Yifan YF325 Buffer Error Vulnerability

Yifan YF325 is a wireless router from Yifan. A security vulnerability exists in Yifan YF325 v1.020221108. An attacker can exploit this vulnerability to execute arbitrary commands...

Yifan YF325 httpd nvram.cgi authentication bypass vulnerability

Talos Vulnerability Report TALOS-2023-1762 Yifan YF325 httpd nvram.cgi authentication bypass vulnerability October 11, 2023 CVE Number CVE-2023-24479 SUMMARY An authentication bypass vulnerability exists in the httpd nvram.cgi functionality of Yifan YF325 v1.020221108. A specially crafted network...

Sangfor Next-Gen Application Firewall Operating System Command Injection Vulnerability

Sangfor Next-Gen Application Firewall Sangfor NGAF is an application firewall from China-based Sangfor. A security vulnerability exists in Sangfor Next-Gen Application Firewall NGAF version 8.0.17, which originates from an operating system command injection vulnerability. The vulnerability can be...

The vulnerability of the WS_FTP Server server, related to incorrect path name restrictions for the restricted access directory, allows attackers to circumvent security restrictions, gain unauthorized read, modify, or delete access to data, and execute arbitrary commands.

The vulnerability of the WSFTP Server server is related to incorrect restrictions on the path name to the restricted directory. Exploiting this vulnerability allows an attacker to bypass security restrictions, gain unauthorized read, edit, or delete access to data, and execute arbitrary commands...

The vulnerability of the Cisco Emergency Responder’s management and monitoring server, related to the use of rigidly encoded credentials, allows a attacker to execute arbitrary codes with root privileges.

The vulnerability of the Cisco Emergency Responder, a server for managing and monitoring emergency calls, lies in the use of rigidly encoded credentials. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary commands with root privileges...

The vulnerability of the wloggui interface of the Control Web Panel (CWP) application (formerly CentOS Web Panel) allows a malicious user to escalate their privileges and execute arbitrary commands.

The vulnerability of the wloggui interface of the Control Web Panel CWP application formerly CentOS Web Panel is related to the lack of measures taken to neutralize special elements. Exploiting this vulnerability can allow an attacker to enhance their privileges and execute arbitrary commands...

Dell SmartFabric Storage Software 操作系统命令注入漏洞

Dell SmartFabric Storage Software is a stand-alone storage software solution from Dell USA. Dell SmartFabric Storage Software suffers from an operating system command injection vulnerability that can be exploited by an attacker to execute arbitrary commands...

Dell SmartFabric Storage Software 访问控制错误漏洞

Dell SmartFabric Storage Software is a stand-alone storage software solution from Dell USA. Dell SmartFabric Storage Software suffers from an Access Control Error vulnerability that stems from an incorrect access control vulnerability contained in the CLI. An attacker could exploit this...

Newsletter Lite < 4.9.3 - Admin+ Command Injection

Description The plugin does not properly escape user-controlled parameters when they are appended to SQL queries and shell commands, which could enable an administrator to run arbitrary commands on the server. 1 Navigate to "Newsletters Configuration History & Emails Configuration"...

Dell SmartFabric Storage Software 操作系统命令注入漏洞

Dell SmartFabric Storage Software is a stand-alone storage software solution from Dell USA. Dell SmartFabric Storage Software suffers from an operating system command injection vulnerability that can be exploited by an attacker to execute arbitrary commands on the system...

The vulnerability in the web interface of the Cisco IOS XE operating system allows a hacker to execute arbitrary commands.

The vulnerability of the Cisco IOS XE operating system’s web interface is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows an attacker to execute arbitrary commands...

The vulnerability of the SolarWinds Orion Platform’s network monitoring software lies in the use of dangerous methods or functions, allowing a malicious actor to execute arbitrary commands with privileges of NETWORK SERVICE.

The vulnerability of the SolarWinds Orion Platform’s network monitoring software is related to the use of dangerous methods or functions. Exploiting this vulnerability could allow a hacker to execute arbitrary commands with privileges of NETWORK SERVICE...

The vulnerability in the /sysmanage/updateos.php script of the D-Link DAR-7000 router’s microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the /sysmanage/updateos.php script of the D-Link DAR-7000 router’s microprogramming system is related to the unlimited loading of dangerous files. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

OESA-2023-1694 ctags security update

Ctags generates an index or tag file of language objects found in source files that allows these items to be quickly and easily located by a text editor or other utility. A tag signifies a language object for which an index entry is available or, alternatively, the index entry created for that...

OESA-2023-1693 ctags security update

Ctags generates an index or tag file of language objects found in source files that allows these items to be quickly and easily located by a text editor or other utility. A tag signifies a language object for which an index entry is available or, alternatively, the index entry created for that...

The vulnerability of the D-LINK DIR-806 wireless router’s microprogramming software arises from the lack of measures taken to clean data at the control level, allowing attackers to execute arbitrary commands.

The vulnerability of the D-LINK DIR-806 wireless router’s microprogramming software is related to the lack of measures taken to clean data at the control level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

GHSA-9JFQ-54VC-9RR2 Foreman Transpilation Enables OS Command Injection

A command injection flaw was found in foreman. This flaw allows an authenticated user with admin privileges on the foreman instance to transpile commands through CoreOS and Fedora CoreOS configurations in templates, possibly resulting in arbitrary command execution on the underlying operating...

Command injection

A command injection flaw was found in foreman. This flaw allows an authenticated user with admin privileges on the foreman instance to transpile commands through CoreOS and Fedora CoreOS configurations in templates, possibly resulting in arbitrary command execution on the underlying operating...

CVE-2022-3874 Os command injection via ct_command and fcct_command

A command injection flaw was found in foreman. This flaw allows an authenticated user with admin privileges on the foreman instance to transpile commands through CoreOS and Fedora CoreOS configurations in templates, possibly resulting in arbitrary command execution on the underlying operating...

CVE-2022-3874 Os command injection via ct_command and fcct_command

A command injection flaw was found in foreman. This flaw allows an authenticated user with admin privileges on the foreman instance to transpile commands through CoreOS and Fedora CoreOS configurations in templates, possibly resulting in arbitrary command execution on the underlying operating...