CVE-2023-0861 Authenticated Command Injection in NetModule NSRW

NetModule NSRW web administration interface executes an OS command constructed with unsanitized user input. A successful exploit could allow an authenticated user to execute arbitrary commands with elevated privileges. This issue affects NSRW: from 4.3.0.0 before 4.3.0.119, from 4.4.0.0 before...

Alotcer AR7088H 输入验证错误漏洞

The Alotcer AR7088H is an embedded edge router from Alotcer China. A security vulnerability exists in the Alotcer AR7088H firmware version 16.10.3, which stems from incorrect validation of unspecified input fields for command execution, allowing authenticated command execution...

CVE-2022-46372 Alotcer - AR7088H-A Authenticated Command execution

Alotcer - AR7088H-A firmware version 16.10.3 Command execution Improper validation of unspecified input field may allow Authenticated command execution...

CVE-2022-40005

Intelbras WiFiber 120AC inMesh before 1-1-220826 allows command injection by authenticated users, as demonstrated by the /boaform/formPing6 and /boaform/formTracert URIs for ping and traceroute...

SOUND4 IMPACT/FIRST/PULSE/Eco 2.x services Command Injection

SOUND4 IMPACT/FIRST/PULSE/Eco =2.x services Authenticated Command Injection Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/First Version 1: 2.1/1.69 Impact/Pulse Ec...

CVE-2022-37912

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system...

CVE-2022-37898

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system...

CVE-2022-37901

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system...

Delta Electronics DVW-W02W2-E2 2.42 Command Injection Vulnerability

Delta Electronics DVW-W02W2-E2 version 2.42 suffers from an authenticated command injection vulnerability. ------------------------------------------------------------------------------- title| Authenticated Command Injection product| Delta Electronics DVW-W02W2-E2 vulnerable version| V2.42 fixed...

CVE-2022-40282

The web server of Hirschmann BAT-C2 before 09.13.01.00R04 allows authenticated command injection. This allows an authenticated attacker to pass commands to the shell of the system because the dir parameter of the FsCreateDir Ajax function is not sufficiently sanitized. The vendor's ID is...

CVE-2022-40770

Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users...

CVE-2022-40770

Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users...

CVE-2022-40770

Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users...

PT-2022-25529 · Zoho · Zoho Manageengine Servicedesk Plus

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine ServiceDesk Plus versions 13010 and prior Description: The issue is related to authenticated command injection, which can be exploited by high-privileged users. Recommendations: For Zoho ManageEngine ServiceDesk Plus version...

MSNSwitch Firmware MNT.2408 - Remote Code Exectuion Exploit

Exploit Title: MSNSwitch Firmware MNT.2408 - Remote Code Exectuion RCE Exploit Author: Eli Fulkerson Vendor Homepage: https://www.msnswitch.com/ Version: MNT.2408 Tested on: MNT.2408 firmware CVE: CVE-2022-32429 !/usr/bin/python3 """ POC for unauthenticated configuration dump, authenticated RCE o...

CVE-2022-37899

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system...

PT-2022-24135 · Aruba · Arubaos

Name of the Vulnerable Software and Affected Versions: ArubaOS affected versions not specified Description: The issue concerns authenticated command injection vulnerabilities in the command line interface of ArubaOS. Successful exploitation allows attackers to execute arbitrary commands as a...

PT-2022-24131 · Aruba · Arubaos

Name of the Vulnerable Software and Affected Versions: ArubaOS affected versions not specified Description: The issue concerns authenticated command injection vulnerabilities in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute...

Zentao Project Management System 17.0 Remote Code Execution

Exploit Title: Zentao Project Management System 17.0 - Authenticated Remote Code Execution Exploit Author: mister0xf Date: 2022-10-8 Software Link: https://github.com/easysoft/zentaopms Version: tested on 17.0 probably works also on newer/older versions Tested On: Kali Linux 2022.2 Exploit Tested...

Exploit for CVE-2022-42457

CVE-2022-42457 Generex-CS141-Authenticated-Remote-Command-Exec...