PT-2024-2833

Name of the Vulnerable Software and Affected Versions QTS versions prior to 5.1.5.2645 build 20240116 QuTS hero versions prior to h5.1.5.2647 build 20240118 QuTScloud versions prior to c5.1.5.2651 Description An OS command injection vulnerability exists in QNAP operating system versions due to th...

PaddlePaddle Operating System Command Injection Vulnerability

PaddlePaddle is an independent R&D deep learning platform open-sourced by China's PaddlePaddle. PaddlePaddle 2.6.0 version of the previous security vulnerability, the vulnerability stems from may lead to remote code execution vulnerability...

PT-2023-28373 · Dasan Networks · W-Web

Name of the Vulnerable Software and Affected Versions: Dasan Networks - W-Web versions 1.22 through 1.27 Description: The issue is related to improper neutralization of special elements used in an OS command, also known as OS command injection. This is classified as CWE-78. Recommendations: For...

Multiple vulnerabilities in CubeCart

Overview CubeCart provided by CubeCart Limited contains multiple vulnerabilities listed below. Cross-site request forgery CWE-352 - CVE-2023-38130 Directory traversal CWE-22 - CVE-2023-42428 Directory traversal CWE-22 - CVE-2023-47283 OS command injection CWE-78 - CVE-2023-47675 Gen Sato of Mitsu...

CVE-2023-30805 Sangfor Next-Gen Application Firewall Login Un Param Command Injection

The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /LogInOut.php endpoint. This is due to mishandling ...

Fortinet FortiManager and FortiAnalyzer and FortiADC Operating System Command Injection Vulnerability

Fortinet FortiManager and others are products of Fortinet, Inc.Fortinet FortiManager is a centralized network security management platform.Fortinet FortiAnalyzer is a centralized network security reporting solution.Fortinet FortiADC is an application delivery controller. Fortinet FortiADC is an...

Fortinet FortiWLM Operating System Command Injection Vulnerability

Fortinet FortiWLM is a wireless manager from Fortinet. A security vulnerability exists in Fortinet FortiWLM that stems from the presence of an operating system command injection vulnerability. The vulnerability allows an attacker to execute unauthorized code or commands via specially crafted http...

High-Severity Flaws in ConnectedIO's 3G/4G Routers Raise Concerns for IoT Security

Multiple high-severity security vulnerabilities have been disclosed in ConnectedIO's ER2000 edge routers and the cloud-based management platform that could be exploited by malicious actors to execute malicious code and access sensitive data. "An attacker could have leveraged these flaws to fully...

CVE-2023-43069

Dell SmartFabric Storage Software v1.4 and earlier contains an OS Command Injection Vulnerability in the CLI. An authenticated local attacker could potentially exploit this vulnerability, leading to possible injection of parameters to curl or docker...

CVE-2022-47555 Improper Neutralization of Special Elements in Ormazabal products

Operating system command injection in ekorCCP and ekorRCI, which could allow an authenticated attacker to execute commands, create new users with elevated privileges or set up a backdoor...

PT-2023-4734 · Totolink · Totolink N200Re V5

Name of the Vulnerable Software and Affected Versions: TOTOLINK N200RE V5 version 9.3.5u.6437 B20230519 Description: The issue is related to the Validity check function in the TOTOLINK N200RE V5 router's firmware. It involves the use of uncontrolled format strings when processing the % symbol,...

TOTOLINK EX1200L 操作系统命令注入漏洞

The TOTOLINK EX1200L is a wireless repeater from China's Gion Electronics TOTOLINK. An operating system command injection vulnerability exists in the TOTOLINK EX1200L ENV9.3.5u.6146B20201023 version, which stems from the setWanCfg function that could lead to a system command injection vulnerabili...

CVE-2023-36922

Due to programming error in function module and report, IS-OIL component in SAP ECC and SAP S/4HANA allows an authenticated attacker to inject an arbitrary operating system command into an unprotected parameter in a common default extension. On successful exploitation, the attacker can read or...

CVE-2023-36143

Maxprint Maxlink 1200G v3.4.11E has an OS command injection vulnerability in the "Diagnostic tool" functionality of the device...

Ubuntu 16.04 ESM : cups-filters vulnerability (USN-6083-2)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-6083-2 advisory. USN-6083-1 fixed a vulnerability in cups-filters. This update provides the corresponding update for Ubuntu 16.04 LTS. Tenable has extracted the preceding...

CVE-2022-48472

A Huawei printer has a system command injection vulnerability. Successful exploitation could lead to remote code execution. Affected product versions include:BiSheng-WNM versions OTA-BiSheng-FW-2.0.0.211-beta,BiSheng-WNM FW 3.0.0.325,BiSheng-WNM FW 2.0.0.211...

CVE-2022-48472

CVE-2022-48472 concerns a system command injection in Huawei’s BiSheng-WNM printer line. Affected firmware/versions include OTA-BiSheng-FW-2.0.0.211-beta, BiSheng-WNM FW 3.0.0.325, and BiSheng-WNM FW 2.0.0.211. The vulnerability enables remote code execution via a crafted system command, as descr...

CVE-2022-48472

A Huawei printer has a system command injection vulnerability. Successful exploitation could lead to remote code execution. Affected product versions include:BiSheng-WNM versions OTA-BiSheng-FW-2.0.0.211-beta,BiSheng-WNM FW 3.0.0.325,BiSheng-WNM FW 2.0.0.211...

CVE-2022-48472

A Huawei printer has a system command injection vulnerability. Successful exploitation could lead to remote code execution. Affected product versions include:BiSheng-WNM versions OTA-BiSheng-FW-2.0.0.211-beta,BiSheng-WNM FW 3.0.0.325,BiSheng-WNM FW 2.0.0.211...

PT-2023-15805 · Unknown · Bisheng-Wnm Fw

Name of the Vulnerable Software and Affected Versions: BiSheng-WNM versions OTA-BiSheng-FW-2.0.0.211-beta through BiSheng-WNM FW 3.0.0.325 Description: A system command injection issue allows for remote code execution upon successful exploitation. Recommendations: For BiSheng-WNM versions...