Milesight UR32L 命令注入漏洞

The Milesight UR32L is a 4G industrial router from China's Milesight. A command injection vulnerability exists in the Milesight UR32L libzebra.so bridgegroup function, which can be exploited by an attacker to execute arbitrary commands on the system...

CVE-2023-27198

PAX A930 device with PayDroid7.1.1VirgoV04.5.0220220722 can allow the execution of arbitrary commands by using the exec service and including a specific word in the command to be executed. The attacker must have physical USB access to the device in order to exploit this vulnerability...

PAX Technology A930 操作系统命令注入漏洞

PAX Technology A930 is an Android mobile payment terminal from PAX Technology China. A security vulnerability exists in the PAX Technology A930 PayDroid7.1.1VirgoV04.5.0220220722 version, which originates from allowing arbitrary commands to be executed by using the exec service and including...

Aruba Networks ArubaOS 命令注入漏洞

Aruba Networks ArubaOS is an operating system for Aruba Mobility-Defined Networks, including Mobility Controllers and Mobility Access Switches, from Aruba Networks, Inc. Aruba Networks ArubaOS suffers from a command injection vulnerability that originates from an authenticated command injection i...

PT-2023-20999 · Pax · Pax A930 +1

Name of the Vulnerable Software and Affected Versions: PAX A930 device with PayDroid version 7.1.1 Virgo V04.5.02 20220722 Description: The issue allows the execution of arbitrary commands by using the exec service and including a specific word in the command to be executed. The attacker must hav...

IKuai OS Command Injection Vulnerability

IKuai OS is an operating system from the Chinese company IKuai. It provides a powerful set of gateways, DPI-based traffic shaping, AC control, and portal authentication features that can increase capital efficiency by reducing initial installation costs. IKuai OS version 3.7.1 suffers from a...

PT-2023-24189 · Igor Pavlov · 7-Zip

Name of the Vulnerable Software and Affected Versions: 7-Zip versions prior to 23.01 Description: A vulnerability arises out of a failure to comprehensively sanitize the processing of a zip files. Incomplete neutralization of external commands used to control the process execution of the .zip...

IKuai OS 命令注入漏洞

IKuai OS is an operating system from the Chinese company IKuai. It provides a powerful set of gateways, DPI-based traffic shaping, AC control, and portal authentication features that can increase capital efficiency by reducing initial installation costs. IKuai OS version 3.7.1 suffers from a...

IBM Security Directory Suite VA Operating System Command Injection Vulnerability

IBM Security Directory Suite is a scalable, standards-based identity platform from International Business Machines IBM that simplifies identity and directory management. An operating system command injection vulnerability exists in IBM Security Directory Suite VA, which can be exploited by an...

CVE-2023-27396

FINS Factory Interface Network Service is a message communication protocol, which is designed to be used in closed FA Factory Automation networks, and is used in FA networks composed of OMRON products. Multiple OMRON products that implement FINS protocol contain following security issues --...

Netskope 路径遍历漏洞

Netskope is a threat protection gateway for cloud environments from Netskope Corporation. A security vulnerability exists in Netskope client versions prior to R100. An attacker can exploit this vulnerability to execute arbitrary commands...

D-Link DIR-600 Command Injection Vulnerability

The D-Link DIR-600 is a wireless router from China's AUO D-Link. The D-Link DIR-600 suffers from a command injection vulnerability that stems from the ST parameter in the lxmldbcsystem function failing to properly filter construct command special characters, commands, and so on. An attacker can...

CVE-2023-30766

Hidden functionality issue exists in KB-AHR series and KB-IRIP series. If this vulnerability is exploited, an arbitrary OS command may be executed on the product or the device settings may be altered. Affected products and versions are as follows: KB-AHR04D versions prior to 91110.1.101106.78,...

CVE-2023-30764

OS command injection vulnerability exists in KB-AHR series and KB-IRIP series. If this vulnerability is exploited, an arbitrary OS command may be executed on the product or the device settings may be altered. Affected products and versions are as follows: KB-AHR04D versions prior to...

CVE-2023-30762

Improper authentication vulnerability exists in KB-AHR series and KB-IRIP series. If this vulnerability is exploited, an arbitrary OS command may be executed on the product or the device settings may be altered. Affected products and versions are as follows: KB-AHR04D versions prior to...

CVE-2023-30764

OS command injection vulnerability exists in KB-AHR series and KB-IRIP series. If this vulnerability is exploited, an arbitrary OS command may be executed on the product or the device settings may be altered. Affected products and versions are as follows: KB-AHR04D versions prior to...

CVE-2023-30762

Improper authentication vulnerability exists in KB-AHR series and KB-IRIP series. If this vulnerability is exploited, an arbitrary OS command may be executed on the product or the device settings may be altered. Affected products and versions are as follows: KB-AHR04D versions prior to...

Command injection

OS command injection vulnerability exists in KB-AHR series and KB-IRIP series. If this vulnerability is exploited, an arbitrary OS command may be executed on the product or the device settings may be altered. Affected products and versions are as follows: KB-AHR04D versions prior to...

CVE-2023-32548

OS command injection vulnerability exists in WPS Office version 10.8.0.6186. If a remote attacker who can conduct a man-in-the-middle attack connects the product to a malicious server and sends a specially crafted data, an arbitrary OS command may be executed on the system where the product is...

CVE-2023-31198

OS command injection vulnerability exists in Wi-Fi AP UNIT allows. If this vulnerability is exploited, a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command. Affected products and versions are as follows: AC-PD-WAPU v1.05B04 and earlier, AC-PD-WAPUM...