64 matches found
PT-2024-1833
Name of the Vulnerable Software and Affected Versions Totolink X6000R AX3000 version 9.4.0cu.852 20230719 Description An issue exists in the shttpd component due to insufficient input validation. A remote attacker can exploit this by manipulating the setWizardCfg function within the...
CVE-2023-22816
A post-authentication remote command injection vulnerability in a CGI file in Western Digital My Cloud OS 5 devices that could allow an attacker to build files with redirects and execute larger payloads. This issue affects My Cloud OS 5 devices: before 5.26.300...
CVE-2023-22816
A post-authentication remote command injection vulnerability in a CGI file in Western Digital My Cloud OS 5 devices that could allow an attacker to build files with redirects and execute larger payloads. This issue affects My Cloud OS 5 devices: before 5.26.300...
Command injection
A post-authentication remote command injection vulnerability in a CGI file in Western Digital My Cloud OS 5 devices that could allow an attacker to build files with redirects and execute larger payloads. This issue affects My Cloud OS 5 devices: before 5.26.300...
CVE-2023-22816 Limited Post-Authentication Remote Command Injection in My Cloud Products
A post-authentication remote command injection vulnerability in a CGI file in Western Digital My Cloud OS 5 devices that could allow an attacker to build files with redirects and execute larger payloads. This issue affects My Cloud OS 5 devices: before 5.26.300...
CVE-2023-22816 Limited Post-Authentication Remote Command Injection in My Cloud Products
A post-authentication remote command injection vulnerability in a CGI file in Western Digital My Cloud OS 5 devices that could allow an attacker to build files with redirects and execute larger payloads. This issue affects My Cloud OS 5 devices: before 5.26.300...
CVE-2022-29842
Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability that could allow an attacker to execute code in the context of the root user on a vulnerable CGI file was discovered in Western Digital My Cloud OS 5 devicesThis issue affects My Cloud OS 5: before...
Command injection
Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability that could allow an attacker to execute code in the context of the root user on a vulnerable CGI file was discovered in Western Digital My Cloud OS 5 devicesThis issue affects My Cloud OS 5: before...
CVE-2022-29842 Command Injection Vulnerability in Western Digital My Cloud devices
Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability that could allow an attacker to execute code in the context of the root user on a vulnerable CGI file was discovered in Western Digital My Cloud OS 5 devicesThis issue affects My Cloud OS 5: before...
PT-2023-3460 · Western Digital · My Cloud Os
Name of the Vulnerable Software and Affected Versions: My Cloud OS 5 versions prior to 5.26.300 Description: The issue is related to a lack of data cleaning measures at the management level in My Cloud OS, which can be exploited by a remote attacker to execute arbitrary commands. Specifically, it...
TOTOLINK NR1800X UploadFirmwareFile Command Injection Vulnerability
TOTOLINK NR1800X is an outstanding 5G NR indoor Wi-Fi and SIP CPE from China's TOTOLINK. designed to provide fast and easy deployment of NR fixed data services in homes and offices. A command injection vulnerability exists in TOTOLINK NR1800X version V9.1.0u.6279B20210910, which originates from t...
The vulnerability of the File Manager web interface for system administration on UNIX-like operating systems, such as Webmin, allows a perpetrator to escalate their privileges or execute arbitrary code.
The vulnerability of the File Manager web interface for system administration in UNIX-like operating systems, such as Webmin, is related to deficiencies in the authentication mechanism. Exploiting this vulnerability allows an attacker to increase their privileges or execute arbitrary code by...
CVE-2020-8263
A vulnerability in the authenticated user web interface of Pulse Connect Secure 9.1R9 could allow attackers to conduct Cross-Site Scripting XSS through the CGI file...
CVE-2020-8263
A vulnerability in the authenticated user web interface of Pulse Connect Secure 9.1R9 could allow attackers to conduct Cross-Site Scripting XSS through the CGI file...
CVE-2020-8263
A vulnerability in the authenticated user web interface of Pulse Connect Secure 9.1R9 could allow attackers to conduct Cross-Site Scripting XSS through the CGI file...
CVE-2019-9624
Webmin 1.900 allows remote attackers to execute arbitrary code by leveraging the "Java file manager" and "Upload and Download" privileges to upload a crafted .cgi file via the /updown/upload.cgi URI...
CVE-2019-9624
Webmin 1.900 allows remote attackers to execute arbitrary code by leveraging the "Java file manager" and "Upload and Download" privileges to upload a crafted .cgi file via the /updown/upload.cgi URI...
CVE-2019-9624
CVE-2019-9624 affects Webmin up to version 1.900 (and lower per sources). An authenticated user with the Upload and Download privilege can upload a crafted .cgi file via the /updown/upload.cgi URI, which enables remote code execution on the server. Exploitation is described as an authenticated RC...
Webmin Arbitrary Code Execution Vulnerability
Webmin is a Web-based system configuration tool for Unix-like systems, and the latest version can also be installed and run on Windows. An arbitrary code execution vulnerability exists in Webmin 1.900. A remote attacker can use the "Java File Manager" and "Upload and Download" privileges to uploa...
Usermin 1.750 - Remote Command Execution Exploit
Exploit for linux platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'uri' class MetasploitModule 'Usermin 1.750 - Remote Command Execution', 'Description' ...