Juplink RX4-1500 Command Injection Vulnerability

Juplink RX4-1500 is a wireless router from Juplink. A security vulnerability exists in the Juplink RX4-1500 Wifi router that originates from a command injection vulnerability in the homemng.htm endpoint. An attacker can exploit the vulnerability by sending a specially crafted request to execute...

The vulnerability of the microprogramming software of Advantech EKI-1524, EKI-1522, and EKI-1521 allows a perpetrator to execute arbitrary commands.

The vulnerability of microprogrammed software in the serial interface servers of Advantech EKI-1524, EKI-1522, and EKI-1521 exists due to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to...

D-LINK DWL-6610 Command Injection Vulnerability

The D-Link DWL-6610 is a wireless access point from D-Link. A security vulnerability exists in the D-LINK DWL-6610, which originates from a command injection vulnerability in the function pcapdownloadhandler. An attacker can use this vulnerability to execute arbitrary commands via the...

CVE-2023-41179

A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One on-prem and SaaS, Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation. Note that a...

CVE-2023-35850

SUNNET WMPro portal's file management function has a vulnerability of insufficient filtering for user input. A remote attacker with administrator privilege or a privileged account can exploit this vulnerability to inject and execute arbitrary system commands to perform arbitrary system operations...

ASUS RT-AX55 Command Injection Vulnerability

The ASUS RT-AX55 is a dual-band Wi-Fi router from the Chinese company ASUS. A command injection vulnerability exists in ASUS RT-AX55 version v3.0.0.4.386.51598, which stems from the application failing to properly filter construct command special characters, commands, etc. An attacker can exploit...

CVE-2023-23840

The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges...

CVE-2023-23845 SolarWinds Platform Exposed Dangerous Method Vulnerability

The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges...

SolarWinds Platform Security Vulnerability

SolarWinds Platform is a unified monitoring, observability, and service management platform from U.S.-based SolarWinds, Inc. A security vulnerability exists in SolarWinds Platform that originates from allowing a user with administrative privileges to the SolarWinds Web console to execute arbitrar...

Microsoft Windows Multiple Vulnerabilities (KB5030211)

This host is missing an important security update according to Microsoft KB5030211 SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

The vulnerability of the Apache Hadoop distributed development and execution platform, related to privilege management errors, allows a perpetrator to execute arbitrary commands with superuser privileges.

The vulnerability of the Apache Hadoop distributed development and execution platform is related to privilege management errors. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands with superuser privileges remotely...

Oracle Linux 8 : firefox (ELSA-2020-0820)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-0820 advisory. 68.6.0-1.0.1.el81 - Rebuild to pickup Oracle default bookmarks Orabug: 30069264 - Add firefox-oracle-default-prefs.js and remove the corresponding Red...

CVE-2023-41149

F-RevoCRM version7.3.7 and version7.3.8 contains an OS command injection vulnerability. If this vulnerability is exploited, an attacker who can access the product may execute an arbitrary OS command on the server where the product is running...

CVE-2023-40531

Archer AX6000 firmware versions prior to 'Archer AX6000JPV11.3.0 Build 20221208' allows a network-adjacent authenticated attacker to execute arbitrary OS commands...

D-Link DAR-8000 OS Command Injection Vulnerability

D-Link DAR-8000 is the Internet Behavior Audit Gateway from China AUO D-Link. The D-Link DAR-8000-10 suffers from an operating system command injection vulnerability that originates from the file parameter of /log/decodmail.php failing to correctly filter constructed command special characters,...

Thinkreed F-RevoCRM Operating System Command Injection Vulnerability

Thinkreed F-RevoCRM is an open source customer relationship management software from Thinkreed Japan. A security vulnerability exists in Thinkreed F-RevoCRM that stems from the ability to execute any command on the operating system where F-RevoCRM operates...

The vulnerability of the Python library for interacting with git repositories, GitPython, allows a hacker to execute arbitrary commands.

The vulnerability of the Python library for interacting with git repositories, GitPython, is related to the use of an unreliable search path. Exploiting this vulnerability allows an attacker to execute arbitrary commands...

The vulnerability of the btm_ble_gap.cc component in the Android operating system allows a hacker to execute arbitrary commands and gain access to information.

The vulnerability of the btmblegap.cc component in the Android operating system is related to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability allows an attacker to execute arbitrary commands and gain access to sensitive information...

The vulnerability of the MXSecurity software platform for managing security in industrial networks lies in its failure to protect the SQL query structure. This allows attackers to execute arbitrary commands and gain unauthorized access to protected information.

The vulnerability of the MXSecurity software platform for managing security in industrial networks stems from the lack of protective measures for SQL query structures. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands and gain unauthorized access to protected...

CVE-2023-1523

Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap sandbox after the snap exits. Graphical terminal emulators like xterm, gnome-terminal and others...