Buffer overflow

Buffer overflow vulnerability in LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute an arbitrary OS command via unspecified vectors...

CVE-2021-20640

Buffer overflow vulnerability in LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute an arbitrary OS command via unspecified vectors...

Netgear NETGEAR Operating System Command Injection Vulnerability

Netgear NETGEAR is a router from the American company Netgear. A hardware device that connects two or more networks and acts as a gateway between networks. An operating system command injection vulnerability exists in the NETGEAR Orbi, which arises from a network system or product not properly...

CVE-2020-20294

CVE-2020-20294 affects CMSWing 1.3.8. The issue is a log function not validating the log parameter, allowing arbitrary command execution through malicious input. No explicit exploitation details or patch/remediation are provided in the supplied documents.

ELECOM WRC-300FEBK-S Cross-Site Request Forgery Vulnerability

The ELECOM WRC-300FEBK-S is a wireless access device. A cross-site request forgery vulnerability exists in the ELECOM WRC-300FEBK-S, which can be exploited by an attacker to submit a special request, alter the communication response, and execute arbitrary OS commands in the application context...

CMSWing SQL注入漏洞

CMSWing is a ThinkJS-based e-commerce platform and CMS builder. A code execution vulnerability exists in CMSWing 1.3.8. The vulnerability stems from the log function not checking the log parameter. An attacker can exploit this vulnerability to execute arbitrary commands via malicious parameters...

Elecom ELECOM WRC-300FEBK-S 操作系统命令注入漏洞

The ELECOM WRC-300FEBK-S is a wireless access device. An arbitrary command execution vulnerability exists in the ELECOM WRC-300FEBK-S, which can be exploited by an attacker to execute arbitrary OS commands...

LOGITEC CORPORATION LAN-W300N/PGRB 操作系统命令注入漏洞

LOGITEC CORPORATION LAN-W300N/PGRB is a wireless router device. LOGITEC CORPORATION LAN-W300N/PGRB is vulnerable to OS command injection, which can be exploited by attackers to execute arbitrary OS commands via unspecified vectors...

LOGITEC CORPORATION LAN-W300N/PGRB 操作系统命令注入漏洞

LOGITEC CORPORATION LAN-W300N/PGRB is a wireless router device. LOGITEC CORPORATION LAN-W300N/PGRB is vulnerable to OS command injection, which can be exploited by attackers to execute arbitrary OS commands via unspecified vectors...

LOGITEC CORPORATION LAN-W300N/PGRB 缓冲区错误漏洞

LOGITEC CORPORATION LAN-W300N/PGRB is a wireless router device. LOGITEC CORPORATION LAN-W300N/PGRB is vulnerable to a buffer overflow vulnerability, which can be exploited by attackers to execute arbitrary operating system commands via unspecified vectors...

CVE-2021-3115

A flaw was found in golang: cmd/go, in which Go can execute arbitrary commands at build time when cgo is in use on Windows OS. On Linux/Unix, only users who have "." listed explicitly in their PATH variable are affected. The highest threat from this vulnerability is to data confidentiality and...

Cisco Smart Software Manager 操作系统命令注入漏洞

Cisco Smart Software Manager Satellite is software designed to provide intelligent management of licenses. A command injection vulnerability exists in the WEB UI of Cisco Smart Software Manager Satellite 5.1.0 and prior versions. The vulnerability stems from the program not properly validating...

Arbitrary Command Execution Vulnerability in Knight Talent System Basic Edition

Knight Talent System is a free + open source professional recruitment system based on PHP + MYSQL as the core development. Knight Talent System Basic Edition has an arbitrary command execution vulnerability. Attackers can use this vulnerability to obtain server privileges...

CVE-2020-24639

There is a vulnerability caused by unsafe Java deserialization that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host operating system...

Input validation

There is a vulnerability caused by insufficient input validation that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host operating system...

CVE-2020-24640

Aruba Airwave Glass prior to version 1.3.3 contains an input validation error that enables arbitrary command execution inside the containerized environment. This weakness can allow an attacker to fully compromise the underlying host OS, with exploitation primarily possible through management GUI/...

CVE-2020-24639

CVE-2020-24639 affects Aruba Airwave Glass prior to 1.3.3, caused by unsafe Java deserialization that enables arbitrary command execution in a containerized environment, potentially leading to complete host compromise. Affected component: Airwave Glass; root cause: unsafe Java deserialization; im...

CVE-2020-24639

There is a vulnerability caused by unsafe Java deserialization that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host operating system...

Binary Vulnerability in Cisco RV110W

The Cisco RV110W is a wireless router. A binary vulnerability exists in the Cisco RV110W. An attacker can exploit the vulnerability to directly execute arbitrary system commands as root...

Arbitrary Command Execution

ts-process-promises is vulnerable to arbitrary command execution. The usage of exec function allows an attacker to execute arbitrary commands on the host OS...