D-Link DIR-845 安全漏洞

The D-Link DIR-845L is a wireless router from China-based AUO D-Link. The D-Link DIR-845L suffers from a command execution vulnerability that can be exploited by an attacker to execute arbitrary commands on the system by sending a specially crafted request...

Linksys E5600 安全漏洞

Linksys E5600 is a powerful, compact and reliable WiFi 5 router from Linksys USA. A command injection vulnerability exists in the Linksys E5600 v1.1.0.26, which stems from the failure of the PinCode parameter of the /API/info form endpoint to properly filter constructed command special characters...

CVE-2024-33793

netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary OS commands via a crafted payload to the ping test page...

NETGEAR RAX30 安全漏洞

The NETGEAR RAX30 is a wireless router from NETGEAR. The NETGEAR RAX30 suffers from a command injection vulnerability that stems from a command injection vulnerability when processing UPnP port mapping requests, which can be exploited by an attacker to execute arbitrary commands...

PT-2024-25484 · Netis Systems · Netis-Systems Mex605

Name of the Vulnerable Software and Affected Versions: netis-systems MEX605 version 2.00.06 Description: The issue allows attackers to execute arbitrary OS commands via a crafted payload to the "ping test page". Recommendations: For netis-systems MEX605 version 2.00.06, consider restricting acces...

CVE-2024-33792

netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary OS commands via a crafted payload to the tracert page...

The vulnerability of the svc_topstats utility in the operating environment for managing and maintaining data storage in the Dell Unity Operating Environment allows a perpetrator to execute arbitrary commands.

The vulnerability of the svctopstats utility in the operating environment for managing and maintaining data storage in the Dell Unity Operating Environment exists due to the lack of measures taken to neutralize special elements used in the operating system’s commands. Exploiting this vulnerabilit...

The vulnerability of the svc_cava utility in the operating system for managing and maintaining data storage in the Dell Unity Operating Environment allows a perpetrator to execute arbitrary commands.

The vulnerability of the svccav utility in the operating system responsible for managing and maintaining data storage in the Dell Unity Operating Environment exists due to the lack of measures taken to neutralize special elements used in the operating system’s commands. Exploiting this...

Mitel 6800 SIP 和 6900 SIP 安全漏洞

Mitel 6800 SIP and Mitel 6900 SIP are both products of Mitel Canada.Mitel 6800 SIP is a 6800 SIP series IP phone.Mitel 6900 SIP is a 6900 SIP series IP phone. A security vulnerability exists in the Mitel 6800 SIP and 6900 SIP that stems from insufficient boundary checking, and successful...

IBM WebSphere Automation 安全漏洞

IBM WebSphere Automation is an operations platform from International Business Machines IBM. automates operational activities to proactively reduce security risks and accelerate threat remediation. A security vulnerability exists in IBM WebSphere Automation version 1.7.0, which stems from imprope...

PT-2024-10976 · Oxwall · Oxwall

Name of the Vulnerable Software and Affected Versions: Oxwall version 1.8.7 Description: The issue allows an attacker to execute arbitrary commands via Phar deserialization or internal API server or via the url parameter. Recommendations: For Oxwall version 1.8.7, update to a version that fixes...

USN-6756-1 less vulnerability

It was discovered that less mishandled newline characters in file names. If a user or automated system were tricked into opening specially crafted files, an attacker could possibly use this issue to execute arbitrary commands on the host...

CVE-2024-1874

In PHP versions 8.1. before 8.1.28, 8.2. before 8.2.18, 8.3. before 8.3.5, when using procopen command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands ...

HGiga iSherlock 操作系统命令注入漏洞

HGiga iSherlock is a series of software products from China's HGiga Technology HGiga Company. HGiga iSherlock has an operating system command injection vulnerability, which originates from an operating system command injection vulnerability in the system configuration interface. An attacker can...

The vulnerability of the FortiSandbox threat detection and mitigation system arises from the lack of measures taken to neutralize special elements used in the operating system’s command set. This allows attackers to execute arbitrary commands.

The vulnerability of the FortiSandbox threat detection and mitigation system exists because measures are not taken to neutralize the special elements used in the operating system’s command set. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using specially...

The vulnerability of the FortiSandbox threat detection and mitigation system arises from the lack of measures taken to neutralize special elements used in the operating system’s command set. This allows attackers to execute arbitrary commands.

The vulnerability of the FortiSandbox threat detection and mitigation system exists because measures are not taken to neutralize the special elements used in the operating system’s command set. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using specially...

The vulnerability of the service com.webos.service.connectionmanager/tv/setVlanStaticAddress in the LG WebOS operating system allows a hacker to execute arbitrary commands on behalf of the dbus user.

The vulnerability of the service com.webos.service.connectionmanager/tv/setVlanStaticAddress in the LG WebOS operating system exists because measures to neutralize the special elements used in the operating system commands have not been taken. Exploiting this vulnerability allows a malicious acto...

The vulnerability of the getAudioMetadata method of the com.webos.service.attachedstoragemanager service in the LG WebOS operating system allows a hacker to execute arbitrary commands.

The vulnerability of the getAudioMetadata method in the com.webos.service.attachedstoragemanager service of the LG WebOS operating system exists because measures to neutralize the special elements used in the operating system commands have not been taken. Exploiting this vulnerability allows a...

Tenda AC7 Command Injection Vulnerability

Tenda AC7 is a 1200M dual-band wireless router designed for large households by Tenda Technology, which adopts the 802.11ac standard and supports dual-band concurrent transmission with a wireless rate of up to 1167Mbps. Tenda AC7 suffers from a command injection vulnerability that stems from the...

Tenda W30E Command Injection Vulnerability

Tenda W30E is an enterprise-grade wireless router designed for SOHO, small and micro business offices and small store networking, supporting Wi-Fi 6 technology. The Tenda W30E suffers from a command injection vulnerability that stems from the cmdinput parameter of the formexeCommand method failin...