CVE-2022-40719

This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the xupnpdgeneric.lua plugin for the xupnpd service, which...

Siretta QUARTZ-GOLD 安全漏洞

Siretta QUARTZ-GOLD is a high-speed industrial router from Siretta.Siretta QUARTZ-GOLD version G5.0.1.5-210720-141020 is vulnerable to a buffer overflow vulnerability that could be exploited by attackers to execute arbitrary commands...

Siretta QUARTZ-GOLD 缓冲区错误漏洞

Siretta QUARTZ-GOLD is a high-speed dual-port Gigabit Ethernet industrial router from Siretta.The Siretta QUARTZ-GOLD is vulnerable to a buffer overflow vulnerability that can be exploited by attackers to cause arbitrary command execution by sending specially crafted network packets...

PT-2023-13903 · Siretta · Siretta Quartz-Gold

Name of the Vulnerable Software and Affected Versions: Siretta QUARTZ-GOLD version G5.0.1.5-210720-141020 Description: A command injection issue exists in the httpd delfile.cgi functionality, allowing an attacker to execute arbitrary commands via a specially-crafted HTTP request. This can lead to...

PT-2023-13952 · Siretta · Siretta Quartz-Gold

Name of the Vulnerable Software and Affected Versions: Siretta QUARTZ-GOLD version G5.0.1.5-210720-141020 Description: Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality. A specially-crafted network packet can lead to arbitrary command...

CVE-2022-40719

CVE-2022-40719 affects D-Link DIR-2150 firmware 4.0.1. The vulnerability lies in the xupnpd_generic.lua plugin of the xupnpd service, which listens on TCP port 4044 by default. When parsing the feed parameter, the input is not properly validated before being used in a system call, enabling networ...

Siretta QUARTZ-GOLD 安全漏洞

Siretta QUARTZ-GOLD is a high-speed industrial router from Siretta.Siretta QUARTZ-GOLD version G5.0.1.5-210720-141020 is vulnerable to a buffer overflow vulnerability, which could be exploited by attackers to execute arbitrary commands...

CVE-2022-40720

The CVE-2022-40720 issue affects D-Link DIR-2150 routers (firmware 4.0.1) via the Dreambox xupnpd plugin, which listens on TCP port 4044. The root cause is improper validation of a user-supplied string before it is used in a system call, enabling network-adjacent attackers to execute arbitrary co...

FreshTomato httpd logs/view.cgi OS command injection vulnerability

Talos Vulnerability Report TALOS-2022-1641 FreshTomato httpd logs/view.cgi OS command injection vulnerability January 26, 2023 CVE Number CVE-2022-42484 SUMMARY An OS command injection vulnerability exists in the httpd logs/view.cgi functionality of FreshTomato 2022.5. A specially crafted HTTP...

Siretta QUARTZ-GOLD httpd SNMP OS command injection vulnerability

Talos Vulnerability Report TALOS-2022-1615 Siretta QUARTZ-GOLD httpd SNMP OS command injection vulnerability January 26, 2023 CVE Number CVE-2022-38066 SUMMARY An OS command injection vulnerability exists in the httpd SNMP functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A...

PT-2023-13743 · Unknown · Rawchen Blog-Ssm

Name of the Vulnerable Software and Affected Versions: Rawchen Blog-ssm version 1.0 Description: A file upload issue allows attackers to execute arbitrary commands and gain escalated privileges via the "uploadFileList" component, specifically through the "/uploadFileList" API endpoint...

CVE-2022-45639

OS Command injection vulnerability in sleuthkit fls tool 4.11.1 allows attackers to execute arbitrary commands via a crafted value to the m parameter. NOTE: third parties have disputed this because there is no analysis showing that the backtick command executes outside the context of the user...

Ubuntu: Security Advisory (USN-5820-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 8 : firefox (ELSA-2023-0288)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-0288 advisory. 102.7.0-1.0.1 - Updated homepages to use https Orabug: 34648274 - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the...

PT-2023-15594 · Unknown · Remote Clinic

Name of the Vulnerable Software and Affected Versions: RemoteClinic version 2.0 Description: The issue allows attackers to execute arbitrary commands and gain sensitive information. This is achieved via the id parameter to the "/medicines/profile.php" API endpoint. Recommendations: For RemoteClin...

inxedu SQL注入漏洞

Inxedu inxedu is a set of open source online education platform of China Inxedu Inxedu company. The platform includes an online school system, a live broadcasting system, an examination system and a marketing website. Inxedu 2.0.6 version of the SQL injection vulnerability , the vulnerability ste...

CVE-2022-46733

Sewio’s Real-Time Location System RTLS Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to cross-site scripting in its backup services. An attacker could take advantage of this vulnerability to execute arbitrary commands...

CVE-2022-43483 CVE-2022-43483

Sewio’s Real-Time Location System RTLS Studio version 2.0.0 up to and including version 2.6.2 does not properly validate the input module name to the monitor services of the software. This could allow a remote attacker to access sensitive functions of the application and execute arbitrary system...

galaxy-data-resource 注入漏洞

galaxy-data-resource is an application by blankenberg individual developers. An injection vulnerability exists in galaxy-data-resource version 14.10.0 and earlier. An attacker can exploit this vulnerability to inject arbitrary commands...

CVE-2023-22496 Netdata vulnerable to command injection

Netdata is an open source option for real-time infrastructure monitoring and troubleshooting. An attacker with the ability to establish a streaming connection can execute arbitrary commands on the targeted Netdata agent. When an alert is triggered, the function healthalarmexecute is called. This...