The vulnerability of the user interface of the Edge Router microprogramming software for devices in the VMware SD-WAN Edge and VMware SD-WAN Orchestrator software platform for managing programmatically configurable networks allows a perpetrator to execute arbitrary commands.

The vulnerability of the Edge Router user interface of microprogramming software in VMware SD-WAN Edge and the VMware SD-WAN Orchestrator platform for managing programmatically configurable networks is related to the failure to eliminate special elements used in operating systems commands...

The vulnerability of the command-line interface (CLI) of Cisco IOS XE operating systems, which allows a attacker to execute arbitrary commands with root privileges

The vulnerability of the command-line interface CLI of Cisco IOS XE operating systems is related to insufficient validation of input data. Exploiting this vulnerability allows an attacker to execute arbitrary commands with root privileges...

CVE-2024-29433

A deserialization vulnerability in the FASTJSON component of Alldata v0.4.6 allows attackers to execute arbitrary commands via supplying crafted data...

ALLDATA 安全漏洞

ALLDATA is an online resource for automotive OEM information from ALLDATA, Inc. It provides diagnostic and repair information for vehicle manufacturers. A security vulnerability exists in ALLDATA version v0.4.6 that originated from allowing an attacker to run arbitrary commands via the processId...

FoF Pretty Mail 1.1.2 Command Injection Vulnerability

Exploit Title: FoF Pretty Mail 1.1.2 Extension for Flarum Command Injection Exploit Author: Chokri Hammedi Vendor Homepage: https://flarum.org/ Software Link: https://github.com/FriendsOfFlarum/pretty-mail Version: 1.1.2 Tested on: Windows XP CVE: N/A Description: The FoF Pretty Mail extension fo...

Dell vApp Manager Operating System Command Injection Vulnerability

Dell vApp Manager is a virtual application manager from Dell USA. An operating system command injection vulnerability exists in Dell vApp Manager versions prior to 9.2.4.9, which can be exploited by an attacker to execute arbitrary commands on the system...

PT-2024-22895 · Alldata · Alldata

Name of the Vulnerable Software and Affected Versions: Alldata version 0.4.6 Description: An issue in Alldata allows an attacker to run arbitrary commands via the processId parameter. Recommendations: For Alldata version 0.4.6, avoid using the processId parameter until a fix is available. As a...

FoF Pretty Mail 1.1.2 Command Injection

Exploit Title: FoF Pretty Mail 1.1.2 Extension for Flarum Command Injection Date: 03/28/2024 Exploit Author: Chokri Hammedi Vendor Homepage: https://flarum.org/ Software Link: https://github.com/FriendsOfFlarum/pretty-mail Version: 1.1.2 Tested on: Windows XP CVE: N/A Description: The FoF Pretty...

CVE-2024-28007

Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX-MS, WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP,...

CVE-2024-28012

Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX-MS, WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP,...

CVE-2024-28014

Stack-based Buffer Overflow vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX-MS, WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800H...

CVE-2024-28007

Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX-MS, WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP,...

CVE-2024-28007

Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX-MS, WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP,...

TP-LINK AX1500 操作系统命令注入漏洞

The TP-LINK AX1500 is a modem from China P&L TP-LINK. The TP-LINK AX1500 suffers from an operating system command injection vulnerability that arises from an improper neutralization of special elements used in operating system commands, which can be exploited by an attacker to cause arbitrary...

NEC Aterm 安全漏洞

The NEC Aterm is a series of wireless routers from Nippon Electric NEC. A security vulnerability exists in NEC Aterm that originates from allowing an attacker to execute arbitrary commands with root privileges over the Internet. The following products and versions are affected: WG1800HP4,...

D-Link DIR-845L Command Injection Vulnerability

The D-Link DIR-845 is a wireless router from China-based AUO D-Link. A command injection vulnerability exists in D-Link DIR-845L v1.01KRb03 and earlier versions, which stems from a failure to properly filter construct command special characters, commands, etc. in cgibin binaries. An attacker can...

Multiple vulnerabilities in home gateway HGW BL1500HM

Overview Home gateway HGW BL1500HM provided by KDDI CORPORATION contains multiple vulnerabilities listed below. Use of weak credentials CWE-1391 - CVE-2024-21865, CVE-2024-29071 Command injection CWE-77 - CVE-2024-28041 Chuya Hayakawa of 00One, Inc. reported these vulnerabilities to JPCERT/CC...

CVE-2024-28041

HGW BL1500HM Ver 002.001.013 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary command...

Metasploit Weekly Wrap-Up 03/22/2024

New module content 1 OpenNMS Horizon Authenticated RCE Author: Erik Wynter Type: Exploit Pull request: 18618 contributed by ErikWynter Path: linux/http/opennmshorizonauthenticatedrce AttackerKB reference: CVE-2023-0872 Description: This module exploits built-in functionality in OpenNMS Horizon in...

D-Link DIR-845L 安全漏洞

The D-Link DIR-845 is a wireless router from China-based AUO D-Link. A command injection vulnerability exists in D-Link DIR-845L v1.01KRb03 and earlier versions, which stems from a failure to properly filter construct command special characters, commands, etc. in cgibin binaries. An attacker can...