CVE-2024-52505 matrix-appservice-irc allows IRC Command injection in provisioning API

matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. The provisioning API of the matrix-appservice-irc bridge up to version 3.0.2 contains a vulnerability which can lead to arbitrary IRC command execution as the bridge IRC bot. The vulnerability has been patched in...

D-Link DI-8003 Command Injection Vulnerability

The D-Link DI-8003 is a wireless router from China-based AUO D-Link. A command injection vulnerability exists in the D-Link DI-8003 version 16.07.16A1, which stems from the parameter path in the file /upgradefilter.asp failing to correctly filter construct command special characters, commands, et...

TOTOLINK X18 Command Injection Vulnerability

TOTOLINK X18 is a mesh router system from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK X18 version 9.1.0cu.2024B20220329, which stems from the enable parameter in the /cgi-bin/cstecgi.cgi page failing to correctly filter constructed command special...

Tenda G3 命令注入漏洞

Tenda G3 is a Qos Vpn router from Tenda China. Tenda G3 suffers from a command injection vulnerability, which stems from the formSetUSBPartitionUmount function failing to properly filter constructor command special characters, commands, etc. The vulnerability can be exploited to execute arbitrary...

The vulnerability of Juniper Networks’ Junos Space network resource management platform, related to the failure to cleanse input data at the control level, allows attackers to execute arbitrary commands.

The vulnerability of the Juniper Networks Junos Space network resource management platform lies in the lack of measures taken to sanitize input data at the control level. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands by sending specially crafted requests...

CyberPanel upgrademysqlstatus Arbitrary Command Execution

import httpx import sys def getCSRFtokenclient: resp = client.get"/" return resp.cookies'csrftoken' def pwnclient, CSRFtoken, cmd: headers = "X-CSRFToken": CSRFtoken, "Content-Type":"application/json", "Referer": strclient.baseurl payload = '"statusfile":"/dev/null; %s; ","csrftoken":"%s"' % cmd,...

NETGEAR XR300 genie_dyn.cgi component command injection vulnerability

The NETGEAR XR300 is a wireless router from NETGEAR. A command injection vulnerability exists in NETGEAR XR300 v1.0.3.78, which stems from the systemname parameter in the geniedyn.cgi component failing to properly filter constructed command special characters, commands, and so on. An attacker cou...

Tenda AC6 Command Injection Vulnerability (CNVD-2024-44861)

The Tenda AC6 is a wireless router from the Chinese company Tenda. A command injection vulnerability exists in Tenda AC6 version 15.03.05.19, which stems from the parameter The failing to properly filter constructed command special characters, commands, etc. The vulnerability can be exploited to...

NETGEAR XR300 wiz_dyn.cgi component command injection vulnerability

The NETGEAR XR300 is a wireless router from NETGEAR. NETGEAR XR300 version v1.0.3.78 suffers from a command injection vulnerability that stems from the systemname parameter in the wizdyn.cgi component failing to properly filter constructed command special characters, commands, and so on. An...

NETGEAR R8500 genie_fix2.cgi Component Command Injection Vulnerability

The NETGEAR R8500 is a wireless router from NETGEAR. A command injection vulnerability exists in the NETGEAR R8500 v1.0.2.160, which stems from the wangateway parameter in the geniefix2.cgi component failing to correctly filter constructed command special characters, commands, and so on. An...

NETGEAR R8500 bsw_fix.cgi Component Command Injection Vulnerability

The NETGEAR R8500 is a wireless router from NETGEAR. A command injection vulnerability exists in the NETGEAR R8500 v1.0.2.160, which stems from the wangateway parameter in the bswfix.cgi component failing to correctly filter constructed command special characters, commands, and so on. An attacker...

NETGEAR R8500 admin_account.cgi Component Command Injection Vulnerability

The NETGEAR R8500 is a wireless router from NETGEAR. A command injection vulnerability exists in the NETGEAR R8500 v1.0.2.160, which stems from the sysNewPasswd parameter in the adminaccount.cgi component failing to correctly filter constructed command special characters, commands, and so on. An...

NETGEAR R7000P Command Injection Vulnerability

The NETGEAR R7000P is a wireless router from NETGEAR. A command injection vulnerability exists in NETGEAR R7000P v1.3.3.154, which stems from the devicename2 parameter in the operationmode.cgi component failing to correctly filter constructed command special characters, commands, and so on. An...

D-Link DIR-823G SetWanSettings Function Command Injection Vulnerability

The D-Link DIR-823G is a wireless router from China's AUO D-Link. The D-Link DIR-823G version 1.0.2B05 suffers from a command injection vulnerability that stems from the HostName parameter in the SetWanSettings function failing to properly filter constructed command special characters, commands,...

TOTOLINK X18 命令注入漏洞

TOTOLINK X18 is a mesh router system from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK X18 version 9.1.0cu.2024B20220329, which stems from the enable parameter in the /cgi-bin/cstecgi.cgi page failing to correctly filter constructed command special...

The vulnerability of the user interface of the TwinCAT Package Manager allows a hacker to execute arbitrary commands.

The vulnerability of the TwinCAT Package Manager’s user interface is related to the lack of measures taken to neutralize special elements. Exploiting this vulnerability allows an attacker to execute arbitrary commands...

CVE-2023-29120

Waybox Enel X web management application could be used to execute arbitrary OS commands and provide administrator’s privileges over the Waybox system...

NETGEAR R8500 安全漏洞

The NETGEAR R8500 is a wireless router from NETGEAR. A command injection vulnerability exists in the NETGEAR R8500 v1.0.2.160, which stems from the sysNewPasswd parameter in the adminaccount.cgi component failing to correctly filter constructed command special characters, commands, and so on. An...

NETGEAR R8500 安全漏洞

The NETGEAR R8500 is a wireless router from NETGEAR. A command injection vulnerability exists in the NETGEAR R8500 v1.0.2.160, which stems from the wangateway parameter in the bswfix.cgi component failing to correctly filter constructed command special characters, commands, and so on. An attacker...

CVE-2024-51246

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doPPTP function...