36 matches found
CVE-2024-34338
Tenda O3V2 with firmware versions V1.0.0.10 and V1.0.0.12 was discovered to contain a Blind Command Injection via dest parameter in /goform/getTraceroute. This vulnerability allows attackers to execute arbitrary commands with root privileges. Authentication is required to exploit this vulnerabili...
📄 Backdoor.Win32.Netbus.170 Blind Command Execution
This Metasploit module provides historical/educational exploitation of the Backdoor.Win32.Netbus.170 trojan, originally discovered in 1998. It represents a legacy proof-of-concept rather than a modern offensive security tool...
EUVD-2024-34731
Malicious code in bioql PyPI...
EUVD-2024-36171
Malicious code in bioql PyPI...
CVE-2024-36061
EnGenius EWS356-FIT devices through 1.1.30 allow blind OS command injection. This allows an attacker to execute arbitrary OS commands via shell metacharacters to the Ping and Speed Test utilities...
EnGenius EnStation5-AC A8J-ENS500AC 安全漏洞
The EnGenius EnStation5-AC A8J-ENS500AC is a wireless access point from EnGenius. A security vulnerability exists in the EnGenius EnStation5-AC A8J-ENS500AC version 1.0.0, which originates from allowing blind injection of operating system commands via shell metacharacters in the parameters Ping a...
PT-2024-26872 · Engenius · Engenius Enstation5-Ac
Name of the Vulnerable Software and Affected Versions: EnGenius EnStation5-AC A8J-ENS500AC version 1.0.0 Description: The issue allows blind OS command injection via shell metacharacters in the Ping and Speed Test parameters. This can potentially be exploited to execute unauthorized commands on t...
TOTOLINK 9.x Command Injection
============================================================================================================================================= | Title : TOTOLINK 9.x Code Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.2 64 bits | |...
Exploit for OS Command Injection in Ivanti Cloud_Services_Appliance
CVE-2024-8190: Ivanti Cloud Service Appliance Authenticated Co...
CVE-2024-36604
Tenda O3V2 v1.0.0.123880 was discovered to contain a Blind Command Injection via stpEn parameter in the SetStp function. This vulnerability allows attackers to execute arbitrary commands with root privileges...
CVE-2024-36604
Tenda O3V2 v1.0.0.123880 was discovered to contain a Blind Command Injection via stpEn parameter in the SetStp function. This vulnerability allows attackers to execute arbitrary commands with root privileges...
CVE-2024-36604
Tenda O3V2 v1.0.0.123880 was discovered to contain a Blind Command Injection via stpEn parameter in the SetStp function. This vulnerability allows attackers to execute arbitrary commands with root privileges...
PT-2024-27092 · Tenda · Tenda O3V2
Name of the Vulnerable Software and Affected Versions: Tenda O3V2 version 1.0.0.123880 Description: The issue is related to a Blind Command Injection via the stpEn parameter in the SetStp function, allowing attackers to execute arbitrary commands with root privileges. Recommendations: For Tenda...
CVE-2024-34338
Tenda O3V2 with firmware versions V1.0.0.10 and V1.0.0.12 was discovered to contain a Blind Command Injection via dest parameter in /goform/getTraceroute. This vulnerability allows attackers to execute arbitrary commands with root privileges. Authentication is required to exploit this vulnerabili...
CVE-2024-34338
Tenda O3V2 with firmware versions V1.0.0.10 and V1.0.0.12 was discovered to contain a Blind Command Injection via dest parameter in /goform/getTraceroute. This vulnerability allows attackers to execute arbitrary commands with root privileges. Authentication is required to exploit this vulnerabili...
CVE-2024-34338
Tenda O3V2 with firmware versions V1.0.0.10 and V1.0.0.12 was discovered to contain a Blind Command Injection via dest parameter in /goform/getTraceroute. This vulnerability allows attackers to execute arbitrary commands with root privileges. Authentication is required to exploit this vulnerabili...
CVE-2024-34338
Tenda O3V2 with firmware versions V1.0.0.10 and V1.0.0.12 was discovered to contain a Blind Command Injection via dest parameter in /goform/getTraceroute. This vulnerability allows attackers to execute arbitrary commands with root privileges. Authentication is required to exploit this vulnerabili...
CVE-2023-33270
An issue was discovered in DTS Monitoring 3.57.0. The parameter url within the Curl check function is vulnerable to OS command injection blind...
CVE-2023-33270
An issue was discovered in DTS Monitoring 3.57.0. The parameter url within the Curl check function is vulnerable to OS command injection blind...
CVE-2023-33271
An issue was discovered in DTS Monitoring 3.57.0. The parameter commonname within the SSL Certificate check function is vulnerable to OS command injection blind...