Western Digital MyCloud NAS - Command Injection

Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/googleanalytics.php URL via a modified arg parameter in the POST data. id: CVE-2016-10108 info: name: Western Digital MyCloud NAS - Command Injection author: DhiyaneshDk severity: critical...

TOTOLINK A3700R - Command Injection

An issue in TOTOLINK A3700R v.9.1.2u.616520211012 allows a remote attacker to execute arbitrary code via the FileName parameter of the UploadFirmwareFile function. id: CVE-2023-46574 info: name: TOTOLINK A3700R - Command Injection author: DhiyaneshDk severity: critical description: | An issue in...

SolarView 6.00 - Remote Command Execution

SolarView Compact 6.00 is vulnerable to a command injection via networktest.php. id: CVE-2022-40881 info: name: SolarView 6.00 - Remote Command Execution author: For3stCo1d severity: critical description: | SolarView Compact 6.00 is vulnerable to a command injection via networktest.php. impact: |...

EUVD-2021-22801

Malware in sbrugna...

EUVD-2019-15198

Malware in sbrugna...

Wavlink AC3000 touchlist_sync.cgi touchlistsync() command injection vulnerability

Talos Vulnerability Report TALOS-2024-2000 Wavlink AC3000 touchlistsync.cgi touchlistsync command injection vulnerability January 14, 2025 CVE Number CVE-2024-34166 SUMMARY An os command injection vulnerability exists in the touchlistsync.cgi touchlistsync functionality of Wavlink AC3000...

Wavlink AC3000 nas.cgi remove_dir() Command Injection Vulnerability

Talos Vulnerability Report TALOS-2024-2054 Wavlink AC3000 nas.cgi removedir Command Injection Vulnerability January 14, 2025 CVE Number CVE-2024-39360 SUMMARY An os command injection vulnerability exists in the nas.cgi removedir functionality of Wavlink AC3000 M33A8.V5030.210505. A specially...

Security Bulletin: Multiple security vulnerabilities in Python affect IBM Robotic Process Automation

Summary Multiple security vulnerabilities in Python affect IBM Robotic Process Automation. Python is used by IBM Robotic Process Automation as part of Watson NLP. This bulletin identifies the fixes to resolve the vulnerabilities. Vulnerability Details CVEID:CVE-2019-20916 DESCRIPTION: pypa pip...

Security Bulletin: Multiple Vulnerabilities in IBM Event Processing

Summary Multiple base image vulnerabilities were addressed in IBM Event Processing version 1.2.2. Vulnerability Details CVEID:CVE-2024-47176 DESCRIPTION: OpenPrinting cups-browsed could allow a remote attacker to obtain sensitive information, caused by the binding on UDP INADDRANY:631 and trustin...

Security Bulletin: Multiple Vulnerabilities in VMware vCenter affect Cloud Pak System [CVE-2024-22274, CVE-2024-22275, CVE-2024-37087]

Summary Vulnerabilities in Broadcom VMware vCenter affect IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2024-22274 DESCRIPTION: Broadcom VMware vCenter Server and Cloud Foundation could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by an...

CVE-2024-33508

An improper neutralization of special elements used in a command 'Command Injection' vulnerability CWE-77 in Fortinet FortiClientEMS 7.2.0 through 7.2.4, 7.0.0 through 7.0.12 may allow an unauthenticated attacker to execute limited and temporary operations on the underlying database via crafted...

CVE-2024-33508

An improper neutralization of special elements used in a command 'Command Injection' vulnerability CWE-77 in Fortinet FortiClientEMS 7.2.0 through 7.2.4, 7.0.0 through 7.0.12 may allow an unauthenticated attacker to execute limited and temporary operations on the underlying database via crafted...

CVE-2024-33508

Fortinet FortiClientEMS is affected by CVE-2024-33508 through improper neutralization of special elements in a command, enabling an unauthenticated attacker to perform limited, temporary operations on the underlying database via crafted requests. Affected versions are FortiClientEMS 7.0.0–7.0.12 ...

CVE-2023-48791

An improper neutralization of special elements used in a command 'Command Injection' vulnerability CWE-77 in FortiPortal version 7.2.0, version 7.0.6 and below may allow a remote authenticated attacker with at least R/W permission to execute unauthorized commands via specifically crafted argument...

Command injection

An improper neutralization of special elements used in a command 'Command Injection' vulnerability CWE-77 in FortiPortal version 7.2.0, version 7.0.6 and below may allow a remote authenticated attacker with at least R/W permission to execute unauthorized commands via specifically crafted argument...

CVE-2023-48791

An improper neutralization of special elements used in a command 'Command Injection' vulnerability CWE-77 in FortiPortal version 7.2.0, version 7.0.6 and below may allow a remote authenticated attacker with at least R/W permission to execute unauthorized commands via specifically crafted argument...

CVE-2023-48791

An improper neutralization of special elements used in a command 'Command Injection' vulnerability CWE-77 in FortiPortal version 7.2.0, version 7.0.6 and below may allow a remote authenticated attacker with at least R/W permission to execute unauthorized commands via specifically crafted argument...

CVE-2023-48791

FortiPortal is affected by a Command Injection (CWE-77) in the Schedule System Backup page field. A remote authenticated attacker with at least read/write permissions can execute unauthorized commands on FortiPortal versions 7.2.0, 7.0.6 and below. Root cause: improper neutralization of special e...

Milesight UR32L libzebra.so change_hostname OS command injection vulnerability

Talos Vulnerability Report TALOS-2023-1699 Milesight UR32L libzebra.so changehostname OS command injection vulnerability July 6, 2023 CVE Number CVE-2023-22659 SUMMARY An os command injection vulnerability exists in the libzebra.so changehostname functionality of Milesight UR32L v32.3.0.5. A...

Milesight UR32L ys_thirdparty user_delete OS command injection vulnerability

Talos Vulnerability Report TALOS-2023-1694 Milesight UR32L ysthirdparty userdelete OS command injection vulnerability July 6, 2023 CVE Number CVE-2023-23550 SUMMARY An OS command injection vulnerability exists in the ysthirdparty userdelete functionality of Milesight UR32L v32.3.0.5. A specially...