CVE-2023-0351 CVE-2023-0351

The Akuvox E11 web server backend library allows command injection in the device phone-book contacts functionality. This could allow an attacker to upload files with executable command instructions...

CVE-2023-0351 CVE-2023-0351

The Akuvox E11 web server backend library allows command injection in the device phone-book contacts functionality. This could allow an attacker to upload files with executable command instructions...

CVE-2023-0351

The CVE-2023-0351 issue affects Akuvox E11 (all versions) where the web server backend library allows command injection in the device’s phone-book contacts functionality, enabling an attacker to upload files with executable command instructions. Public sources cite a high-severity CVSSv3.1 base s...

Akuvox E11 命令注入漏洞

Akuvox E11 is a SIP visual doorbell from Akuvox designed for villas, houses and apartments. The Akuvox E11 suffers from a command injection vulnerability that stems from a web server backend library that allows command injection in the device's phonebook contact feature. This could allow an...

Privilege escalation

An arbitrary file upload vulnerability in Mindoc v2.1-beta.5 allows attackers to execute arbitrary commands via a crafted Zip file...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

l4spoc Log4Shell Cve-2021-44228 Proof Of Concept This is a...

Elecom Edwrc Operating System OS Command Injection Vulnerability

The Elecom Edwrc is a series of routers from Elecom Japan. The Elecom Edwrc suffers from an operating system command injection vulnerability that originates from a network system or product not properly filtering specific elements of the data entered externally to the ELECOM router during the...

D-Link DAP-1860 Remote Code Execution Vulnerability (CNVD-2022-38539)

The D-Link DAP-1860 is a WiFi range extender from D-Link, a Taiwan-based company. A remote code execution vulnerability exists in the D-Link DAP-1860, which stems from a network system or product that does not properly filter external input data during the construction of executable commands, and...

Siemens License Management Utility (LMU) Elevation of Privilege Vulnerability

License Management Utility LMU is a unified license management system for Siemens Building Automation products such as Desigo CC and ABT. An elevation of privilege vulnerability exists in Siemens License Management Utility LMU. This allows a locally authenticated attacker to execute arbitrary...

CVE-2020-10569

SysAid On-Premise 20.1.11, by default, allows the AJP protocol port, which is vulnerable to a GhostCat attack. Additionally, it allows unauthenticated access to upload files, which can be used to execute commands on the system by chaining it with a GhostCat attack. NOTE: This may be a duplicate o...

Pulse Secure Pulse Connect Secure SSL VPN Unauthenticated Path Traversal (CVE-2019-11510)

Binary data pulseconnectsecurepathtraversal.nbin...

Citrix Systems SD-WAN Center and NetScaler SD-WAN Center Command Injection Vulnerabilities

Citrix Systems SD-WAN Center is a centralized management system from Citrix Systems USA. The system is primarily used to configure, monitor and analyze all Citrix SD-WAN devices on the WAN. A command injection vulnerability exists in Citrix Systems SD-WAN Center versions 10.2.x prior to 10.2.3 an...

Vivotek FD8136 Command Injection Vulnerability (CNVD-2019-22783)

Vivotek FD8136 is a hemispherical network camera from Vivotek, Taiwan, China. A command injection vulnerability exists in the Vivotek FD8136. The vulnerability arises from a network system or product not properly filtering specific elements of externally input data during the construction of...

Sudo Commands

This module examines the sudoers configuration for the session user and lists the commands executable via sudo. This module also inspects each command and reports potential avenues for privileged code execution due to poor file system permissions or permitting execution of executables known to be...

Design/Logic Flaw

An exploitable vulnerability exists in the WiFi Channel parsing of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary sed commands. An attacker needs to setup an access point reachable by the device to trigger this vulnerability...

CVE-2008-3904

src/main-win.c in GPicView 0.1.9 in Lightweight X11 Desktop Environment LXDE allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename...

Oracle XDB component PITRIG_DROPMETADATA buffer overflow

Added: 11/23/2007 CVE: CVE-2007-4517 BID: 26374 OSVDB: 39918 Background The PITRIGDROPMETADATA function is included in the XDB.XDBPITRIGPKG package which is included with Oracle Database. Problem A buffer overflow vulnerability in the PITRIGDROPMETADATA function allows remote, authenticated...

CVE-2001-1583

CVE-2001-1583 affects the Solaris in.lpd (lpd) daemon shipped with Sun Solaris up to version 8.0. A crafted job request with a malformed control file, not correctly handled when lpd calls a mail program, allows remote command execution. Exploitation has been demonstrated in public advisories and ...

ezmlm-cgi

Package : ezmlm-0.53 and below ezmlm-cgi Announced: 2000-12-05 Ezmlm is an easy to use mailing list manager for qmail. It ships with a cgi application to allow for list archiving and reviewal over the web. Documentation states that the cgi should be installed suid root, but in real world...

S.u.S.E Linux 4.x5.x6.x7.0 Slackware 3.x4.0 Turbolinux 6 OpenLinux 7.0 - fdmount Local Buffer Overflow (3)

S.u.S.E Linux 4.x5.x6.x7.0 Slackware 3.x4.0 Turbolinux 6 OpenLinux 7.0 - fdmount Local Buffer Overflow 3 // source: https://www.securityfocus.com/bid/1239/info A buffer overflow exists in the 0.8 version of the fdmount program, distributed with a number of popular versions of Linux. By supplying ...