17 matches found
GHSA-FHH6-4QXV-RPQJ 9router: Unauthenticated Remote Code Execution via unprotected MCP custom plugin routes
Summary 9router exposes two unauthenticated API endpoints that, when chained together, allow any network-adjacent attacker to execute arbitrary OS commands as the user running the 9router process — with zero prerequisites and no credentials required. The vulnerability exists because the Next.js...
NEC Platforms Aterm Series 安全漏洞
The NEC Platforms Aterm Series is a series of wireless router and network device products developed by the Japanese company NEC. The NEC Platforms Aterm Series contains security vulnerabilities, which stem from OS command injection, potentially allowing for the execution of arbitrary OS commands...
KuWFi GC111 安全漏洞
KuWFi GC111 is a WiFi router from KuWFi China. A security vulnerability exists in the KuWFi GC111 that stems from improper handling of unauthenticated requests and could lead to the execution of arbitrary OS commands...
CVE-2024-52034 mySCADA myPRO OS Command Injection
An OS Command Injection vulnerability exists within myPRO Manager. A parameter within a command can be exploited by an unauthenticated remote attacker to inject arbitrary operating system commands...
PT-2024-27018 · Futurenet · Futurenet Nxr Series
Name of the Vulnerable Software and Affected Versions: FutureNet NXR series, VXR series and WXR series affected versions not specified Description: The issue concerns an active debug code vulnerability. If a user with knowledge of the debug function logs in, they may utilize the debug function to...
D-Link DIR-823G Command Execution Vulnerability (CNVD-2023-65130)
The D-Link DIR-823G is a wireless router from China's AUO D-Link. A command execution vulnerability exists in the D-Link DIR-823G version 1.02B05, which stems from the application failing to properly filter construct command special characters, commands, etc. An attacker can exploit this...
CVE-2023-29150
mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands...
Design/Logic Flaw
mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands...
CVE-2021-43981
mySCADA myPRO: Versions 8.20.0 and prior has a feature to send emails, which may allow an attacker to inject arbitrary operating system commands through a specific parameter...
CVE-2018-4859
A vulnerability has been identified in SCALANCE M875 All versions. An authenticated remote attacker with access to the web interface 443/tcp, could execute arbitrary operating system commands. Successful exploitation requires that the attacker has network access to the web interface. The attacker...
CVE-2018-4860
A vulnerability has been identified in SCALANCE M875 All versions. An authenticated remote attacker with access to the web interface 443/tcp, could execute arbitrary operating system commands. Successful exploitation requires that the attacker has network access to the web interface. The attacker...
Security feature bypass
A vulnerability has been identified in SCALANCE M875 All versions. An authenticated remote attacker with access to the web interface 443/tcp, could execute arbitrary operating system commands. Successful exploitation requires that the attacker has network access to the web interface. The attacker...
CVE-2016-0325
IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert...
Time and Expense Management System Multiple Vulnerabilities
No description provided by source. ------------------------------------------------------------------------ Software................Time and Expense Management System Vulnerability...........Command Injection Threat Level............Very Critical 5/5...
Time and Expense Management System - Multiple Vulnerabilities
------------------------------------------------------------------------ Software................Time and Expense Management System Vulnerability...........Command Injection Threat Level............Very Critical 5/5 Download................http://sourceforge.net/projects/tems/ Discovery...
Time and Expense Management System Multiple Vulnerabilities
Exploit for php platform in category web applications ------------------------------------------------------------------------ Software................Time and Expense Management System Vulnerability...........Command Injection Threat Level............Very Critical 5/5...
CVE-2007-0565
CGI-Rescue Shopping Basket Professional 7.50 and earlier allows remote attackers to inject arbitrary operating system commands via unspecified vectors...