Danfoss AK-SM800A 安全漏洞

Danfoss AK-SM800A is a system manager from Danfoss, Denmark. Provides secure system control and monitoring A security vulnerability exists in Danfoss AK-SM800A 3.3 and earlier versions that originates from improper input validation and can be exploited by an attacker to execute arbitrary commands...

PT-2023-20360 · Danfoss · Ak-Sm800A +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: Due to improper input validation, an authenticated remote attacker could execute arbitrary commands on the target system. The issue allows for the...

CVE-2023-40069

CVE-2023-40069 affects ELECOM WRC-F1167ACF, WRC-1750GHBK, WRC-1167GHBK2, WRC-1750GHBK2-I, and WRC-1750GHBK-E all versions. It is an OS command injection vulnerability in ELECOM wireless LAN routers allowing an attacker who can access the product to execute arbitrary OS commands by sending a speci...

CVE-2023-32626

Hidden functionality vulnerability in LAN-W300N/RS all versions, and LAN-W300N/PR5 all versions allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands...

PT-2023-5419 · Foreman +1 · Foreman +1

Name of the Vulnerable Software and Affected Versions: foreman affected versions not specified Description: A command injection flaw was found in foreman, allowing an authenticated user with admin privileges on the foreman instance to transpile commands through CoreOS and Fedora CoreOS...

The vulnerability of the fetch_docker_image() function in the automation tool for software analysis, ScanCode.io, allows a hacker to execute arbitrary commands.

The vulnerability of the fetchdockerimage function in the automation tool for software analysis, ScanCode.io, is related to the lack of protective measures taken for the structure of the web page during the processing of the dockerreference parameter. Exploiting this vulnerability allows a remote...

CVE-2023-31209

Improper neutralization of active check command arguments in Checkmk 2.1.0p32, 2.0.0p38, 2.2.0p4 leads to arbitrary command execution for authenticated users...

CVE-2023-31209 Command injection via active checks and REST API

Improper neutralization of active check command arguments in Checkmk 2.1.0p32, 2.0.0p38, 2.2.0p4 leads to arbitrary command execution for authenticated users...

CVE-2023-31209

CVE-2023-31209 affects Checkmk before patch versions: 2.1.0p32, 2.0.0p38, and 2.2.0p4. Improper neutralization of active check command arguments enables arbitrary command execution for authenticated users. CVSS shows network access, low privileges, and high impact across confidentiality, integrit...

ScienceLogic SL1 操作系统命令注入漏洞

ScienceLogic SL1 is an application from ScienceLogic, Inc. Connect your real estate together to automate multidirectional data flow and workflow. A command execution vulnerability exists in ScienceLogic SL1 11.1.2 and earlier versions, which stems from a failure of the Ticket Report Generation...

ScienceLogic SL1 操作系统命令注入漏洞

ScienceLogic SL1 is an application from ScienceLogic, Inc. Connect your real estate together to automate multidirectional data flow and workflow. A command execution vulnerability exists in ScienceLogic SL1 11.1.2 and earlier versions, which stems from dash export failing to properly filter...

Citrix ADC nsppe buffer overflow

Added: 08/09/2023 CVE: CVE-2023-3519 Background Citrix ADC formerly NetScaler ADC is an application delivery and load balancing platform. Problem A buffer overflow vulnerability in the nsppe process in Citrix ADC allows an unauthenticated attacker to execute arbitrary commands by making a special...

Microsoft Windows Multiple Vulnerabilities (KB5017328)

This host is missing an important security update according to Microsoft KB5017328 SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

Microsoft Windows Multiple Vulnerabilities (KB5021255)

This host is missing an important security update according to Microsoft KB5021255 SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

CVE-2023-33376

Connected IO v2.1.0 and prior has an argument injection vulnerability in its iptables command message in its communication protocol, enabling attackers to execute arbitrary OS commands on devices...

ReyeeOS 1.204.1614 Code Execution / Man-In-The-Middle

Exploit Title: ReyeeOS 1.204.1614 - MITM Remote Code Execution RCE Google Dork: None Date: July 31, 2023 Exploit Author: Riyan Firmansyah of Seclab Vendor Homepage: https://ruijienetworks.com Software Link: https://www.ruijienetworks.com/support/documents/slideEW1200G-PRO-Firmware-B11P204 Version...

The vulnerability of the web interface of the microprogramming software for routing and switching platforms RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, and RUGGEDCOM ROX RX1400 allows attackers to enhance their privileges and execute arbitrary commands.

The vulnerability of the web interface of microprogramming software for routing and switching platforms RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, and RUGGEDCOM ROX RX1400 stems from the lack of measures to neutralize special elements used in the operating system’s processing of the...

The vulnerability of the web interface of the microprogramming software for routing and switching platforms RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, and RUGGEDCOM ROX RX1400 allows attackers to enhance their privileges and execute arbitrary commands.

The vulnerability of the web interface of microprogramming software for routing and switching platforms RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, and RUGGEDCOM ROX RX1400 lies in the lack of measures to neutralize special elements used in the operating system’s processing of the upgrade-app U...

The vulnerability of the web interface of the microprogramming software for routing and switching platforms RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, and RUGGEDCOM ROX RX1400 allows attackers to enhance their privileges and execute arbitrary commands.

The vulnerability of the web interface of microprogramming software for routing and switching platforms RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, and RUGGEDCOM ROX RX1400 stems from the lack of measures to neutralize special elements used in the operating system’s processing of the SCEP CA...

The vulnerability of the web interface of the microprogramming software for routing and switching platforms RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, and RUGGEDCOM ROX RX1400 allows attackers to enhance their privileges and execute arbitrary commands.

The vulnerability of the web interface of microprogramming software for routing and switching platforms RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, and RUGGEDCOM ROX RX1400 lies in the lack of measures to neutralize special elements used in the operating system’s command for handling the...