CVE-2024-51772 Authenticated Deserialization Vulnerability in ClearPass Policy Manager Web-Based Management Interface Leading to a Remote Command Execution (RCE)

An authenticated RCE vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system...

CVE-2024-51772

CVE-2024-51772 is an authenticated RCE vulnerability affecting Aruba ClearPass Policy Manager’s web-based management interface. The provided documents describe that authenticated users can remotely execute arbitrary commands on the underlying operating system, leading to potential full compromise...

Zyxel VMG4005-B50A 安全漏洞

The Zyxel VMG4005-B50A is a modem from China Heqin Zyxel. A security vulnerability exists in Zyxel VMG4005-B50A V5.15 ABQA.2.2 version C0 and earlier versions. An attacker could exploit the vulnerability to execute operating system commands on a vulnerable device...

The vulnerability of Dell Enterprise SONiC operating systems lies in the lack of measures to neutralize special elements used in the operating system commands, allowing attackers to execute arbitrary commands.

The vulnerability of Dell Enterprise SONiC operating systems lies in the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

PT-2024-9673 · Ruijie · Ruijie Reyee Os

Name of the Vulnerable Software and Affected Versions: Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x Description: The issue is related to the use of an inherently dangerous function in Ruijie Reyee OS, which could allow an attacker to send a malicious MQTT message, resulting in...

Vulnerabilities fixed in IBM Security Verify Access Appliance

IBM has fixed vulnerabilities in IBM Security Verify Access Appliance Versions 10.0.0 to 10.0.8. The vulnerabilities include an ability for remote authenticated attackers to execute arbitrary commands on the system, privilege escalation for locally authenticated non-administrative users through...

The vulnerability of the ping_v4 and ping_v6 functions of D-Link DIR-820L router microprogramming software, allowing a hacker to execute arbitrary commands.

The vulnerability of the pingv4 and pingv6 functions in D-Link DIR-820L router microprogramming software is related to the lack of measures taken at the control level when processing the pingaddr parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the LDAP authentication mechanism implemented in the Pandora FMS system for monitoring and managing IT environments allows a perpetrator to execute arbitrary commands on the server.

The vulnerability of the LDAP authentication mechanism in the Pandora FMS system for monitoring and managing IT environments is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a malicious actor operating remotely to execute arbitra...

CVE-2024-49803

IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request...

The vulnerability of the doPPPo function in the mainfunction.cgi script of the DrayTek Vigor 3900 router software allows a hacker to execute arbitrary commands.

The vulnerability of the doPPPo function in the mainfunction.cgi script of the DrayTek Vigor 3900 router software exists due to the failure to eliminate special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerabilities of the microprogrammed software of the multifunctional wireless access points Advantech EKI-6333AC-2G, EKI-6333AC-2GD, and EKI-6333AC-1GPO allow attackers to execute arbitrary commands.

The vulnerability of the microprogrammed software in multifunctional wireless access points Advantech EKI-6333AC-2G, EKI-6333AC-2GD, and EKI-6333AC-1GPO lies in the lack of measures to neutralize special elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary command...

The vulnerability of the capture_packages function in multifunctional wireless access points of Advantech EKI-6333AC-2G, EKI-6333AC-2GD, and EKI-6333AC-1GPO allows a intruder to execute arbitrary commands.

The vulnerability of the capturepackages function in multifunctional wireless access points of Advantech EKI-6333AC-2G, EKI-6333AC-2GD, and EKI-6333AC-1GPO is related to the lack of measures to neutralize special elements. Exploiting this vulnerability could allow a remote attacker to execute...

CVE-2024-31976

EnGenius EWS356-FIR 1.1.30 and earlier devices allow a remote attacker to execute arbitrary OS commands via the Controller connectivity parameter...

EnGenius EWS356-FIT 安全漏洞

The EnGenius EWS356-FIT is an indoor wireless access point from EnGenius. A security vulnerability exists in the EnGenius EWS356-FIT version 1.1.30 and prior versions. A remote attacker could exploit the vulnerability to execute arbitrary operating system commands via the controller connection...

PT-2024-24330

Name of the Vulnerable Software and Affected Versions EnGenius EWS356-FIR versions 1.1.30 and earlier Description The issue allows a remote attacker to execute arbitrary OS commands via the Controller connectivity parameter. This enables the attacker to gain unauthorized access and control over t...

Exploit for CVE-2023-38646

CVE-2023-38646-PoC-Metabase Proof-of-Concept script for exploi...

CVE-2024-50371

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection'" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G = 1.6.3, EKI-6333AC-2GD = v1.6.3 and EKI-6333AC-1GPO = v1.2.1. The vulnerability can be exploited by remote...

D-Link DI-8200 Command Injection Vulnerability

The D-Link DI-8200 is an enterprise router from China-based AUO D-Link. The D-Link DI-8200 suffers from a command injection vulnerability that stems from a remote command execution vulnerability in the flag parameter and cmd parameter of the mspinfohtm function. No details of the vulnerability ar...

The vulnerability of the Cortex XSOAR CommonScripts package for security management, automation, and response solutions lies in the lack of data cleansing at the control level, allowing attackers to execute arbitrary commands.

The vulnerability of the Cortex XSOAR CommonScripts package for security management, automation, and response involves a lack of data cleansing measures at the control level. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary commands...

The vulnerability of the LibreNMS network monitoring system, related to the failure to take measures to neutralize special elements, allows a violator to execute arbitrary commands.

The vulnerability of the LibreNMS network monitoring system is related to the failure to take measures to neutralize specific elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...