CVE-2023-3527 Avaya Call Management System CSV injection vulnerability

A CSV injection vulnerability was found in the Avaya Call Management System CMS Supervisor web application which allows a user with administrative privileges to input crafted data which, when exported to a CSV file, may attempt arbitrary command execution on the system used to open the file by a...

1Panel 操作系统命令注入漏洞

1Panel is an open source Linux server operations and management panel for the Chinese 1panel community. Operating system command injection vulnerability exists in versions prior to 1Panel 1.4.3. The vulnerability stems from the presence of an operating system command injection vulnerability, whic...

CVE-2023-37568

ELECOM wireless LAN routers WRC-1167GHBK-S v1.03 and earlier, and WRC-1167GEBK-S v1.03 and earlier allow a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page...

Command injection

Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A v1.24 and...

CVE-2023-37568

ELECOM wireless LAN routers WRC-1167GHBK-S v1.03 and earlier, and WRC-1167GEBK-S v1.03 and earlier allow a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page...

CVE-2023-37567

Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a remote unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port of the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A...

ELECOM WRC 命令注入漏洞

ELECOM WRC is a home-ready IP camera from ELECOM Japan. Command injection vulnerability exists in ELECOM WRC-1167FEBK-A v1.18 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167GHBK-S v1.03 and earlier, WRC-1167GHBK3-A v1.24 and earlier, which originates from the presence of a command injecti...

Arbitrary command execution on Windows

Description Opening files from an untrusted directory can lead to execution of arbitrary commands on Windows systems, this is possible by having a malicious file with the same name as a trusted executable, Windows gives priority to the current directory when searching for executables. Several...

The vulnerability of the microprogramming software used in STARDOM FCJ, FCN-100, FCN-RTU, and FCN-500 programmable logic controllers allows a intruder to execute arbitrary code.

The vulnerability of Yokogawa STARDOM FCJ, FCN-100, FCN-RTU, and FCN-500 controllers is related to the use of rigidly encoded account data. Exploiting this vulnerability allows a malicious actor, who has not undergone identity verification, to execute arbitrary commands...

CVE-2023-24582

Two OS command injection vulnerabilities exist in the urvpnclient cmdnameaction functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This OS command injectio...

Command injection

Two OS command injection vulnerabilities exist in the urvpnclient cmdnameaction functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This OS command injectio...

CVE-2023-24582

Two OS command injection vulnerabilities exist in the urvpnclient cmdnameaction functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This OS command injectio...

CVE-2023-24583

Two OS command injection vulnerabilities exist in the urvpnclient cmdnameaction functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This OS command injectio...

CVE-2023-24582

Two OS command injection vulnerabilities exist in the urvpnclient cmdnameaction functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This OS command injectio...

Milesight UR32L 操作系统命令注入漏洞

The Milesight UR32L is a 4G industrial router from China's Milesight. A command injection vulnerability exists in the Milesight UR32L vtyshubus tcpdumpstartcb function, which can be exploited by an attacker to execute arbitrary commands on the system...

Milesight UR32L 操作系统操作系统命令注入漏洞

The Milesight UR32L is a 4G industrial router from China's Milesight. A command injection vulnerability exists in the Milesight UR32L ysthirdparty userdelete function, which can be exploited by an attacker to execute arbitrary commands on the system...

Milesight UR32L 操作系统命令注入漏洞

The Milesight UR32L is a 4G industrial router from China's Milesight. The Milesight UR32L vtyshubus toolshexcute.constprop.1 feature suffers from a command injection vulnerability that can be exploited by an attacker to execute arbitrary commands on the system...

Milesight UR32L 命令注入漏洞

The Milesight UR32L is a 4G industrial router from China's Milesight. A command execution vulnerability exists in the Milesight UR32L urvpnclient cmdnameaction function, which can be exploited by an attacker to execute arbitrary commands on the system...

Milesight UR32L 操作系统命令注入漏洞

The Milesight UR32L is a 4G industrial router from China's Milesight. A command injection vulnerability exists in the Milesight UR32L ysthirdparty systemuserscript function, which can be exploited by an attacker to execute arbitrary commands on the system...

Milesight UR32L 命令注入漏洞

The Milesight UR32L is a 4G industrial router from China's Milesight. A command injection vulnerability exists in the Milesight UR32L libzebra.so bridgegroup function, which can be exploited by an attacker to execute arbitrary commands on the system...