140 matches found
CVE-2023-39236
ASUS RT-AC86U Traffic Analyzer - Statistic function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services...
Command injection
ASUS RT-AC86U unused Traffic Analyzer legacy Statistic function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services...
CVE-2023-39236
ASUS RT-AC86U Traffic Analyzer - Statistic function is vulnerable to command injection due to insufficient filtering of special characters. A remote attacker with regular user privileges can trigger arbitrary command execution, potentially corrupting the system or stopping services. Affected prod...
CVE-2023-38033 ASUS RT-AC86U - Command injection vulnerability - 3
ASUS RT-AC86U unused Traffic Analyzer legacy Statistic function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services...
CVE-2023-38033 ASUS RT-AC86U - Command injection vulnerability - 3
ASUS RT-AC86U unused Traffic Analyzer legacy Statistic function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services...
CVE-2023-38032 ASUS RT-AC86U - Command injection vulnerability - 2
ASUS RT-AC86U AiProtection security- related function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services...
CVE-2023-38032
CVE-2023-38032 affects the ASUS RT-AC86U router’s AiProtection security-related function. The root cause is insufficient filtering of special characters, enabling a remote attacker with regular user privileges to perform a command injection and execute arbitrary commands, potentially disrupting t...
CVE-2023-38031
ASUS RT-AC86U Adaptive QoS - Web History function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services...
CVE-2023-28703
ASUS RT-AC86U’s specific cgi function has a stack-based buffer overflow vulnerability due to insufficient validation for network packet header length. A remote attacker with administrator privileges can exploit this vulnerability to execute arbitrary system commands, disrupt system or terminate...
CVE-2023-28701
ELITE TECHNOLOGY CORP. Web Fax has a vulnerability of SQL Injection. An unauthenticated remote attacker can inject SQL commands into the input field of the login page to perform arbitrary system commands, disrupt service or terminate service...
CVE-2023-28703 ASUS RT-AC86U - Buffer Overflow
ASUS RT-AC86U’s specific cgi function has a stack-based buffer overflow vulnerability due to insufficient validation for network packet header length. A remote attacker with administrator privileges can exploit this vulnerability to execute arbitrary system commands, disrupt system or terminate...
The vulnerability of the microprogramming software in the embedded converter Moxa MiiNePort E1, related to the lack of authentication for a critical function, allows a intruder to gain access to the system configuration interface, enabling them to view, modify, or terminate services.
The vulnerability of the microprogramming software in the embedded converter Moxa MiiNePort E1 is related to the absence of authentication for a critical function. Exploiting this vulnerability allows an attacker to gain access to the system configuration interface, enabling them to view, modify,...
Authorization
The Administrator function of EasyTest has an Incorrect Authorization vulnerability. A remote attacker authenticated as a general user can exploit this vulnerability to bypass the intended access restrictions, to make API functions calls, manipulate system and terminate service...
CVE-2022-39028
A flaw was found in MIT krb5-appl, where it has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. The telnetd application would crash in a typical installation, but the telnet service would remain available through inetd. However, if the telnetd application has many crashes within a short ti...
CVE-2022-32960
HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for card number. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate...
CVE-2022-32960
HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for card number. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate...
CVE-2022-32962
HiCOS’ client-side citizen certificate component has a double free vulnerability. An unauthenticated physical attacker can exploit this vulnerability to corrupt memory and execute arbitrary code, manipulate system data or terminate service...
Stack overflow
HICOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for token information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code,...
Stack overflow
HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for OS information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipula...
Double free
HiCOS’ client-side citizen certificate component has a double free vulnerability. An unauthenticated physical attacker can exploit this vulnerability to corrupt memory and execute arbitrary code, manipulate system data or terminate service...