D-Link DIR-832x 0x417234 Function Command Injection Vulnerability

The D-Link DIR-823X is a wireless router from China's AUO D-Link. The D-Link DIR-832x suffers from a command injection vulnerability that stems from the failure of function 0x417234 to correctly filter construct command special characters, commands, and so on. An attacker can exploit this...

D-Link DIR-832x 0x42232c Function Command Injection Vulnerability

The D-Link DIR-832x is a wireless router from China's AUO D-Link. The D-Link DIR-832x suffers from a command injection vulnerability that stems from the macaddr key value and the function 0x42232c failing to properly filter constructed command special characters, commands, and so on. An attacker...

D-Link DIR-832x 0x41dda8 Function Code Injection Vulnerability

The D-Link DIR-832x is a wireless router from China's AUO D-Link. A code injection vulnerability exists in the D-Link DIR-832x, which stems from the function 0x41dda8 failing to properly filter construct command special characters, commands, etc. An attacker can exploit this vulnerability to...

PT-2025-18265 · Ctrlx Os · Ctrlx Os

Name of the Vulnerable Software and Affected Versions: ctrlX OS affected versions not specified Description: A vulnerability in the “Remote Logging” functionality of the web application of ctrlX OS allows a remote authenticated low-privileged attacker to execute arbitrary OS commands in the conte...

The vulnerability of the web interface of the microprogramming software for routers EDIMAX BR-6478AC allows a hacker to elevate their privileges and execute arbitrary commands.

The vulnerability of the web interface of the microprogrammed software router EDIMAX BR-6478AC is related to the lack of measures taken for data cleaning at the management level. Exploiting this vulnerability can allow a malicious actor to enhance their privileges and execute arbitrary commands...

NETGEAR WNR854T cmd.cgi file command execution vulnerability

The NETGEAR WNR854T is a wireless router from NETGEAR. A command execution vulnerability exists in the NETGEAR WNR854T version 1.5.2, which stems from the cmd.cgi file failing to properly filter construct command special characters, commands, and so on. An attacker can exploit this vulnerability ...

The vulnerability of the software URL processor for Cisco Webex App allows a perpetrator to execute arbitrary commands.

The vulnerability of the software URL processor for Cisco Webex App relates to the ability to download files from untrusted sources. Exploiting this vulnerability could allow a malicious actor to execute arbitrary commands when a user accesses a specially crafted link...

GNU Mailman 操作系统命令注入漏洞

GNU Mailman is a mailing list management software commonly used to create, manage and maintain mailing lists. A command injection vulnerability exists in GNU Mailman. The vulnerability stems from a failure to properly filter shell metacharacters in the subject line of an email message. An attacke...

The vulnerability of the setUploadUserData() function in the microprogramming software for TOTOLINK CA300-PoE allows a hacker to execute arbitrary commands.

The vulnerability of the setUploadUserData function in the TOTOLINK CA300-PoE router’s microprogramming software is related to the lack of measures taken at the control level during the processing of the FileName parameter. Exploiting this vulnerability allows an attacker operating remotely to...

CVE-2025-29209

TOTOLINK X18 v9.1.0cu.2024B20220329 has an unauthorized arbitrary command execution in the enable parameter' of the sub41105C function of cstecgi .cgi...

CVE-2025-29209

CVE-2025-29209 affects TOTOLINK X18 (version 9.1.0cu.2024_B20220329). The vulnerability is an unauthorized arbitrary command execution in the enable parameter of the sub_41105C function in cstecgi.cgi. Multiple sources corroborate the issue and describe it as a high-severity, network-based vulner...

CVE-2025-32778

Web-Check is an all-in-one OSINT tool for analyzing any website. A command injection vulnerability exists in the screenshot API of the Web Check project Lissy93/web-check. The issue stems from user-controlled input url being passed unsanitized into a shell command using exec, allowing attackers t...

CVE-2025-3651 Command Injection in iManage Work Desktop for Mac's Agent Service

Improper Verification of Source of a Communication Channel in Work Desktop for Mac versions 10.8.1.46 and earlier allows attackers to execute arbitrary commands via unauthorized access to the Agent service. This has been remediated in Work Desktop for Mac version 10.8.2.33...

CVE-2024-50960

A command injection vulnerability in the Nmap diagnostic tool in the admin web console of Extron SMP 111 =3.01, SMP 351 =2.16, SMP 352 = 2.16, and SME 211 = 3.02, allows a remote authenticated attacker to execute arbitrary commands as root on the underlying operating system...

CVE-2024-44843

An issue in the web socket handshake process of SteVe v3.7.1 allows attackers to bypass authentication and execute arbitrary coammands via supplying crafted OCPP requests...

iManage Work Desktop for Mac 安全漏洞

iManage Work Desktop for Mac is an application from iManage, Inc. A security vulnerability exists in iManage Work Desktop for Mac versions 10.8.1.46 and earlier, which stems from improper authentication of the source of a communication channel and could result in the execution of arbitrary comman...

CVE-2024-55372

Wallos =2.38.2 has a file upload vulnerability in the restore database function, which allows unauthenticated users to restore database by uploading a ZIP file. The contents of the ZIP file are extracted on the server. This functionality enables an unauthenticated attacker to upload malicious fil...

CVE-2024-55372

Wallos =2.38.2 has a file upload vulnerability in the restore database function, which allows unauthenticated users to restore database by uploading a ZIP file. The contents of the ZIP file are extracted on the server. This functionality enables an unauthenticated attacker to upload malicious fil...

CVE-2024-55371

Wallos = 2.38.2 has a file upload vulnerability in the restore backup function, which allows authenticated users to restore backups by uploading a ZIP file. The contents of the ZIP file are extracted on the server. This functionality enables an authenticated attacker being an administrator is not...

CVE-2025-20236 Cisco Webex App Client-Side Remote Code Execution Vulnerability

A vulnerability in the custom URL parser of Cisco Webex App could allow an unauthenticated, remote attacker to persuade a user to download arbitrary files, which could allow the attacker to execute arbitrary commands on the host of the targeted user. This vulnerability is due to insufficient inpu...