Lucene search
K

15 matches found

EUVD
EUVD
added 2026/03/19 1:0 a.m.5 views

EUVD-2026-13037

OpenClaw versions 2026.2.26 prior to 2026.3.1 on Windows contain a current working directory injection vulnerability in wrapper resolution for .cmd/.bat files that allows attackers to influence execution behavior through cwd manipulation. Remote attackers can exploit improper shell execution...

7.8CVSS6AI score0.00241EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/15 3:52 p.m.2 views

CVE-2021-47781 Cmder Console Emulator 1.3.18 - 'Cmder.exe' Denial of Service (PoC)

Cmder Console Emulator 1.3.18 contains a buffer overflow vulnerability that allows attackers to trigger a denial of service condition through a maliciously crafted .cmd file. Attackers can create a specially constructed .cmd file with repeated characters to overwhelm the console emulator's buffer...

9.8CVSS6.8AI score0.0025EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/06/10 12:0 a.m.6 views

The vulnerability of the sync_time() function in the router_command.sh script of Quantenna’s Wi-Fi chip microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the synctime function in the routercommand.sh script of Quantenna’s Wi-Fi chip microprogramming software is related to the implementation or modification of arguments. Exploiting this vulnerability could allow an attacker to execute arbitrary commands...

7.7CVSS5.8AI score0.00614EPSS
Exploits0References3Affected Software7
BDU FSTEC
BDU FSTEC
added 2025/06/10 12:0 a.m.7 views

The vulnerability of the get_file_from_qtn() function in the router_command.sh script of the Quantenna Wi-Fi chip’s software allows a hacker to execute arbitrary commands.

The vulnerability of the getfilefromqtn function in the routercommand.sh script of the Quantenna Wi-Fi chip’s microprogramming system is related to the implementation or modification of arguments. Exploiting this vulnerability could allow a perpetrator to execute arbitrary commands...

7.7CVSS5.8AI score0.00626EPSS
Exploits0References3Affected Software7
Vulnrichment
Vulnrichment
added 2025/06/08 9:4 p.m.3 views

CVE-2025-32459 ON Semiconductor Quantenna router_command.sh (in the sync_time argument) Argument Injection

The Quantenna Wi-Fi chipset ships with a local control script, routercommand.sh in the synctime argument, that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command 'Argument Injection'," and is estimated as a CVSS 7.7...

7.7CVSS7.9AI score0.00614EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/06/08 9:4 p.m.18 views

CVE-2025-32458 ON Semiconductor Quantenna router_command.sh (in the get_syslog_from_qtn argument) Argument Injection

The Quantenna Wi-Fi chipset ships with a local control script, routercommand.sh in the getsyslogfromqtn argument, that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command 'Argument Injection'," and is estimated as a CVSS...

7.7CVSS0.00626EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/06/08 12:0 a.m.4 views

Quantenna Communications Quantenna Wi-Fi chipset 安全漏洞

Quantenna Communications Quantenna Wi-Fi chipset is a WiFi chip from Quantenna Communications, USA. A security vulnerability exists in Quantenna Communications Quantenna Wi-Fi chipset version 8.0.0.28 and earlier, which originates from a command injection in the synctime parameter of the...

7.8CVSS7AI score0.0097EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/06/08 12:0 a.m.4 views

Quantenna Communications Quantenna Wi-Fi chipset 安全漏洞

Quantenna Communications Quantenna Wi-Fi chipset is a WiFi chip from Quantenna Communications, USA. A security vulnerability exists in Quantenna Communications Quantenna Wi-Fi chipset version 8.0.0.28 and earlier, which originates from a command injection in the getsyslogfromqtn parameter in the...

7.8CVSS7AI score0.0097EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2025/04/01 12:0 a.m.8 views

The vulnerability in the cmd.cgi script of Netgear WNR854T router software allows a hacker to execute arbitrary commands.

The vulnerability in the cmd.cgi script of Netgear WNR854T router microprogramming software relates to the failure to take measures to neutralize special elements used in operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

9CVSS5.9AI score0.01002EPSS
Exploits1References2Affected Software1
UbuntuCve
UbuntuCve
added 2023/09/20 1:15 a.m.19 views

CVE-2023-38886

An issue in Dolibarr ERP CRM v.17.0.1 and before allows a remote privileged attacker to execute arbitrary code via a crafted command/script...

7.2CVSS7.4AI score0.2875EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/08/22 12:0 a.m.4 views

SAMSUNG sww-3400rw 跨站脚本漏洞

The SAMSUNG sww-3400rw Router is a wireless router from Samsung South Korea. The SAMSUNG sww-3400rw suffers from a cross-site scripting vulnerability that originates from cross-site scripting via the m2 parameter of sess-bin/command.cgi...

6.1CVSS5.9AI score0.00347EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEV
added 2021/06/01 12:0 a.m.4 views

VulnCheck KEV: CVE-2020-24581

An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU2.31V1.1.47ae55. It contains an executecmd.cgi feature that is not reachable via the web user interface that lets an authenticated user execute Operating System commands...

8CVSS7.3AI score0.12649EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2021/03/15 12:0 a.m.6 views

The vulnerability of the “cgi-bin/execute_cmd.cgi” implementation of D-Link DSL-2888A router microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the “cgi-bin/executecmd.cgi” implementation of D-Link DSL-2888A router microprogramming software is related to the failure to take measures to neutralize special elements used in the operating system command. Exploiting this vulnerability allows a remote attacker to execute...

8CVSS7.8AI score0.12649EPSS
Exploits1References5
OSV
OSV
added 2019/12/05 9:15 p.m.2 views

DEBIAN-CVE-2012-1115

A Cross-Site Scripting XSS vulnerability exists in LDAP Account Manager LAM Pro 3.6 in the export, addvalueform, and dn parameters to cmd.php...

6.1CVSS6.1AI score0.01576EPSS
Exploits0References1
OSV
OSV
added 2006/12/28 9:28 p.m.1 views

DEBIAN-CVE-2006-6799

SQL injection vulnerability in Cacti 0.8.6i and earlier, when registerargcargv is enabled, allows remote attackers to execute arbitrary SQL commands via the 1 second or 2 third arguments to cmd.php. NOTE: this issue can be leveraged to execute arbitrary commands since the SQL query results are...

7.5CVSS8.8AI score0.02443EPSS
Exploits0References1
Rows per page
Query Builder