CVE-2022-37900

CVE-2022-37900 describes authenticated command-injection vulnerabilities in the ArubaOS command-line interface. Exploitation could allow arbitrary commands to be executed with privileged OS rights. Affected software is ArubaOS (Aruba Mobility Controllers/Mobility Access Switches) with the vulnera...

CVE-2022-37899

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system...

CVE-2022-37898

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system...

IBM InfoSphere Information Server 操作系统命令注入漏洞

IBM InfoSphere Information Server is a data integration platform from International Business Machines IBM, Inc. IBM InfoSphere Information Server version 11.7 contains an operating system command injection vulnerability that can be exploited by a locally authenticated attacker to execute arbitrar...

CVE-2022-43109

D-Link DIR-823G v1.0.2 was found to contain a command injection vulnerability in the function SetNetworkTomographySettings. This vulnerability allows attackers to execute arbitrary commands via a crafted packet...

CVE-2022-35717

"IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-"Force ID: 231361...

PT-2022-5760 · Fortinet · Fortitester

Name of the Vulnerable Software and Affected Versions: FortiTester versions 3.0.0 through 3.9.1 FortiTester versions 4.0.0 through 4.2.0 FortiTester versions 7.0.0 through 7.1.0 Description: The issue is related to an improper neutralization of special elements used in an OS command, which may...

Softnext Technologies Mail SQR Expert 操作系统命令注入漏洞

Softnext Technologies Mail SQR Expert is a comprehensive email content security management system from Softnext Technologies. A security vulnerability exists in Softnext Technologies Mail SQR Expert due to insufficient filtering of special characters in certain functions, which can be exploited b...

PT-2022-19169 · Inhand Networks · Inrouter302

Name of the Vulnerable Software and Affected Versions: InHand Networks InRouter302 version 3.5.45 Description: A leftover debug code vulnerability exists in the console support functionality. This vulnerability can be triggered by a specially-crafted network request, leading to arbitrary command...

InHand Networks InRouter302 console support leftover debug code vulnerability

Talos Vulnerability Report TALOS-2022-1521 InHand Networks InRouter302 console support leftover debug code vulnerability October 27, 2022 CVE Number CVE-2022-28689 SUMMARY A leftover debug code vulnerability exists in the console support functionality of InHand Networks InRouter302 V3.5.45. A...

The vulnerability of the J-Web interface in Juniper Networks Junos OS allows a perpetrator to gain unauthorized access to protected information or execute arbitrary commands.

The vulnerability of the J-Web interface in Juniper Networks Junos OS operating systems is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information or execute arbitrary commands ...

CVE-2022-33204

Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP reque...

CVE-2022-33207

Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP reque...

CVE-2022-33195

Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This...

CVE-2022-34850

An OS command injection vulnerability exists in the webserver /action/importauthorizedkeys/ functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability...

CVE-2022-33150

An OS command injection vulnerability exists in the jspackage install functionality of Robustel R1510 3.1.16. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability...

CVE-2022-33192

Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This...

CVE-2022-33189

An OS command injection vulnerability exists in the XCMD setAlexa functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send a malicious XML payload to trigger this vulnerability...

CVE-2022-30603

An OS command injection vulnerability exists in the web interface /action/iperf functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger...

CVE-2022-29520

An OS command injection vulnerability exists in the consolemainloop :sys functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send an XML payload to trigger this vulnerability...