PT-2023-3314 · Cisco · Cisco Small Business Rv320 +1

Name of the Vulnerable Software and Affected Versions: Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers affected versions not specified Description: The web-based management interface of the affected devices has insufficient validation of user-supplied input, which could allow an...

CVE-2023-28503

Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from an authentication bypass vulnerability, where a special username with a deterministic password can be leveraged to bypass authentication checks and execute ...

CVE-2023-28503 Authentication bypass in UniRPC's udadmin service

Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from an authentication bypass vulnerability, where a special username with a deterministic password can be leveraged to bypass authentication checks and execute ...

Rocket Software UniData 和 UniVerse 授权问题漏洞

Rocket Software UniVerse and Rocket Software UniData are both products of Rocket Software, Inc. Rocket Software UniVerse is a suite of database management and support software now owned by Rocket Software. Software UniData is a MultiValue application platform. Rocket Software UniData is a...

CVE-2023-1389

TP-Link Archer AX21 AX1800 firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface. Specifically, the country parameter of the write operation was not sanitized before...

CoreDial sipXcom sipXopenfire 参数注入漏洞

CoreDial sipXcom sipXopenfire is a telecommunications application from CoreDial, Inc. A parameter injection vulnerability exists in CoreDial sipXcom sipXopenfire version 21.04 and earlier, which stems from the presence of operating system command parameter injection that can be exploited by an...

CVE-2023-23294

Korenix JetWave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection. An attacker can modify the filename parameter to execute commands as root...

Korenix Technology Korenix JetWave 命令注入漏洞

Korenix Technology Korenix JetWave is a family of wireless access points from Korenix Technology. A security vulnerability exists in Korenix Technology Korenix JetWave 4200 Series version 1.3.0, JetWave 3000 Series version 1.6.0. An attacker can exploit the vulnerability to execute commands as ro...

Korenix Technology Korenix JetWave 命令注入漏洞

Korenix Technology Korenix JetWave is a family of wireless access points from Korenix Technology. A security vulnerability exists in the Korenix Technology Korenix JetWave 4200 Series version 1.3.0, JetWave 3000 Series version 1.6.0. An attacker can exploit the vulnerability to execute commands a...

SUSE CVE-2017-10700

In the medialibrary component in QNAP NAS 4.3.3.0229, an un-authenticated, remote attacker can execute arbitrary system commands as the root user of the NAS application...

SUSE CVE-2018-1111

DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw...

SUSE CVE-2020-15862

Net-SNMP through 5.8 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root...

PT-2023-1277 · Cisco · Cisco Small Business Rv260 +4

Name of the Vulnerable Software and Affected Versions: Cisco Small Business RV160 and RV260 Series VPN Routers affected versions not specified Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W affected versions not specified Description: A vulnerability in the web-based management...

PT-2023-14413 · Linksys · Linksys Wumc710 Wireless-Ac Universal Media Connector

Name of the Vulnerable Software and Affected Versions: Linksys WUMC710 Wireless-AC Universal Media Connector version 1.0.02 build3 and earlier Description: An arbitrary code execution issue exists due to the do setNTP function within the httpd binary using unvalidated user input in the constructi...

CVE-2022-43536

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploits could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complet...

CVE-2022-43538

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploits could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complet...

PT-2023-14496 · Aruba · Aruba Edgeconnect Enterprise Orchestrator

Name of the Vulnerable Software and Affected Versions: Aruba EdgeConnect Enterprise Orchestrator versions 9.2.1.40179 and below Aruba EdgeConnect Enterprise Orchestrator versions 9.1.4.40436 and below Aruba EdgeConnect Enterprise Orchestrator versions 9.0.7.40110 and below Aruba EdgeConnect...

PT-2022-6068 · Veritas · Veritas Netbackup Appliance +1

Name of the Vulnerable Software and Affected Versions: Veritas NetBackup versions through 10.1 Veritas NetBackup Appliance versions affected versions not specified Related Veritas products on Linux and UNIX versions affected versions not specified Description: The Java Admin Console in Veritas...

MiniDVBLinux 5.4 Remote Root Command Execution

!/usr/bin/env python3 MiniDVBLinux 5.4 Remote Root Command Execution Vulnerability Vendor: MiniDVBLinux Product web page: https://www.minidvblinux.de Affected version: =5.4 Summary: MiniDVBLinuxTM Distribution MLD. MLD offers a simple way to convert a standard PC into a Multi Media Centre based o...

MiniDVBLinux 5.4 Remote Root Command Injection

!/usr/bin/env python3 MiniDVBLinux 5.4 Remote Root Command Injection Vulnerability Vendor: MiniDVBLinux Product web page: https://www.minidvblinux.de Affected version: =5.4 Summary: MiniDVBLinuxTM Distribution MLD. MLD offers a simple way to convert a standard PC into a Multi Media Centre based o...