Atos Unify OpenScape 4000 命令注入漏洞

Atos Unify OpenScape 4000 is an enterprise IP communications platform from Atos France. A security vulnerability exists in Atos Unify OpenScape 4000 that originates from allowing an attacker to run arbitrary commands on the platform operating system and gain administrative access. Affected Produc...

CVE-2023-29474

inventory in Atos Unify OpenScape 4000 Platform and OpenScape 4000 Manager Platform 10 R1 before 10 R1.34.4 allows an unauthenticated attacker to run arbitrary commands on the platform operating system and achieve administrative access, aka OSFOURK-23552...

The vulnerability in the web interface of the Cisco Secure Network Analytics system, previously known as Cisco Stealthwatch Enterprise, allows a perpetrator to execute arbitrary commands.

The vulnerability in the web interface of the Cisco Secure Network Analytics system, previously known as Cisco Stealthwatch Enterprise, involves the restoration of unreliable data in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands on behalf of an...

Security Bulletin: Celery as used by IBM QRadar Advisor With Watson App is vulnerable to arbitrary command execution (CVE-2021-23727)

Summary Celery as used by IBM QRadar Advisor With Watson App is vulnerable to arbitrary command execution. IBM has addressed the relevant vulnerabilities. Vulnerability Details CVEID:CVE-2021-23727 DESCRIPTION: Celery could allow a remote authenticated attacker to execute arbitrary commands on th...

MyBatis-Plus SQL注入漏洞

MyBatis-Plus is a Baomidou open source toolkit. MyBatis-Plus versions prior to 3.5.3.1 have a SQL injection vulnerability that can be exploited by an attacker to execute arbitrary SQL commands via the tenant ID valuer...

CVE-2023-27765

An issue found in Wondershare Technology Co.,Ltd Recoverit v.10.6.3 allows a remote attacker to execute arbitrary commands via the recoveritsetupfull4134.exe file...

CVE-2023-26921

OS Command Injection vulnerability in quectel AG550QCN allows attackers to execute arbitrary commands via qlatfwd...

Uptime Kuma 跨站脚本漏洞

Uptime Kuma is an easy-to-use self-hosted monitoring tool from Louis Lam Personal Developer. A cross-site scripting vulnerability exists in Uptime Kuma version v.1.19.6 and earlier. An attacker can exploit this vulnerability to execute arbitrary commands via the description, title, footer, and...

CVE-2023-27770

An issue found in Wondershare Technology Co.,Ltd Edraw-max v.12.0.4 allows a remote attacker to execute arbitrary commands via the edraw-maxsetupfull5371.exe file...

CVE-2022-3210

CVE-2022-3210 affects D-Link DIR-2150 (firmware 4.0.1). The vulnerability in the xupnpd service (listening on TCP 4044) arises from insufficient validation of a user-supplied string before a system call, enabling network-adjacent attackers to execute arbitrary commands with the service account’s ...

TOTOLINK A7100RU 命令注入漏洞

The TOTOLINK A7100RU is a wireless router manufactured by China's Gion Electronics TOTOLINK, mainly used for home network connection. The TOTOLINK A7100RU suffers from a command injection vulnerability that stems from the upBw parameter in /setting/setWanIeCfg failing to properly filter construct...

The vulnerability of the command-line interface (CLI) of the Cisco NX-OS operating system for Cisco switches allows a attacker to execute arbitrary commands.

The vulnerability of the command-line interface CLI of the Cisco NX-OS operating system for Cisco switches exists because measures are not taken to eliminate the special elements used in the operating system’s commands. Exploiting this vulnerability allows an attacker to execute arbitrary command...

Design/Logic Flaw

HGiga OAKlouds file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary command or disrupt service...

CVE-2023-26802

An issue in the component /networkconfig/nsgmasq.cgi of DCN Digital China Networks DCBI-Netlog-LAB v1.0 allows attackers to bypass authentication and execute arbitrary commands via a crafted request...

PT-2023-20802 · Digital China Networks · Dcbi-Netlog-Lab

Name of the Vulnerable Software and Affected Versions: DCBI-Netlog-LAB version 1.0 Description: The issue allows attackers to bypass authentication and execute arbitrary commands via a crafted request to the "/network config/nsg masq.cgi" API endpoint. This is due to a problem in the component...

CVE-2023-26802

DCBI-Netlog-LAB v1.0 (DCN) contains a command-injection flaw in /network_config/nsg_masq.cgi that allows unauthenticated attackers to bypass auth and execute arbitrary OS commands via a crafted request. Affected product: DCBI-Netlog-LAB v1.0; impact per sources is high (unathenticated, arbitrary ...

CVE-2023-28617

A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the function org-babel-execute:latex in ob-latex.el can result in arbitrary command execution. Mitigation Do not evaluate untrusted Lisp or org-mode code...

CVE-2022-28495

TOTOLink outdoor CPE CP900 V6.3c.566B20171026 is discovered to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

TOTOLINK CP900 操作系统命令注入漏洞

The TOTOLINK CP900 is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK CP900 suffers from a command injection vulnerability that stems from the setWebWlanIdx function failing to correctly filter construct command special characters, commands, etc. An attacker can exploit thi...

NETGEAR Orbi Satellite RBS750 ubus backend communication function command execution vulnerability

The NETGEAR Orbi Satellite RBS750 is a professional-grade tri-band satellite router from NETGEAR. The NETGEAR Orbi Satellite RBS750 suffers from a command execution vulnerability that stems from a failure to properly filter constructed command special characters, commands, etc. in the ubus back-e...