7632 matches found
TP-LINK AC1350 and N300 Command Injection Vulnerability
The TP-LINK AC1350/N300 is a router from China P&L TP-LINK. The TP-LINK AC1350 and TP-LINK N300 suffer from a command injection vulnerability that stems from the tddpd enabletestmode function failing to correctly filter constructed command special characters, commands, and so on. An attacker can...
Multiple vulnerabilities in a-blog cms
Overview a-blog cms provided by appleple inc. contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability in Entry editing pages CWE-79 - CVE-2024-30419 Server-side request forgery CWE-918 - CVE-2024-30420 Directory traversal CWE-22 - CVE-2024-31394 Stored cross-site...
NETGEAR R6850 c4-IPAddr Parameter Command Injection Vulnerability
The NETGEAR R6850 is a wireless router from NETGEAR. The NETGEAR R6850 suffers from a command injection vulnerability that stems from the c4-IPAddr parameter failing to properly filter constructed command special characters, commands, and so on. An attacker can exploit this vulnerability to cause...
NETGEAR R6850 ntp_server Parameter Command Injection Vulnerability
The NETGEAR R6850 is a wireless router from NETGEAR. The NETGEAR R6850 suffers from a command injection vulnerability that stems from the ntpserver parameter failing to properly filter constructed command special characters, commands, and so on. An attacker can exploit this vulnerability to cause...
CVE-2024-29269
CVE-2024-29269 affects Telesquare TLR-2005KSH routers (versions 1.0.0 and 1.1.4). The issue allows an attacker to execute arbitrary system commands via the Cmd parameter, enabling remote command execution and potential full device compromise. The connected sources describe the vulnerability as an...
CVE-2024-29269
An issue discovered in Telesquare TLR-2005Ksh 1.0.0 and 1.1.4 allows attackers to run arbitrary system commands via the Cmd parameter...
csmock 安全漏洞
csmock is a tool automation approach to scanning SRPMs through static analysis tools by csutils open source. A security vulnerability exists in csmock. An attacker exploited the vulnerability to execute arbitrary commands against OSH staff...
PT-2024-18641 · Unknown · Mudler/Localai
Name of the Vulnerable Software and Affected Versions: mudler/localai versions prior to v2.10.0 Description: A command injection issue exists in the TranscriptEndpoint of mudler/localai, specifically within the audioToWav function used for converting audio files to WAV format for transcription. T...
Multiple programming languages fail to escape arguments properly in Microsoft Windows
Overview Various programming languages lack proper validation mechanisms for commands and in some cases also fail to escape arguments correctly when invoking commands within a Microsoft Windows environment. The command injection vulnerability in these programming languages, when running on Window...
CVE-2023-49134
A command execution vulnerability exists in the tddpd enabletestmode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point EAP115 V4 v5.0.4 Build 20220216. A specially crafted series of network requests can lea...
CVE-2023-49133
A command execution vulnerability exists in the tddpd enabletestmode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point EAP115 V4 v5.0.4 Build 20220216. A specially crafted series of network requests can lea...
CVE-2023-49134
A command execution vulnerability exists in the tddpd enabletestmode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point EAP115 V4 v5.0.4 Build 20220216. A specially crafted series of network requests can lea...
CVE-2023-49134
The CVE-2023-49134 entry is associated with TP-Link AC1350 (EAP225 V3) and N300 (EAP115 V4) devices and is substantiated by TALOS-2023-1862. A command-execution vulnerability exists in the tddpd enable_test_mode function. When the TDDP service (UDP-based) is accessible during the initial runtime ...
CVE-2023-49134
A command execution vulnerability exists in the tddpd enabletestmode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point EAP115 V4 v5.0.4 Build 20220216. A specially crafted series of network requests can lea...
CVE-2023-49133
A command execution vulnerability exists in the tddpd enabletestmode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point EAP115 V4 v5.0.4 Build 20220216. A specially crafted series of network requests can lea...
CVE-2023-49133
The CVE-2023-49133 family affects TP-Link AC1350 (EAP225 V3) and N300 (EAP115 V4) devices via the tddpd enable_test_mode function exposed over the TP-Link Device Debug Protocol (TDDP). Talos documents a command-execution path: unauthenticated network requests trigger enable_test_mode, which can f...
TP-LINK AC1350 命令注入漏洞
The TP-LINK AC1350/N300 is a router from China P&L TP-LINK. The TP-LINK AC1350 and TP-LINK N300 suffer from a command injection vulnerability that stems from the tddpd enabletestmode function failing to correctly filter constructed command special characters, commands, and so on. An attacker can...
TP-LINK AC1350 命令注入漏洞
The TP-LINK AC1350/N300 is a router from China P&L TP-LINK. A security vulnerability exists in the TP-LINK AC1350/N300, which can be exploited by an attacker to cause arbitrary commands to be executed via a series of specially crafted network requests...
PT-2024-13917 · Hcl · Hcl Dryice Myxalytics
Name of the Vulnerable Software and Affected Versions: HCL DRYiCE MyXalytics affected versions not specified Description: The issue is related to an insecure SQL interface, which could allow an attacker to execute custom SQL queries, including modifying system configurations. A malicious user can...
The vulnerability of the JuiceFSRuntime orchestrator environment for distributed data sets and the open-source Kubernetes accelerator for applications with intensive data processing in Fluid, allows attackers to execute arbitrary commands.
The vulnerability of the JuiceFSRuntime orchestrator for distributed data sets and the open-source Kubernetes accelerator for applications with intensive data processing exists due to the lack of measures taken to eliminate special elements used in the operating system command set. Exploiting thi...