The vulnerability of the command-line interface (CLI) of the Instant AOS-8 and AOS-10 operating systems, which allows a hacker to execute arbitrary commands

The vulnerability of the command-line interface CLI of the Instant AOS-8 and AOS-10 operating systems is related to the lack of restrictions on the loading of files. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the command-line interface (CLI) of the Instant AOS-8 and AOS-10 operating systems, which allows a hacker to execute arbitrary commands

The vulnerability of the command-line interface CLI of the Instant AOS-8 and AOS-10 operating systems is related to the lack of restrictions on the loading of files. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

CVE-2024-50388

An OS command injection vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If exploited, the vulnerability could allow remote attackers to execute commands. We have already fixed the vulnerability in the following version: HBS 3 Hybrid Backup Sync 25.1.1.673 and later...

CVE-2024-50393 QTS, QuTS hero

A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and...

CVE-2024-50393

CVE-2024-50393 is a command-injection vulnerability reported to affect QNAP QTS and QuTS hero OS families. The issue may allow remote attackers to execute arbitrary commands via network access, with a low attack complexity and no privileges required, potentially impacting confidentiality, integri...

CVE-2024-50393 QTS, QuTS hero

A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and...

CVE-2024-50388

CVE-2024-50388 is an OS command injection vulnerability affecting HBS 3 Hybrid Backup Sync. The vulnerability could allow remote code execution; affected versions include prior to 25.1.1.673, with fixes in 25.1.1.673 and later. Public disclosures in multiple feeds corroborate remote-command execu...

CVE-2024-50388 HBS 3 Hybrid Backup Sync

An OS command injection vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If exploited, the vulnerability could allow remote attackers to execute commands. We have already fixed the vulnerability in the following version: HBS 3 Hybrid Backup Sync 25.1.1.673 and later...

CVE-2024-47133

UD-LT1 firmware Ver.2.1.9 and earlier and UD-LT1/EX firmware Ver.2.1.9 and earlier allow a remote authenticated attacker with an administrative account to execute arbitrary OS commands...

PT-2024-22288 · Unknown · Image Access Scan2Net

Name of the Vulnerable Software and Affected Versions: Image Access Scan2Net versions affected versions not specified Description: An unauthenticated attacker with network access to the affected device's web interface can execute any system command via the "msg events.php" script as the www-data...

I-O Data Device UD-LT1和I-O Data Device UD-LT1/EX 安全漏洞

I-O Data Device UD-LT1 and I-O Data Device UD-LT1/EX are both products of I-O Data Device Japan.I-O Data Device UD-LT1 is a hybrid LTE router.I-O Data Device UD-LT1/EX is a hybrid LTE router and is the successor to the IO DATA UD-LT1 router. A security vulnerability exists in I-O Data Device UD-L...

VulnCheck KEV: CVE-2021-20617

Improper access control vulnerability in acmailer ver. 4.0.1 and earlier, and acmailer DB ver. 1.1.3 and earlier allows remote attackers to execute an arbitrary OS command, or gain an administrative privilege which may result in obtaining the sensitive information on the server via unspecified...

The vulnerability in the implementation of the SSH network protocol for the microprogramming-based software of industrial routers such as Billion M100, Billion M150, Billion M120N, and Billion M500 allows a hacker to execute arbitrary commands.

The vulnerability of the SSH network protocol implementation in the microprogramming-based software for industrial routers such as Billion M100, Billion M150, Billion M120N, and Billion M500 is related to the lack of measures to neutralize special elements used in operating system commands...

CVE-2024-51465

IBM App Connect Enterprise Certified Container 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, and 12.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request...

PT-2024-9294 · Qlik · Qlik Sense Enterprise For Windows

Name of the Vulnerable Software and Affected Versions: Qlik Sense Enterprise for Windows versions prior to November 2024 IR Description: The issue allows unprivileged users with network access to execute remote commands, potentially causing high availability damages, including high integrity and...

PT-2024-34641 · Ibm · Ibm App Connect Enterprise Certified Container

Name of the Vulnerable Software and Affected Versions: IBM App Connect Enterprise Certified Container versions 11.4 through 12.3 Description: The issue allows a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. This could potentially...

The vulnerability of the “host” parameter in the web interface for controlling Zyxel network devices allows a perpetrator to execute arbitrary commands.

The vulnerability of the host parameter in the web interface for controlling Zyxel network devices is related to the failure to take measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability in the cgi-bin/cstecgi.cgi script of the TOTOLINK X18 Wi-Fi router’s software allows a hacker to execute arbitrary commands.

The vulnerability in the cgi-bin/cstecgi.cgi script of the TOTOLINK X18 Wi-Fi router software is related to insufficient checking of arguments passed in the command. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the SetWanSettings function in D-Link DIR-823G router software allows a hacker to execute arbitrary commands.

The vulnerability of the SetWanSettings function in D-Link DIR-823G router microprogramming software is related to the failure to take measures to neutralize special elements used in the operating system’s processing of the HostName parameter. Exploiting this vulnerability allows a remote attacke...

CVE-2024-51772 Authenticated Deserialization Vulnerability in ClearPass Policy Manager Web-Based Management Interface Leading to a Remote Command Execution (RCE)

An authenticated RCE vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system...