PMB platform 代码问题漏洞

PMB platform is a free document management software from PMB Inc. A code issue vulnerability exists in PMB platform versions 4.0.10 through 4.2.13, which stems from the presence of an unrestricted file upload that could allow an attacker to upload a file in order to gain remote access to the...

The vulnerability of the Palo Alto Networks Expedition configuration migration tool lies in its inability to remove special elements used in the basic operating system, allowing attackers to execute arbitrary commands.

The vulnerability of the Palo Alto Networks Expedition configuration migration tool lies in the lack of measures taken to neutralize special elements used in the basic operating system. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

CVE-2025-0356

NEC Corporation Aterm WX1500HP Ver.1.4.2 and earlier and WX3600HP Ver.1.5.3 and earlier allows a attacker to execute arbitrary OS commands via the network...

CVE-2025-0356

NEC Corporation Aterm WX1500HP Ver.1.4.2 and earlier and WX3600HP Ver.1.5.3 and earlier allows a attacker to execute arbitrary OS commands via the network...

CVE-2025-0356

NEC Corporation Aterm WX1500HP Ver.1.4.2 and earlier and WX3600HP Ver.1.5.3 and earlier allows a attacker to execute arbitrary OS commands via the network...

Phiewer 安全漏洞

Phiewer is a macOS image viewer from Phiewer Inc. A security vulnerability exists in Phiewer version 4.1.0, which stems from a dylib injection that results in command execution, which can lead to remote control and unauthorized access to sensitive user data...

NEC Aterm WX1500HP 操作系统命令注入漏洞

The NEC Aterm WX1500HP is a wireless router from Nippon Electric NEC. An operating system command injection vulnerability exists in NEC Aterm WX1500HP Ver.1.4.2 and earlier and WX3600HP Ver.1.5.3 and earlier, which originates from allowing an attacker to execute arbitrary OS commands over the...

VulnCheck KEV: CVE-2022-44149

The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 and 80.103.2.5045 devices allows remote OS command execution by placing &telnetd in the JSON host field to the ping feature of the goform/sysTools component. Authentication is required...

DrayTek Vigor 1.5.1.1 (CVE-2020-19664)

The version of DrakTek Vigor installed on the remote host is prior to 1.5.1.1. It is, therefore, affected by a vulnerability as referenced in the CVE-2020-19664 advisory. - DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi...

CVE-2024-57473

H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the mac address editing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to...

CVE-2024-57471

H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the 2.4G wireless network processing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST...

CVE-2024-57479

H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the mac address update function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/we...

CVE-2024-57480

H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the AP configuration function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs...

PT-2025-3454 · H3C · H3C N12

Name of the Vulnerable Software and Affected Versions: H3C N12 version V100R005 Description: The issue is due to a lack of length verification in the 5G wireless network processing function, which can cause a buffer overflow. Attackers who successfully exploit this can cause the remote target...

PT-2025-7557 · Tenda · Tenda Ac6

Name of the Vulnerable Software and Affected Versions: Tenda AC6 version 15.03.05.16 multi Description: The issue is related to a remote code execution RCE problem. In the formexeCommand function, the parameter cmdinput can cause remote command execution. Recommendations: For Tenda AC6 version...

CVE-2024-57473

H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the mac address editing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to...

PT-2025-2546 · Wavlink · Wavlink Ac3000

Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 version M33A8.V5030.210505 Description: A vulnerability exists in the set nas function of nas.cgi, allowing for external configuration control. This can be exploited through a specially crafted HTTP request, potentially leading...

GestioIP 操作系统命令注入漏洞

GestioIP is a web-based IPv4/IPv6 address management software from GestioIP. A security vulnerability exists in GestioIP version v3.5.7 that originates in the file upload feature and leads to remote command execution...

The vulnerability of the Lenovo XClarity Controller (XCC) against Lenovo ThinkSystem servers allows a hacker to execute arbitrary commands.

The vulnerability of the Lenovo XClarity Controller XCC for Lenovo ThinkSystem systems is related to the lack of measures taken to neutralize specific elements. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute arbitrary commands using a specially created IPMI...

The vulnerability of the microprogrammed routing software of Four-Faith F3x24 and Four-Faith F3x36 arises from the failure to take measures to neutralize special elements used in the operating system’s commands. This allows attackers to execute arbitrary commands.

The vulnerability of the microprogrammed routing software of Four-Faith F3x24 and Four-Faith F3x36 lies in the lack of measures to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...