CVE-2021-4406

An authenticated attacker is able to create alerts that trigger a stored XSS attack. POC go to the alert manager open the ITSM tab add a webhook with the URL/service token value ' -h && id | tee /tmp/ttttttddddssss ' whitespaces are tab characters click add click apply create a test alert The tes...

PT-2023-8202 · Opnsense · Opnsense

Name of the Vulnerable Software and Affected Versions: OPNsense Community Edition versions prior to 23.7 OPNsense Business Edition versions prior to 23.4.2 Description: A directory traversal vulnerability exists in the Captive Portal templates of OPNsense, allowing attackers to execute arbitrary...

WAVLINK WL-WN531AX2 安全漏洞

The WAVLINK WL-WN531AX2 is a wireless router from the Chinese company WAVLINK. A security vulnerability exists in WAVLINK WL-WN531AX2 versions prior to 2023526, which originates from allowing a logged in user to execute operating system commands with root privileges...

WAVLINK WL-WN531AX2 代码问题漏洞

The WAVLINK WL-WN531AX2 is a wireless router from the Chinese company WAVLINK. The WAVLINK WL-WN531AX2 suffers from a code issue vulnerability that stems from the presence of a file upload vulnerability. An attacker can exploit this vulnerability to upload arbitrary files and execute system...

CVE-2023-33869

Enphase Envoy versions D7.0.88 is vulnerable to a command injection exploit that may allow an attacker to execute root commands...

Command injection

Enphase Envoy versions D7.0.88 is vulnerable to a command injection exploit that may allow an attacker to execute root commands...

CVE-2023-33869 Enphase Envoy OS Command Injection

Enphase Envoy versions D7.0.88 is vulnerable to a command injection exploit that may allow an attacker to execute root commands...

CVE-2023-33294

An issue was discovered in KaiOS 3.0 before 3.1. The /system/bin/tctwebserver binary exposes a local web server that responds to GET and POST requests on port 2929. The server accepts arbitrary Bash commands and executes them as root. Because it is not permission or context restricted and returns...

CVE-2023-33294

An issue was discovered in KaiOS 3.0 before 3.1. The /system/bin/tctwebserver binary exposes a local web server that responds to GET and POST requests on port 2929. The server accepts arbitrary Bash commands and executes them as root. Because it is not permission or context restricted and returns...

Cisco DNA Center 安全漏洞

Cisco DNA Center is a network management and command center service from Cisco USA. Cisco DNA Center is vulnerable to an authorization issue. The vulnerability stems from improper authorization of API requests and can be exploited by an authenticated, remote attacker to read information from a...

CVE-2023-20182

Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more information about these...

CVE-2023-30504

Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the...

PT-2023-2910 · Aruba · Aruba Edgeconnect Enterprise

Name of the Vulnerable Software and Affected Versions: Aruba EdgeConnect Enterprise affected versions not specified Description: Vulnerabilities exist in the command line interface of Aruba EdgeConnect Enterprise that allow remote authenticated users to run arbitrary commands on the underlying...

PT-2023-13019 · Nokia · Nokia Onends

Name of the Vulnerable Software and Affected Versions: Nokia One-NDS aka Network Directory Server versions through 20.9 Description: The issue allows some users to exploit certain Sudo permissions, potentially escalating to root privileges and executing arbitrary commands. Recommendations: For...

The vulnerability of the command-line interface (CLI) of Cisco Aironet Access Point microprogramming software allows a attacker to execute arbitrary commands with root privileges.

The vulnerability of the command-line interface CLI of Cisco Aironet Access Point software exists because measures to neutralize special elements used in operating system commands have not been taken. Exploiting this vulnerability allows an attacker to execute arbitrary commands with root...

Cisco Small Business 操作系统命令注入漏洞

Cisco Small Business is a switch from Cisco USA. A security vulnerability exists in the Cisco Small Business RV320 and RV325. An attacker with valid administrator credentials could use this vulnerability to execute arbitrary commands as root on the underlying Linux operating system of the affecte...

CVE-2023-0127

A command injection vulnerability in the firmwareupdate command, in the device's restricted telnet interface, allows an authenticated attacker to execute arbitrary commands as root...

CVE-2023-20076

A vulnerability in the Cisco IOx application hosting environment could allow an authenticated, remote attacker to execute arbitrary commands as root on the underlying host operating system. This vulnerability is due to incomplete sanitization of parameters that are passed in for activation of an...

Aruba Networks EdgeConnect 安全漏洞

Aruba Networks EdgeConnect is an edge connectivity management platform from Aruba Networks, USA. A security vulnerability exists in Aruba Networks EdgeConnect that originates from allowing an authenticated remote user to run arbitrary commands on the underlying host, which could be exploited by a...

Aruba Networks EdgeConnect 安全漏洞

Aruba Networks EdgeConnect is an edge connectivity management platform from Aruba Networks, USA. A security vulnerability exists in Aruba Networks EdgeConnect that originates from allowing an authenticated remote user to run arbitrary commands on the underlying host, which could be exploited by a...