CVE-2024-21782 BIG-IP and BIG-IQ secure copy vulnerability

BIG-IP or BIG-IQ Resource Administrators and Certificate Managers who have access to the secure copy scp utility but do not have access to Advanced shell bash can execute arbitrary commands with a specially crafted command string. This vulnerability is due to an incomplete fix for CVE-2020-5873...

F5 BIG-IP and F5 BIG-IQ Security Vulnerabilities

F5 BIG-IP and F5 BIG-IQ are both products of F5 Corporation, U.S.A. F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, load balancing, etc. F5 BIG-IQ is a software-based cloud management solution. The solution supports the...

Vulnerability of QuTS hero, QTS, and QuTScloud network devices: commands that allow attackers to execute arbitrary commands

The vulnerability of the QuTS hero, QTS, and QuTScloud network devices from operating systems is related to the possibility of executing commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

SAP IDES 操作系统命令注入漏洞

SAP IDES Systems is an interactive presentation and education system from SAP. A security vulnerability exists in SAP IDES Systems, which can be exploited by a remote attacker to submit a special request that can inject code to execute arbitrary code in the context of the application...

VulnCheck KEV: CVE-2023-7311

BYTEVALUE Intelligent Flow Control Router contains a command injection vulnerability via the /goform/webRead/open endpoint. The path parameter is not properly validated and is echoed into a shell context, allowing an attacker to inject and execute arbitrary shell commands on the device...

CVE-2023-49716

CVE-2023-49716 affects Emerson Rosemount GC370XA, GC700XA, and GC1500XA gas chromatographs. It allows an authenticated user with network access to run arbitrary commands from a remote computer due to command injection in the affected software/firmware (versions 4.1.5 and earlier per ICS/EMERSON a...

The vulnerability of the sprintf function in D-LINK GO-RT-AC750 router software allows a hacker to execute arbitrary commands.

The vulnerability of the sprintf function in D-LINK GO-RT-AC750 router microprogramming software is related to writing beyond the buffer boundaries. Exploiting this vulnerability can allow a remote attacker to execute arbitrary commands...

The vulnerability of the PayDroid operating system arises from insufficient validation of input data, allowing attackers to execute arbitrary commands.

The vulnerability of the PayDroid operating system exists due to insufficient checks on input data. Exploiting this vulnerability allows a hacker to execute arbitrary commands...

The vulnerability of the PayDroid operating system arises from insufficient validation of input data, allowing attackers to execute arbitrary commands.

The vulnerability of the PayDroid operating system exists due to insufficient checks on input data. Exploiting this vulnerability allows a hacker to execute arbitrary commands...

UBUNTU-CVE-2024-20328

A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application service account.The vulnerability is due to unsafe handling of file names. A local attacker could exploit this vulnerability by supplying a file nam...

EulerOS 2.0 SP5 : python-pygments (EulerOS-SA-2024-1162)

According to the versions of the python-pygments package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The FontManager.getnixfontpath function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrar...

CVE-2023-43482

A command execution vulnerability exists in the guest resource functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this...

Fortinet FortiSIEM 操作系统命令注入漏洞

Fortinet FortiSIEM is a suite of security information and event management systems from the American company Fiat Fortinet. The system includes features such as asset discovery, workflow automation and unified management. Fortinet FortiSIEM suffers from an operating system command injection...

TOTOLINK A3300R setPortForwardRules Method Command Injection Vulnerability

TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R version V17.0.0cu.557B20221024, which stems from the enable parameter of the setPortForwardRules method failing to correctly filter construct command specia...

TOTOLINK A3300R setWiFiAclRules method command injection vulnerability

TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R version V17.0.0cu.557B20221024, which stems from the desc parameter of the setWiFiAclRules method failing to correctly filter the construct command special...

TOTOLINK A3300R setParentalRules method command injection vulnerability

The TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R version V17.0.0cu.557B20221024, which stems from the enable parameter of the setParentalRules method failing to correctly filter construct command speci...

The vulnerability in the web interface for controlling microprogrammed software-based network storage devices Zyxel NAS326 and NAS542 allows a perpetrator to execute arbitrary commands.

The vulnerability of the web interface for managing Zyxel NAS326 and NAS542 micro-programming systems exists due to the failure to take measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary comman...

TOTOLINK A3300R setUrlFilterRules Method Command Injection Vulnerability

TOTOLINK A3300R is a dual-band wireless router manufactured by China's Gion Electronics TOTOLINK, mainly used for home and small network environments. The TOTOLINK A3300R suffers from a command injection vulnerability that stems from the url parameter of the setUrlFilterRules method failing to...

CVE-2023-6078

An OS Command Injection vulnerability exists in BIOVIA Materials Studio products from Release BIOVIA 2021 through Release BIOVIA 2023. Upload of a specially crafted perl script can lead to arbitrary command execution...

CVE-2023-6078 OS Command Injection vulnerability affecting BIOVIA Materials Studio products from Release BIOVIA 2021 through Release BIOVIA 2023

An OS Command Injection vulnerability exists in BIOVIA Materials Studio products from Release BIOVIA 2021 through Release BIOVIA 2023. Upload of a specially crafted perl script can lead to arbitrary command execution...