7632 matches found
CVE-2024-52723
In TOTOLINK X6000R V9.4.0cu.1041B20240224 in the shttpd file, the UciSet Str function is used without strict parameter filtering. An attacker can achieve arbitrary command execution by constructing the payload...
CVE-2024-28892
An OS command injection vulnerability exists in the name parameter of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...
CVE-2024-28892
An OS command injection vulnerability exists in the name parameter of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...
CVE-2024-29224
An OS command injection vulnerability exists in the NAT parameter of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...
CVE-2024-28026
Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these...
CVE-2024-21855
A lack of authentication vulnerability exists in the HTTP API functionality of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...
CVE-2024-21786
An OS command injection vulnerability exists in the web interface configuration upload functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-28892
An OS command injection vulnerability exists in the name parameter of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...
CVE-2024-28892
CVE-2024-28892 : A command-injection flaw exists in the name parameter of GoCast 1.1.3 (github.com/mayuresh82/gocast). A specially crafted, unauthenticated HTTP request can cause arbitrary command execution on the server. Documented as a network‑proximate vulnerability with high impact across con...
CVE-2024-28892
An OS command injection vulnerability exists in the name parameter of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...
CVE-2024-21855
A lack of authentication vulnerability exists in the HTTP API functionality of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...
CVE-2024-21855
CVE-2024-21855 refers to a lack of authentication in GoCast 1.1.3’s HTTP API, allowing unauthenticated HTTP requests to trigger arbitrary command execution. Cisco Talos details show the API can register/unregister apps without auth, enabling full control over GoCast’s BGP-related functionality an...
CVE-2024-21855
A lack of authentication vulnerability exists in the HTTP API functionality of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...
CVE-2024-28026
Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these...
CVE-2024-28025
Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these...
CVE-2024-21786
An OS command injection vulnerability exists in the web interface configuration upload functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-11320
Arbitrary commands execution on the server by exploiting a command injection vulnerability in the LDAP authentication mechanism. This issue affects Pandora FMS: from 700 through =777.4...
Apache HertzBeat Command Injection Vulnerability
Apache HertzBeat is a tool from the American company Apache Apache that can monitor various components. A command injection vulnerability exists in Apache HertzBeat versions prior to 1.6.1, which stems from the application's failure to properly filter constructed command special characters,...
GoCast 操作系统命令注入漏洞
GoCast is a tool for controlling BGP route announcements from the host by individual developer mayuresh82. An OS command injection vulnerability exists in GoCast version 1.1.3, which stems from OS command injection in NAT parameters and could lead to arbitrary command execution...
MC Technologies MC LR Router 操作系统命令注入漏洞
MC Technologies MC LR Router is a router from MC Technologies, Germany. An operating system command injection vulnerability exists in MC Technologies MC LR Router version 2.10.5, which stems from an OS command injection in the I/O configuration function of the web interface, which could lead to...