AIX is vulnerable to arbitrary command execution due to invscout

IBM SECURITY ADVISORY First Issued: Thu Nov 30 10:49:53 CST 2023 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/invscoutadvisory5.asc Security Bulletin: AIX is vulnerable to arbitrary command execution due to invscout CVE-2023-45168...

TOTOLINK X6000R 安全漏洞

TOTOLINK X6000R is a wireless router from China's Gion Electronics TOTOLINK. A command execution vulnerability exists in the TOTOLINK X6000R version V9.4.0cu.852B20230719, which stems from the failure of the formEnable parameter of the sub4119A0 function to correctly filter the construct command...

PT-2023-7631 · Totolink · Totolink X6000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK X6000R version V9.4.0cu.852 B20230719 Description: The issue exists due to the lack of neutralization of special elements used in the operating system command. This allows a remote attacker to execute arbitrary commands. The sub 4119...

The vulnerability of the microprogramming software for Quantum HD Unity Compressor, Quantum HD Unity AcuAir, Quantum HD Unity, Quantum HD Unity Engine Room, and Quantum HD Unity Interface allows a perpetrator to execute arbitrary commands.

The vulnerability of Microprogrammed Software for Quantum HD Unity Compressor, Quantum HD Unity AcuAir, Quantum HD Unity, Quantum HD Unity Engine Room, and Quantum HD Unity Interface exists due to the improper activation of debugging modes for certain services. Exploiting this vulnerability allow...

CVE-2023-48646

Zoho ManageEngine RecoveryManager Plus before 6070 allows admin users to execute arbitrary commands via proxy settings...

CVE-2023-6157 Livestatus injection in ajax_search

Improper neutralization of livestatus command delimiters in ajaxsearch in Checkmk = 2.0.0p39, 2.1.0p37, and 2.2.0p15 allows arbitrary livestatus command execution for authorized users...

PT-2023-32548 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions prior to 2.0.0p39 Checkmk versions prior to 2.1.0p37 Checkmk versions prior to 2.2.0p15 Description: The issue is related to the improper neutralization of livestatus command delimiters in the availability timeline, allowing...

CVE-2023-39544

CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command...

CVE-2023-39545

CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command...

CVE-2023-39544

CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command...

Command injection

CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command...

CVE-2023-39548

Summary of CVE-2023-39548 : NEC’s CLUSTERPRO X and EXPRESSCLUSTER X (including SingleServerSafe variants) versions 5.1 and earlier are affected. Affects the Web/UI login flow, enabling an attacker who can access the product to log in and may execute arbitrary commands after authentication. Public...

CVE-2023-39547

CVE-2023-39547 affects NEC ClusterPROX/EXPRESSCLUSTER X products: CLUSTERPRO X Ver5.1 and earlier, EXPRESSCLUSTER X 5.1 and earlier, and their SingleServerSafe variants (5.1 and earlier). The root issue is an authentication bypass that allows an attacker who can log in to the product to execute a...

CVE-2023-39546

CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command...

CVE-2023-39546

CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command...

CVE-2023-39546

CVE-2023-39546 affects NEC EXPRESSCLUSTER X and CLUSTERPRO X products (including SingleServerSafe) version 5.1 and earlier. The vulnerability allows an authenticated attacker to log in and may execute an arbitrary command on the affected WebUI/WebManager interfaces, as described across multiple s...

CVE-2023-39545

CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command...

CVE-2023-39544

CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command...

CVE-2023-39544

CVE-2023-39544 affects NEC EXPRESSCLUSTER X and CLUSTERPRO X families (including SingleServerSafe variants) versions 5.1 and earlier. The vulnerability enables an attacker who can log in to the product to execute arbitrary commands on the affected system. Public reports from multiple sources corr...

CVE-2023-39544

CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command...