7632 matches found
MC Technologies MC LR Router 操作系统命令注入漏洞
MC Technologies MC LR Router is a router from the German company MC Technologies. An operating system command injection vulnerability exists in MC Technologies MC LR Router version 2.10.5, which stems from an OS command injection in the configuration upload function of the web interface and could...
PT-2024-22820 · Gocast · Gocast
Name of the Vulnerable Software and Affected Versions: GoCast version 1.1.3 Description: An OS command injection issue exists in the NAT parameter of GoCast. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to trigger...
MC Technologies MC LR Router web interface configuration upload OS command injection vulnerability
Talos Vulnerability Report TALOS-2024-1954 MC Technologies MC LR Router web interface configuration upload OS command injection vulnerability November 21, 2024 CVE Number CVE-2024-21786 SUMMARY An OS command injection vulnerability exists in the web interface configuration upload functionality of...
GoCast HTTP API lack of authentication vulnerability
Talos Vulnerability Report TALOS-2024-1962 GoCast HTTP API lack of authentication vulnerability November 21, 2024 CVE Number CVE-2024-21855 SUMMARY A lack of authentication vulnerability exists in the HTTP API functionality of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary...
The vulnerability in the admin_account.cgi script of Netgear R8500’s integrated routing software allows a hacker to execute arbitrary commands.
The vulnerability of the adminaccount.cgi microprogramming system in Netgear R8500 routers exists due to the failure to take measures to neutralize special elements used in the operating system’s command for processing the sysNewPasswd parameter. Exploiting this vulnerability allows a malicious...
The vulnerability in the `usb_remote_smb_conf.cgi` script of NETGEAR R8500 router software allows a hacker to execute arbitrary commands.
The vulnerability in the usbremotesmbconf.cgi script of NETGEAR R8500 router microprogramming software lies in the lack of measures to neutralize special elements used in the operating system’s command when processing the sharename parameter. Exploiting this vulnerability allows a remote attacker...
AZL-53397 CVE-2024-10224 affecting package perl-Module-ScanDeps for versions less than 1.35-3
Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by opening a "pesky pipe" such as passing "commands|" as a filename or by passing arbitrary strings to eval...
CVE-2024-11003
Qualys discovered that needrestart, before version 3.8, passes unsanitized data to a library Modules::ScanDeps which expects safe input. This could allow a local attacker to execute arbitrary shell commands. Please see the related CVE-2024-10224 in Modules::ScanDeps...
[SECURITY] [DLA 3958-1] libmodule-scandeps-perl security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3958-1 [email protected] https://www.debian.org/lts/security/ Salvatore Bonaccorso November 19, 2024 https://wiki.debian.org/LTS -...
[SECURITY] [DSA 5816-1] libmodule-scandeps-perl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5816-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 19, 2024 https://www.debian.org/security/faq -...
The vulnerability in the password.cgi script of Netgear R8500 router software allows a hacker to execute arbitrary commands.
The vulnerability in the password.cgi script of Netgear R8500 router microprogramming software exists due to the failure to take measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands by...
Debian dsa-5816 : libmodule-scandeps-perl - security update
The remote Debian 12 host has a package installed that is affected by a vulnerability as referenced in the dsa-5816 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5816-1 [email protected] https://www.debian.org/security/...
CVE-2024-50919
Jpress until v5.1.1 has arbitrary file uploads on the windows platform, and the construction of non-standard file formats such as .jsp. can lead to arbitrary command execution...
CVE-2024-50919
Jpress until v5.1.1 has arbitrary file uploads on the windows platform, and the construction of non-standard file formats such as .jsp. can lead to arbitrary command execution...
CVE-2024-50919
CVE-2024-50919 affects Jpress prior to v5.1.1 on Windows, where arbitrary file uploads (including non-standard formats like .jsp) can lead to arbitrary command execution. The issue is described as a critical impact (CVSS 9.8; NETWORK vector, user interaction: none). Exploitation details are not p...
The vulnerability of the SmartFabric OS10 network operating system, related to deficiencies in access control, allows a intruder to execute arbitrary commands.
The vulnerability of the SmartFabric OS10 network operating system is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to execute arbitrary commands...
Tenda G3 formSetUSBPartitionUmount function command injection vulnerability
Tenda G3 is a Qos Vpn router from Tenda China. Tenda G3 suffers from a command injection vulnerability, which stems from the formSetUSBPartitionUmount function failing to properly filter constructor command special characters, commands, etc. The vulnerability can be exploited to execute arbitrary...
Tenda G3 formSetDebugCfg function command injection vulnerability
Tenda G3 is a Qos Vpn router from Tenda China. Tenda G3 suffers from a command injection vulnerability, which stems from the formSetDebugCfg function failing to properly filter constructor command special characters, commands, etc. The vulnerability can be exploited to execute arbitrary commands...
D-Link DSL6740C OS Command Injection Vulnerability (CNVD-2024-45428)
The D-Link DSL6740C is a wireless VDSL router from China-based AUO D-Link. The D-Link DSL6740C suffers from an operating system command injection vulnerability that can be exploited by an attacker to execute arbitrary commands on the system...
The vulnerability of D-Link DSL-2640U and DSL-2540U router microprogramming systems lies in the lack of measures to neutralize special elements used in the operating system’s command set, allowing attackers to execute arbitrary commands.
The vulnerability of D-Link DSL-2640U and DSL-2540U router microprogramming systems lies in the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows an attacker to execute arbitrary commands using metasymbols within the...