Nginx UI 代码注入漏洞

Nginx UI is a web interface for Nginx developed by Jacky. Versions of Nginx UI prior to 2.3.8 had a code injection vulnerability. This vulnerability stemmed from the backup restoration endpoint POST /api/restore, which operates without authentication within the first 10 minutes after the process...

CVE-2025-52989 Junos OS and Junos OS Evolved: Annotate configuration command can be used to change the configuration

An Improper Neutralization of Delimiters vulnerability in the UI of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to modify the system configuration. A user with limited configuration and commit permissions, using a specifically crafted...

CVE-2024-36555

Built-in SMS-configuration command in Forever KidsWatch Call Me KW50 R36YDRA3PWGM7SV1.02019071516.19.24cobh and Forever KidsWatch Call Me 2 KW-60 R36CWYDES4A292V1.02023.05.2422.49.44cobb allows malicious users to change the device IMEI-number which allows for forging the identity of the device...

CVE-2024-36555

Built-in SMS-configuration command in Forever KidsWatch Call Me KW50 R36YDRA3PWGM7SV1.02019071516.19.24cobh and Forever KidsWatch Call Me 2 KW-60 R36CWYDES4A292V1.02023.05.2422.49.44cobb allows malicious users to change the device IMEI-number which allows for forging the identity of the device...

WAVLINK AC3000 External Configuration Control Vulnerability

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. The WAVLINK AC3000 suffers from an external configuration control vulnerability that stems from the openvpn.cgi openvpnclientsetup function failing to properly filter construct command special characters, commands, etc. The...

Cisco NX-OS Software 操作系统命令注入漏洞

Cisco NX-OS Software is a set of data center-grade operating system software for switches from the U.S. company Cisco Cisco. A command injection vulnerability exists in Cisco NX-OS Software, which arises from insufficient validation of parameters passed to specific configuration CLI commands, and...

PT-2023-28003 · Brocade · Brocade Fabric Os

Name of the Vulnerable Software and Affected Versions: Brocade Fabric OS versions 9.0 through 9.2.0a Description: A segmentation fault can occur in Brocade Fabric OS through the passwdcfg command. This could allow an authenticated privileged user to crash a Brocade Fabric OS switch using the cli...

Cisco Firepower Threat Defense Software Privilege Escalation (cisco-sa-ftd-mgmt-privesc-7GqR2th)

A vulnerability in the management web server of Cisco Firepower Threat Defense FTD Software could allow an authenticated, remote attacker with high privileges to execute configuration commands on an affected system. This vulnerability exists because access to HTTPS endpoints is not properly...

CVE-2022-35161

GVRET Stable Release as of Aug 15, 2015 was discovered to contain a buffer overflow via the handleConfigCmd function at SerialConsole.cpp...

CVE-2021-36100

Specially crafted string in OTRS system configuration can allow the execution of any system command...

CVE-2021-30260

Possible Integer overflow to buffer overflow issue can occur due to improper validation of input parameters when extscan hostlist configuration command is received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IO...

多款Qualcomm产品输入验证错误漏洞

A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way to miniaturize circuits mainly semiconductor devices, but also passive components, etc., and is often fabricated on the surface of semiconductor wafers. A security vulnerability exists in Qualcomm chips that stems from improper...

CVE-2021-1421

A vulnerability in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to perform a command injection attack on an affected device. The vulnerability is due to insufficient validation of user-supplied input to a configuration command. An attacker could...

Command injection

A vulnerability in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to perform a command injection attack on an affected device. The vulnerability is due to insufficient validation of user-supplied input to a configuration command. An attacker could...

CVE-2021-1421 Cisco Enterprise NFV Infrastructure Software Command Injection Vulnerability

A vulnerability in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to perform a command injection attack on an affected device. The vulnerability is due to insufficient validation of user-supplied input to a configuration command. An attacker could...

Cisco Enterprise NFV Infrastructure Software Command Injection Vulnerability

A vulnerability in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to perform a command injection attack on an affected device. The vulnerability is due to insufficient validation of user-supplied input to a configuration command. An attacker could...

Oracle Linux 6 : ntp (ELSA-2017-3071)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-3071 advisory. - add disable monitor to default ntp.conf CVE-2013-5211 - fix buffer overflow in datum refclock driver CVE-2017-6462 - fix crash with invalid unpeer...

ntp: ntpd crash when processing config commands with statistics type

It was found that ntpd would exit with a segmentation fault when a statistics type that was not enabled during compilation e.g. timingstats was referenced by the statistics or filegen configuration command...

op5 7.1.9 Configuration Command Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'op5 v7.1.9 Configuration Command Execution', 'Description' = %q op5 an open source network monitoring software. The configurati...

CVE-2016-2055

xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to read arbitrary files in the configuration directory via a "config" command...