CVE-2021-20074

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows users to escape the provided command line interface and execute arbitrary OS commands...

ALEOS Stack Overflow Vulnerability

ALEOS is an integrated development environment for building customized embedded M2M applications. A stack overflow vulnerability exists in the AT command interface in ALEOS versions prior to 4.11.0, which can be exploited by an attacker to execute code...

ALEOS stack overflow vulnerability (CNVD-2020-48628)

ALEOS is an integrated development environment for building customized embedded M2M applications. A stack overflow vulnerability exists in the AT Command API in ALEOS versions prior to 4.11.0, which can be exploited by an attacker to execute code...

CVE-2019-11850

A stack overflow vulnerabiltity exist in the AT command interface of ALEOS before 4.11.0. The vulnerability may allow code execution...

CVE-2019-11853

Several potential command injections vulnerabilities exist in the AT command interface of ALEOS before 4.11.0, and 4.9.4...

CVE-2019-11853

ALEOS AT command interface exposes several potential command injection vulnerabilities in versions prior to 4.11.0 and 4.9.4. Connected CNVD/NVD entries confirm the issue affects ALEOS and reference affected versions; no additional exploitation details are provided in the sources. Remediation gui...

CVE-2019-11850

CVE-2019-11850 is about a stack overflow in the AT command interface of ALEOS before version 4.11.0. The vulnerability exists in ALEOS, an embedded M2M development environment, and can lead to remote code execution, with exploitation demonstrated in versions prior to 4.11.0 per CNVD-2020-48629 an...

CVE-2019-19834

Directory Traversal in ruckuscli2 in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a remote attacker to jailbreak the CLI via enable-debug-script-exec with ../../../bin/sh as the parameter...

Telesquare SKT LTE Router SDT-CS3B1 - Cross-Site Request Forgery Vulnerability

Exploit for hardware platform in category web applications Telesquare SKT LTE Router SDT-CS3B1 CSRF System Command Execution Vendor: Telesquare Co., Ltd. Product web page: http://www.telesquare.co.kr Affected version: FwVer: SDT-CS3B1, sw version 1.2.0 LteVer: ML300S5XEA41090 1 0.1.0 Modem model:...

Telesquare SKT LTE Router SDT-CS3B1 - Cross-Site Request Forgery

Telesquare SKT LTE Router SDT-CS3B1 - Cross-Site Request Forgery Telesquare SKT LTE Router SDT-CS3B1 CSRF System Command Execution Vendor: Telesquare Co., Ltd. Product web page: http://www.telesquare.co.kr Affected version: FwVer: SDT-CS3B1, sw version 1.2.0 LteVer: ML300S5XEA41090 1 0.1.0 Modem...

Telesquare SKT LTE Router SDT-CS3B1 - Cross-Site Request Forgery

Telesquare SKT LTE Router SDT-CS3B1 CSRF System Command Execution Vendor: Telesquare Co., Ltd. Product web page: http://www.telesquare.co.kr Affected version: FwVer: SDT-CS3B1, sw version 1.2.0 LteVer: ML300S5XEA41090 1 0.1.0 Modem model: PM-L300S Summary: We introduce SDT-CS3B1 LTE router which ...

admin-cli: Potential EAP resource starvation DOS attack via GET requests for server log files

An EAP feature to download server log files allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough resources that normal server functioning could be impaired...

Auditing Web Applications Firewalls: LightBulb

Auditing Web Applications Firewalls LightBulb is an open source python framework for auditing web applications firewalls Web Applications Firewalls WAFs are fundamental building blocks of modern application security. For example, the PCI standard for organizations handling credit card transaction...

Cisco IP Interoperability and Collaboration System Local Elevation of Privilege Vulnerability

The Cisco IP Interoperability and Collaboration System is a set of solutions that provide voice interoperability across different systems based on IP standards. A local elevation of privilege vulnerability exists in the Cisco IP Interoperability and Collaboration System command-line CLI, which...

AVM Fritz!Box Arbitrary Command Execution Vulnerability

AVM Fritz!Box is a router product from the German company AVM. The AVM Fritz!Box cgi-bin/webcm URI fails to adequately filter shell metacharacters in the 'var:lang' parameter, presenting an arbitrary command execution vulnerability that could be exploited by a remote attacker to submit a special...

Oracle Linux 7 : qemu-kvm (ELSA-2015-0349)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-0349 advisory. - Resolves: bz1169456 CVE-2014-8106 qemu-kvm: qemu: cirrus: insufficient blit region checks rhel-7.1 - Resolves: bz1163078 CVE-2014-7840 qemu-kvm: qemu...

RedHat Update for qemu-kvm RHSA-2015:0349-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RedHat Update for qemu-kvm RHSA-2014:0927-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

VMware Backdoor Response Uninitialized Memory Potential VM Break

VMware Backdoor Response Uninitialized Memory Potential VM Break Derek Soeder [email protected] Reported: December 5, 2011 Published: May 3, 2012 AFFECTED VENDOR --------------- VMware, Inc. AFFECTED ENVIRONMENTS --------------------- The following VMware product versions are known to be...