Korenix Technology Korenix JetWave 命令注入漏洞

Korenix Technology Korenix JetWave is a family of wireless access points from Korenix Technology. A security vulnerability exists in the Korenix Technology Korenix JetWave 4200 Series version 1.3.0, JetWave 3000 Series version 1.6.0. An attacker can exploit the vulnerability to execute commands a...

SUSE CVE-2017-10700

In the medialibrary component in QNAP NAS 4.3.3.0229, an un-authenticated, remote attacker can execute arbitrary system commands as the root user of the NAS application...

SUSE CVE-2018-1111

DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw...

SUSE CVE-2020-15862

Net-SNMP through 5.8 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root...

The vulnerability of the Cisco IOx software platform arises from the failure to take measures to neutralize special elements used in the operating system’s command set. This allows attackers to execute arbitrary commands on the operating system with root privileges.

The vulnerability of the Cisco IOx software platform exists due to the lack of measures taken to neutralize special elements used in the operating system’s commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands in the operating system with root privileges...

PT-2023-1277 · Cisco · Cisco Small Business Rv260 +4

Name of the Vulnerable Software and Affected Versions: Cisco Small Business RV160 and RV260 Series VPN Routers affected versions not specified Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W affected versions not specified Description: A vulnerability in the web-based management...

PT-2023-14413 · Linksys · Linksys Wumc710 Wireless-Ac Universal Media Connector

Name of the Vulnerable Software and Affected Versions: Linksys WUMC710 Wireless-AC Universal Media Connector version 1.0.02 build3 and earlier Description: An arbitrary code execution issue exists due to the do setNTP function within the httpd binary using unvalidated user input in the constructi...

CVE-2022-43536

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploits could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complet...

CVE-2022-43538

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploits could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complet...

PT-2023-14496 · Aruba · Aruba Edgeconnect Enterprise Orchestrator

Name of the Vulnerable Software and Affected Versions: Aruba EdgeConnect Enterprise Orchestrator versions 9.2.1.40179 and below Aruba EdgeConnect Enterprise Orchestrator versions 9.1.4.40436 and below Aruba EdgeConnect Enterprise Orchestrator versions 9.0.7.40110 and below Aruba EdgeConnect...

The vulnerability of the Java Admin Console software tools for backup and data restoration in NetBackup Appliances and NetBackup allows a malicious actor to execute arbitrary commands as the root user.

The vulnerability of the Java Admin Console software tools for backup and recovery operations of NetBackup Appliances and NetBackup relates to the lack of measures taken to neutralize special elements used in operating system commands. Exploiting this vulnerability could allow a malicious actor t...

PT-2022-6068 · Veritas · Veritas Netbackup Appliance +1

Name of the Vulnerable Software and Affected Versions: Veritas NetBackup versions through 10.1 Veritas NetBackup Appliance versions affected versions not specified Related Veritas products on Linux and UNIX versions affected versions not specified Description: The Java Admin Console in Veritas...

MiniDVBLinux 5.4 Remote Root Command Execution

!/usr/bin/env python3 MiniDVBLinux 5.4 Remote Root Command Execution Vulnerability Vendor: MiniDVBLinux Product web page: https://www.minidvblinux.de Affected version: =5.4 Summary: MiniDVBLinuxTM Distribution MLD. MLD offers a simple way to convert a standard PC into a Multi Media Centre based o...

MiniDVBLinux 5.4 Remote Root Command Injection

!/usr/bin/env python3 MiniDVBLinux 5.4 Remote Root Command Injection Vulnerability Vendor: MiniDVBLinux Product web page: https://www.minidvblinux.de Affected version: =5.4 Summary: MiniDVBLinuxTM Distribution MLD. MLD offers a simple way to convert a standard PC into a Multi Media Centre based o...

PT-2022-6017 · Cisco · Cisco Sd-Wan

Name of the Vulnerable Software and Affected Versions: Cisco SD-WAN Software affected versions not specified Description: A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite and possibly corrupt files on an affected system. This issue is d...

Security Bulletin: SONAS Fix Available for Code Injection via Command Line Interface and SONAS Graphical User Interface (CVE-2012-2163)

Abstract SONAS has a vulnerability that allows SONAS administrative users to execute commands as root. Content VULNERABILITY DETAILS: CVE ID: CVE-2012-2163 DESCRIPTION: An error in the command execution of the SONAS Command Line Interface and the SONAS Graphical User Interface could be leveraged ...

Vulnerabilities fixed in Cisco NX-OS and FXOS

Cisco has fixed vulnerabilities in NX-OS and FXOS for various Firepower, Nexus and UCS hardware. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service, or use command-injection to execute commands on the vulnerable system with root privileges. To exploit the...

CVE-2021-37289

Insecure Permissions in administration interface in Planex MZK-DP150N 1.42 and 1.43 allows attackers to execute system command as root via etcro/web/syscmd.asp...

CVE-2022-36309

Airspan AirVelocity 1500 software versions prior to 15.18.00.2511 have a root command injection vulnerability in the ActiveBank parameter of the recoverySubmit.cgi script running on the eNodeB's web management UI. This issue may affect other AirVelocity and AirSpeed models...

CVE-2022-36310

Airspan AirVelocity 1500 software prior to version 15.18.00.2511 had NET-SNMP-EXTEND-MIB enabled on its snmpd service, enabling an attacker with SNMP write abilities to execute commands as root on the eNodeB. This issue may affect other AirVelocity and AirSpeed models...