Link DIR-2150 SetSysEmailSettings EmailFrom Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this...

8CVSS6.2AI score0.0176EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/05/03 12:0 a.m.3 views

PT-2024-12613 · Ibm · Ibm Aspera Orchestrator

Name of the Vulnerable Software and Affected Versions: IBM Aspera Orchestrator version 4.0.1 Description: The issue allows a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. Recommendations: For IBM Aspera Orchestrator version 4.0.1...

8.8CVSS7.5AI score0.00909EPSS
Exploits0References8
BDU FSTEC
BDU FSTEC
added 2024/05/03 12:0 a.m.5 views

The vulnerability of the microprogramming software in SIP phones of the Mitel series 6800, 6900, 6970, and 6900w allows a intruder to execute arbitrary commands.

The vulnerability of the microprogramming software of Mitel telephones of models 6800, 6900, 6970, and 6900w lies in the fact that the operation results are stored outside of the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands by sending...

9CVSS6.2AI score0.0025EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/05/03 12:0 a.m.3 views

Media Streaming add-on 操作系统命令注入漏洞

Media Streaming add-on is a media streaming add-on. An operating system command injection vulnerability exists in Media Streaming Add-on versions prior to 500.1.1.5 2024/01/22 , which stems from the presence of an operating system command injection vulnerability that allows an authenticated...

6.6CVSS7.7AI score0.01191EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/05/03 12:0 a.m.4 views

D-Link DAP-1325 安全漏洞

D-Link DAP-1325 is a wireless access point/bridge made by D-Link, which is mainly used to extend the wireless network coverage, support the conversion of wired network to wireless network or connect different wireless networks. The D-Link DAP-1325 suffers from a Command Injection Remote Code...

8.8CVSS8.1AI score0.01109EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/05/03 12:0 a.m.4 views

D-Link DIR-X3260 安全漏洞

D-Link DIR-X3260 is a Wi-Fi 6 router from China-based AUO D-Link. A security vulnerability exists in the D-Link DIR-X3260 that stems from a command injection remote code execution vulnerability...

8.8CVSS9.4AI score0.01385EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/05/03 12:0 a.m.3 views

D-Link DAP-1325 安全漏洞

D-Link DAP-1325 is a wireless network extender made by D-Link, which is mainly used to extend the wireless network coverage, support the conversion of wired network and wireless network or connect to different wireless networks. The D-Link DAP-1325 suffers from a command injection remote code...

8.8CVSS9AI score0.01187EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2024/05/02 12:0 a.m.5 views

The vulnerability of the Microprogrammed Software Routers Telesquare TLR-2005Ksh, related to the lack of measures taken to clean data at the management level, allows a hacker to execute arbitrary commands.

The vulnerability of the Microprogrammed Software Router Telesquare TLR-2005Ksh is related to the lack of measures taken to clean data at the control level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

5.5CVSS5.9AI score0.05848EPSS
Exploits8References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/05/02 12:0 a.m.5 views

The vulnerability of the ftext() function in the upload_firmware.cgi script of the D-Link DIR-822+ wireless router’s microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the ftext function in the uploadfirmware.cgi script of the D-Link DIR-822+ wireless router microprogramming system is related to the failure to take measures to neutralize special elements used in the operating system’s command for processing the UPLOADFILENAME parameter...

10CVSS5.9AI score0.19893EPSS
Exploits1References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/05/02 12:0 a.m.6 views

The vulnerability of the ChgSambaUserSettings() function in the prog.cgi script of the D-Link DIR-822+ wireless router software allows a hacker to execute arbitrary commands.

The vulnerability of the ChgSambaUserSettings function in the prog.cgi script of the D-Link DIR-822+ wireless router microprogramming system is related to the failure to take measures to neutralize special elements used in the operating system’s processing of the sambaname parameter. Exploiting...

10CVSS5.9AI score0.08315EPSS
Exploits1References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/05/02 12:0 a.m.5 views

The vulnerability of the implementation of the SSL VPN technology using the micro-programming software for network interfaces of the SMA 100 series, which allows a intruder to execute any command they desire.

The vulnerability of the implementation of the SSL VPN micro-programming system for network interfaces of SONICWALL series SMA 100 exists due to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor ...

8.3CVSS8.1AI score0.74933EPSS
Exploits0References4Affected Software6
BDU FSTEC
BDU FSTEC
added 2024/05/02 12:0 a.m.5 views

The vulnerability of the SetPlcNetworkpwd() function in the prog.cgi script of the D-Link DIR-822+ wireless router’s microprogramming system allows a hacker to execute arbitrary commands.

The vulnerability of the SetPlcNetworkpwd function in the prog.cgi script of the D-Link DIR-822+ wireless router microprogramming system is related to the failure to take measures to neutralize special elements used in the operating system’s command when processing the localplc parameter...

10CVSS5.9AI score0.01559EPSS
Exploits1References4Affected Software1
RedHat Linux
RedHat Linux
added 2024/04/30 1:34 p.m.3 views

pcp: exposure of the redis server backend allows remote command execution via pmproxy

A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the privileges of the Redis user. This issue can only be exploited when pmproxy is running. By default, pmproxy is not running and needs to be...

8.8CVSS6.9AI score0.01002EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/04/30 1:34 p.m.223 views

Important: Red Hat Security Advisory: pcp security, bug fix, and enhancement update

An update for pcp is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

8.8CVSS7.1AI score0.01002EPSS
Exploits0References2
Rows per page
Query Builder