Mitel 6800 Series、6900 Series和6900w Series 安全漏洞

Mitel 6800 Series and others are a series of phones from Mitel Canada. A security vulnerability exists in the Mitel 6800 Series, 6900 Series, and 6900w Series that stems from an insufficient parameter cleanup vulnerability that allows an attacker to conduct a parameter injection attack, which cou...

CVE-2024-7694

ThreatSonar Anti-Ransomware from TeamT5 does not properly validate the content of uploaded files. Remote attackers with administrator privileges on the product platform can upload malicious files, which can be used to execute arbitrary system command on the server...

CVE-2024-7694

ThreatSonar Anti-Ransomware from TeamT5 does not properly validate the content of uploaded files. Remote attackers with administrator privileges on the product platform can upload malicious files, which can be used to execute arbitrary system command on the server...

CVE-2024-41710

A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 R6.4.0.136 could allow an authenticated attacker with administrative privilege to conduct an argument injection attack, due to insufficient parameter...

CVE-2024-41710

A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 R6.4.0.136 could allow an authenticated attacker with administrative privilege to conduct an argument injection attack, due to insufficient parameter...

TOTOLINK X5000R 操作系统命令注入漏洞

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK X5000R setModifyVpnUser method, which can be exploited by an attacker to execute arbitrary commands...

TOTOLINK X5000R 操作系统命令注入漏洞

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in TOTOLINK X5000R version v9.1.0cu.2350b20230313. The vulnerability stems from the setSyslogCfg method of /cgi-bin/cstecgi.cgi failing to properly filter construct command special...

TOTOLINK X5000R 安全漏洞

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in TOTOLINK X5000R version v9.1.0cu.2350b20230313. The vulnerability stems from the setWanIeCfg method of /cgi-bin/cstecgi.cgi failing to properly filter constructed command special...

CVE-2024-41710

The CVE-2024-41710 issue affects Mitel 6800/6900/6900w Series SIP Phones (including the 6970 Conference Unit) up to version R6.4.0.HF1 (R6.4.0.136). It stems from insufficient parameter sanitization during boot, allowing an authenticated attacker with administrative privileges to perform an argum...

The vulnerability of SysAid’s software for supporting and controlling hardware and software systems lies in the lack of measures taken to neutralize special elements used in the operating system commands. This allows attackers to execute arbitrary commands.

The vulnerability of the software used for supporting and controlling hardware and software systems of SysAid is related to the failure to take measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrar...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to less atarbitrary command execution vulnerability [CVE-2024-32487]

Summary Potential less atarbitrary command execution vulnerability CVE-2024-32487 have been identified that could affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-32487...

GHSA-QGJ8-G9Q4-7F2P gotortc vulnerable to Cross-Site Request Forgery

gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to Cross-Site Request Forgery. The /api/config endpoint allows one to modify the existing configuration with user-supplied values. While the API is only allowing localhost to interact without authentication, an...

gotortc vulnerable to Cross-Site Request Forgery

gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to Cross-Site Request Forgery. The /api/config endpoint allows one to modify the existing configuration with user-supplied values. While the API is only allowing localhost to interact without authentication, an...

gotortc vulnerable to Cross-Site Request Forgery

gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to Cross-Site Request Forgery. The /api/config endpoint allows one to modify the existing configuration with user-supplied values. While the API is only allowing localhost to interact without authentication, an...

TOTOLINK LR350 Command Injection Vulnerability

TOTOLINK LR350 is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK LR350 version 9.3.5u.6369B20220309, which originates from the hostName parameter in the setWanCfg function of the /cgi-bin/cstecgi.cgi page that fails to correctly...

TOTOLINK LR1200GB Command Injection Vulnerability

The TOTOLINK LR1200GB is a wireless dual-band 4G LTE router from China's Gion Electronics TOTOLINK. The TOTOLINK LR1200GB version 9.3.1cu.2832 suffers from a command injection vulnerability that originates from the hosttime parameter in the NTPSyncWithHost function on the /cgi-bin/cstecgi.cgi pag...

CVE-2024-34021

Unrestricted upload of file with dangerous type vulnerability exists in ELECOM wireless LAN routers. A specially crafted file may be uploaded to the affected product by a logged-in user with an administrative privilege, resulting in an arbitrary OS command execution...

TOTOLINK LR1200GB 命令注入漏洞

The TOTOLINK LR1200GB is a wireless dual-band 4G LTE router from China's Gion Electronics TOTOLINK. The TOTOLINK LR1200GB version 9.3.1cu.2832 suffers from a command injection vulnerability that originates from the hosttime parameter in the NTPSyncWithHost function on the /cgi-bin/cstecgi.cgi pag...

Tenda FH1201 cmdinput Parameter Command Injection Vulnerability

The Tenda FH1201 is a wireless router from Tenda China. The Tenda FH1201 suffers from a command injection vulnerability, which originates from the cmdinput parameter at /goform/exeCommand failing to correctly filter constructed command special characters, commands, etc. This vulnerability can be...

TOTOLINK A6000R apcli_do_enr_pin_wps function command injection vulnerability

TOTOLINK A6000R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A6000R suffers from a command injection vulnerability that stems from the ifname parameter in the apclidoenrpinwps function failing to properly filter construct command special characters, commands, and so o...