CVE-2022-42491

Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is...

CVE-2022-42493

Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is...

CVE-2022-37898

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system...

CVE-2022-37900

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system...

CVE-2022-26413

A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30ABFX.5C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable device via a LAN interface...

CVE-2017-20216

FLIR Thermal Camera PT-Series firmware version 8.0.0.64 contains multiple unauthenticated remote command injection vulnerabilities in the controllerFlirSystem.php script. Attackers can execute arbitrary system commands as root by exploiting unsanitized POST parameters in the execFlirSystem functi...

CVE-2020-7877

A buffer overflow issue was discovered in ZOOK solutionremote administration tool through processing 'ConnectMe' command while parsing a crafted OUTERIP value because of missing boundary check. This vulnerability allows the attacker to execute remote arbitrary command...

CVE-2020-7863

A vulnerability in File Transfer Solution of Raonwiz could allow arbitrary command execution as the result of viewing a specially-crafted web page. This vulnerability is due to insufficient validation of the parameter of the specific method. An attacker could exploit this vulnerability by setting...

CVE-2024-34544

A command injection vulnerability exists in the wireless.cgi AddMac functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2024-39603

A stack-based buffer overflow vulnerability exists in the wireless.cgi setwifibasicmesh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2024-39604

A command execution vulnerability exists in the updatefilterurl.sh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can perform a man-in-the-middle attack to trigger this vulnerability...

KAYSUS KS-WR3600 安全漏洞

The KAYSUS KS-WR3600 is a wireless router from the Chinese company KAYSUS. A security vulnerability exists in the KAYSUS KS-WR3600, which stems from the SSH service being enabled by default and the root account not having a password, which could lead to arbitrary command execution...

D-Link DIR-605L 安全漏洞

The D-Link DIR-605L is a wireless router from China-based AUO D-Link. A security vulnerability exists in the D-Link DIR-605L that stems from improper access control of the serial interface, which could lead to an arbitrary command execution attack...

GL-Inet GL-AXT1800 安全漏洞

The GL-Inet GL-AXT1800 is a WiFi6 wireless router from GL-Inet China. A security vulnerability exists in the GL-Inet GL-AXT1800 v4.6.8, which stems from improper input cleanup of the plugins.installpackage RPC method, which could lead to the execution of arbitrary commands...

GHSA-H4RF-624J-GJ33 terminal-controller-mcp vulnerable to Command Injection

A command injection vulnerability in the executecommand function of terminal-controller-mcp 0.1.7 allows attackers to execute arbitrary commands via a crafted input...

CVE-1999-0252

Buffer overflow in listserv allows arbitrary command execution...

CVE-1999-0148

The handler CGI program in IRIX allows arbitrary command execution...

CVE-1999-0302

SunOS/Solaris FTP clients can be forced to execute arbitrary commands from a malicious FTP server...

CVE-1999-0037

Arbitrary command execution via metamail package using message headers, when user processes attacker's message using metamail...

CVE-2019-12840

In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi...