GHSA-FHH6-4QXV-RPQJ 9router: Unauthenticated Remote Code Execution via unprotected MCP custom plugin routes

Summary 9router exposes two unauthenticated API endpoints that, when chained together, allow any network-adjacent attacker to execute arbitrary OS commands as the user running the 9router process — with zero prerequisites and no credentials required. The vulnerability exists because the Next.js...

NEC Platforms Aterm Series 安全漏洞

The NEC Platforms Aterm Series is a series of wireless router and network device products developed by the Japanese company NEC. The NEC Platforms Aterm Series contains security vulnerabilities, which stem from OS command injection, potentially allowing for the execution of arbitrary OS commands...

KuWFi GC111 安全漏洞

KuWFi GC111 is a WiFi router from KuWFi China. A security vulnerability exists in the KuWFi GC111 that stems from improper handling of unauthenticated requests and could lead to the execution of arbitrary OS commands...

CVE-2024-52034 mySCADA myPRO OS Command Injection

An OS Command Injection vulnerability exists within myPRO Manager. A parameter within a command can be exploited by an unauthenticated remote attacker to inject arbitrary operating system commands...

PT-2024-27018 · Futurenet · Futurenet Nxr Series

Name of the Vulnerable Software and Affected Versions: FutureNet NXR series, VXR series and WXR series affected versions not specified Description: The issue concerns an active debug code vulnerability. If a user with knowledge of the debug function logs in, they may utilize the debug function to...

Aruba Networks Aruba 9200 and 9000 Security Vulnerabilities

The Aruba Networks Aruba 9200 and Aruba Networks Aruba 9000 are a family of security gateways from Aruba Networks, Inc. A security vulnerability exists in the Aruba Networks Aruba 9200 and 9000 that stems from a flaw in the secure boot implementation, which can be exploited to bypass security...

Design/Logic Flaw

Due to programming error in function module and report, IS-OIL component in SAP ECC and SAP S/4HANA allows an authenticated attacker to inject an arbitrary operating system command into an unprotected parameter in a common default extension. On successful exploitation, the attacker can read or...

D-Link DIR-823G Command Execution Vulnerability (CNVD-2023-65130)

The D-Link DIR-823G is a wireless router from China's AUO D-Link. A command execution vulnerability exists in the D-Link DIR-823G version 1.02B05, which stems from the application failing to properly filter construct command special characters, commands, etc. An attacker can exploit this...

CVE-2023-29150

mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands...

Design/Logic Flaw

mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands...

CVE-2022-1661

The affected products are vulnerable to directory traversal, which may allow an attacker to obtain arbitrary operating system files...

CVE-2022-1661 Keysight N6854A Geolocation server and N6841A RF Sensor software

The affected products are vulnerable to directory traversal, which may allow an attacker to obtain arbitrary operating system files...

CVE-2021-43981

mySCADA myPRO: Versions 8.20.0 and prior has a feature to send emails, which may allow an attacker to inject arbitrary operating system commands through a specific parameter...

Keijiban Tsumiki Free CGI Operating System Command Injection Vulnerability

Keijiban Tsumiki Free CGI is a free CGI public gateway interface. An operating system command injection vulnerability exists in Keijiban Tsumiki v1.15. A remote attacker can exploit this vulnerability to execute arbitrary operating system commands...

Security feature bypass

A vulnerability has been identified in SCALANCE M875 All versions. An authenticated remote attacker with access to the web interface 443/tcp, could execute arbitrary operating system commands. Successful exploitation requires that the attacker has network access to the web interface. The attacker...

CVE-2018-4859

A vulnerability has been identified in SCALANCE M875 All versions. An authenticated remote attacker with access to the web interface 443/tcp, could execute arbitrary operating system commands. Successful exploitation requires that the attacker has network access to the web interface. The attacker...

CVE-2018-4860

A vulnerability has been identified in SCALANCE M875 All versions. An authenticated remote attacker with access to the web interface 443/tcp, could execute arbitrary operating system commands. Successful exploitation requires that the attacker has network access to the web interface. The attacker...

CVE-2016-0325

IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert...

Time and Expense Management System Multiple Vulnerabilities

No description provided by source. ------------------------------------------------------------------------ Software................Time and Expense Management System Vulnerability...........Command Injection Threat Level............Very Critical 5/5...

Time and Expense Management System - Multiple Vulnerabilities

------------------------------------------------------------------------ Software................Time and Expense Management System Vulnerability...........Command Injection Threat Level............Very Critical 5/5 Download................http://sourceforge.net/projects/tems/ Discovery...