PT-2024-2899 · Dell · Dell Unity

Name of the Vulnerable Software and Affected Versions: Dell Unity versions prior to 5.4 Description: The issue exists due to the lack of neutralization of special elements used in the operating system command by the svc oscheck utility of Dell Unity's microcode. This allows an authenticated...

TELSAT marKoni FM Transmitter 1.9.5 Root Command Injection Exploit

TELSAT marKoni FM Transmitter version 1.9.5 is susceptible to unauthenticated remote code execution with root privileges. An attacker can exploit a command injection vulnerability by manipulating the Email settings' WAN IP info service, which utilizes the wget module. This allows the attacker to...

TELSAT marKoni FM Transmitter 1.9.5 Root Command Injection

!/usr/bin/env python TELSAT marKoni FM Transmitter 1.9.5 Root Command Injection PoC Exploit Vendor: TELSAT Srl Product web page: https://www.markoni.it Affected version: Markoni-D Compact FM Transmitters Markoni-DH Exciter+Amplifiers FM Transmitters Markoni-A Analogue Modulator FM Transmitters...

Hongdian Router H8951-4G-ESP Security Vulnerability

The Hongdian Router H8951-4G-ESP is a wireless router from China Hongdian. A security vulnerability exists in versions prior to Hongdian Router H8951-4G-ESP 2310271149. An attacker can exploit this vulnerability to execute arbitrary commands in a root user environment...

Peplink Balance Security Breach

Peplink Balance is a router from Peplink. A security vulnerability exists in Peplink Balance Two versions prior to 8.4.0, which stems from the use of hard-coded credentials for Console port authentication, allowing an attacker to execute arbitrary commands as root...

CVE-2023-36650

A missing integrity check in the update system in ProLion CryptoSpike 3.0.15P2 allows attackers to execute OS commands as the root Linux user on the host system via forged update packages...

CVE-2023-36650

A missing integrity check in the update system in ProLion CryptoSpike 3.0.15P2 allows attackers to execute OS commands as the root Linux user on the host system via forged update packages...

PT-2023-25654 · Prolion · Prolion Cryptospike

Name of the Vulnerable Software and Affected Versions: ProLion CryptoSpike version 3.0.15P2 Description: A missing integrity check in the update system allows attackers to execute OS commands as the root Linux user on the host system via forged update packages. Recommendations: For ProLion...

Cisco Firepower Management Center and Cisco Firepower Threat Defense Security Vulnerabilities

Cisco Firepower Management Center FMC and Cisco Firepower Threat Defense FTD are both products of Cisco, Inc. Cisco Firepower Management Center is the next-generation firewall management center software. Cisco Firepower Threat Defense is a unified set of software that provides next-generation...

CVE-2023-45208

A command injection in the parsingxmlstasurvey function inside libcgifunc.so of the D-Link DAP-X1860 repeater 1.00 through 1.01b05-01 allows attackers within range of the repeater to run shell commands as root during the setup process of the repeater, via a crafted SSID. Also, network names...

CVE-2023-36618

Atos Unify OpenScape Session Border Controller through V10 R3.01.03 allows execution of OS commands as root user by low-privileged authenticated users...

CVE-2023-36618

Atos Unify OpenScape Session Border Controller through V10 R3.01.03 allows execution of OS commands as root user by low-privileged authenticated users...

CVE-2023-43477

The pingfrom parameter of pingtracerte.cgi in the web UI of Telstra Smart Modem Gen 2 Arcadyan LH1000, firmware versions 0.18.15r, was not properly sanitized before being used in a system call, which could allow an authenticated attacker to achieve command injection as root on the device...

Cisco Intersight 命令注入漏洞

Cisco Intersight is an application platform from Cisco, Inc. It provides a level of intelligent management that enables IT organizations to analyze, simplify, and automate their environments in a more advanced way than previous generations of tools. A command injection vulnerability exists in the...

Deciso OPNsense Path Traversal Vulnerability

Deciso OPNsense is a suite of FreeBSD-based open source firewall and routing software from Dutch company Deciso. A path traversal vulnerability exists in OPNsense versions prior to 23.7, which stems from a directory traversal vulnerability in the Captive Portal template. An attacker can exploit...

CVE-2023-35861

A shell-injection vulnerability in email notifications on Supermicro motherboards such as H12DST-B before 03.10.35 allows remote attackers to inject execute arbitrary commands as root on the BMC...

Design/Logic Flaw

CasaOS is an open-source Personal Cloud system. Due to a lack of IP address verification an unauthenticated attackers can execute arbitrary commands as root on CasaOS instances. The problem was addressed by improving the detection of client IP addresses in 391dd7f. This patch is part of CasaOS...

CasaOS 访问控制错误漏洞

CasaOS is a simple, easy-to-use and elegant open source home cloud system. An Access Control Error vulnerability exists in CasaOS versions prior to 0.4.4 that stems from a lack of authenticated IP addresses. An attacker can exploit the vulnerability to execute arbitrary commands as root...

CVE-2023-32621

WL-WN531AX2 firmware versions prior to 2023526 allows an attacker with an administrative privilege to upload arbitrary files and execute OS commands with the root privilege...

CVE-2023-32622

Improper neutralization of special elements in WL-WN531AX2 firmware versions prior to 2023526 allows an attacker with an administrative privilege to execute OS commands with the root privilege...