183 matches found
CVE-2023-30766
Hidden functionality issue exists in KB-AHR series and KB-IRIP series. If this vulnerability is exploited, an arbitrary OS command may be executed on the product or the device settings may be altered. Affected products and versions are as follows: KB-AHR04D versions prior to 91110.1.101106.78,...
CVE-2023-30766
Hidden functionality issue exists in KB-AHR series and KB-IRIP series. If this vulnerability is exploited, an arbitrary OS command may be executed on the product or the device settings may be altered. Affected products and versions are as follows: KB-AHR04D versions prior to 91110.1.101106.78,...
Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : Jhead vulnerabilities (USN-6108-1)
The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6108-1 advisory. It was discovered that Jhead did not properly handle certain crafted images while rotating them. An attacker could...
Command injection
OS command injection vulnerability in the mail setting page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows remote authenticated attackers to execute an arbitrary OS command...
Command injection
Wi-Fi AP UNIT AC-PD-WAPU v1.05B04 and earlier, AC-PD-WAPUM v1.05B04 and earlier, AC-PD-WAPU-P v1.05B04P and earlier, AC-PD-WAPUM-P v1.05B04P and earlier, AC-WAPU-300 v1.00B07 and earlier, AC-WAPU-300-P v1.00B08P and earlier, AC-WAPUM-300 v1.00B07 and earlier, and AC-WAPUM-300-P v1.00B08P and...
Command injection
Beekeeper Studio versions prior to 3.9.9 allows a remote authenticated attacker to execute arbitrary JavaScript code with the privilege of the application on the PC where the affected product is installed. As a result, an arbitrary OS command may be executed as well...
CVE-2023-27521
OS command injection vulnerability in the mail setting page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows remote authenticated attackers to execute an arbitrary OS command...
Siemens SCALANCE M875 Arbitrary OS Command Execution (CVE-2018-4859)
A vulnerability has been identified in SCALANCE M875 All versions. An authenticated remote attacker with access to the web interface 443/tcp, could execute arbitrary operating system commands. Successful exploitation requires that the attacker has network access to the web interface. The attacker...
Siemens SCALANCE M875 Arbitrary OS Command Execution (CVE-2018-4860)
A vulnerability has been identified in SCALANCE M875 All versions. An authenticated remote attacker with access to the web interface 443/tcp, could execute arbitrary operating system commands. Successful exploitation requires that the attacker has network access to the web interface. The attacker...
CVE-2023-22304
OS command injection vulnerability in PIX-RT100 versions RT100TEQ2.1.1EQ101 and RT100TEQ2.1.2EQ101 allows a network-adjacent attacker who can access product settings to execute an arbitrary OS command...
Command injection
MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and MAHO-PBX NetDevancer MobileGate Home/Office prior to Ver.1.11.00 allow a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command...
CVE-2023-22280
MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and MAHO-PBX NetDevancer MobileGate Home/Office prior to Ver.1.11.00 allow a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command...
JVN#57296685: Multiple vulnerabilities in PIXELA PIX-RT100
PIX-RT100 provided by PIXELA CORPORATION contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2023-22304 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H| Base Score: 8.0 CVSS v2| AV:A/AC:L/Au:S/C:C/I:C/A:C| Base Score: 7.7...
CVE-2022-44456
CONPROSYS HMI System CHS Ver.3.4.4?and earlier allows a remote unauthenticated attacker to execute an arbitrary OS command on the server where the product is running by sending a specially crafted request...
Command injection
OS command injection vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command if a specially crafted request is sent to a specific CGI program...
CVE-2022-43466
OS command injection vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command if a specially crafted request is sent to a specific CGI program...
CVE-2022-44456
CONPROSYS HMI System CHS Ver.3.4.4?and earlier allows a remote unauthenticated attacker to execute an arbitrary OS command on the server where the product is running by sending a specially crafted request...
CVE-2022-45145
egg-compile.scm in CHICKEN 5.x before 5.3.1 allows arbitrary OS command execution during package installation via escape characters in a .egg file...
CVE-2022-45145
CVE-2022-45145 concerns CHICKEN 5.x; vulnerability exists in egg-compile.scm that allows arbitrary OS command execution during package installation via escaped characters in a .egg file. Root cause: insecure handling in egg-compile.scm leading to command injection during installation. Affected: C...
Denial of service
Hidden functionality vulnerability in multiple Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command. The affected products/versions are as follows: WCR-300 firmware Ver. 1.87 and earlier, WHR-HP-G300N firmware Ver. 2.00 and...