19649 matches found
VulnCheck KEV: CVE-2023-3608
A vulnerability was found in Ruijie BCR810W 2.5.10. It has been rated as critical. This issue affects some unknown processing of the component Tracert Page. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may...
PT-2024-31426 · Ruijie · Ruijie Rg-Uac
Name of the Vulnerable Software and Affected Versions: Ruijie RG-UAC up to 20240428 Description: A critical issue has been found in Ruijie RG-UAC, affecting an unknown functionality of the file /view/IPV6/naborTable/add commit.php. The manipulation of the ip addr/mac addr argument leads to os...
PT-2024-31421 · Ruijie · Ruijie Rg-Uac
Name of the Vulnerable Software and Affected Versions: Ruijie RG-UAC up to 20240428 Description: A critical issue has been found, allowing for OS command injection through the manipulation of the oldipmask, oldgateway, and olddevname arguments in an unknown function of the file...
CVE-2023-50217
D-Link G416 awsfile rm Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists...
CVE-2023-41200
D-Link DAP-1325 HNAP SetHostIPv6StaticSettings StaticPrefixLength Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit...
CVE-2023-41201
D-Link DAP-1325 HNAP SetSetupWizardStatus Enabled Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerabilit...
CVE-2023-34278
D-Link DIR-2150 SetSysEmailSettings EmailFrom Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this...
PT-2024-12613 · Ibm · Ibm Aspera Orchestrator
Name of the Vulnerable Software and Affected Versions: IBM Aspera Orchestrator version 4.0.1 Description: The issue allows a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. Recommendations: For IBM Aspera Orchestrator version 4.0.1...
The vulnerability of the microprogramming software in SIP phones of the Mitel series 6800, 6900, 6970, and 6900w allows a intruder to execute arbitrary commands.
The vulnerability of the microprogramming software of Mitel telephones of models 6800, 6900, 6970, and 6900w lies in the fact that the operation results are stored outside of the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands by sending...
Media Streaming add-on 操作系统命令注入漏洞
Media Streaming add-on is a media streaming add-on. An operating system command injection vulnerability exists in Media Streaming Add-on versions prior to 500.1.1.5 2024/01/22 , which stems from the presence of an operating system command injection vulnerability that allows an authenticated...
D-Link DAP-1325 安全漏洞
D-Link DAP-1325 is a wireless access point/bridge made by D-Link, which is mainly used to extend the wireless network coverage, support the conversion of wired network to wireless network or connect different wireless networks. The D-Link DAP-1325 suffers from a Command Injection Remote Code...
D-Link DIR-X3260 安全漏洞
D-Link DIR-X3260 is a Wi-Fi 6 router from China-based AUO D-Link. A security vulnerability exists in the D-Link DIR-X3260 that stems from a command injection remote code execution vulnerability...
D-Link DAP-1325 安全漏洞
D-Link DAP-1325 is a wireless network extender made by D-Link, which is mainly used to extend the wireless network coverage, support the conversion of wired network and wireless network or connect to different wireless networks. The D-Link DAP-1325 suffers from a command injection remote code...
The vulnerability of the Microprogrammed Software Routers Telesquare TLR-2005Ksh, related to the lack of measures taken to clean data at the management level, allows a hacker to execute arbitrary commands.
The vulnerability of the Microprogrammed Software Router Telesquare TLR-2005Ksh is related to the lack of measures taken to clean data at the control level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of the ftext() function in the upload_firmware.cgi script of the D-Link DIR-822+ wireless router’s microprogramming software allows a hacker to execute arbitrary commands.
The vulnerability of the ftext function in the uploadfirmware.cgi script of the D-Link DIR-822+ wireless router microprogramming system is related to the failure to take measures to neutralize special elements used in the operating system’s command for processing the UPLOADFILENAME parameter...
The vulnerability of the ChgSambaUserSettings() function in the prog.cgi script of the D-Link DIR-822+ wireless router software allows a hacker to execute arbitrary commands.
The vulnerability of the ChgSambaUserSettings function in the prog.cgi script of the D-Link DIR-822+ wireless router microprogramming system is related to the failure to take measures to neutralize special elements used in the operating system’s processing of the sambaname parameter. Exploiting...
The vulnerability of the implementation of the SSL VPN technology using the micro-programming software for network interfaces of the SMA 100 series, which allows a intruder to execute any command they desire.
The vulnerability of the implementation of the SSL VPN micro-programming system for network interfaces of SONICWALL series SMA 100 exists due to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor ...
The vulnerability of the SetPlcNetworkpwd() function in the prog.cgi script of the D-Link DIR-822+ wireless router’s microprogramming system allows a hacker to execute arbitrary commands.
The vulnerability of the SetPlcNetworkpwd function in the prog.cgi script of the D-Link DIR-822+ wireless router microprogramming system is related to the failure to take measures to neutralize special elements used in the operating system’s command when processing the localplc parameter...
pcp: exposure of the redis server backend allows remote command execution via pmproxy
A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the privileges of the Redis user. This issue can only be exploited when pmproxy is running. By default, pmproxy is not running and needs to be...
Important: Red Hat Security Advisory: pcp security, bug fix, and enhancement update
An update for pcp is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...