CVE-2024-47462

CVE-2024-47462 affects Hewlett Packard Enterprise Aruba Instant AOS-8 and AOS-10, describing an arbitrary file creation vulnerability in the CLI that could allow an authenticated remote attacker to create arbitrary files and, per the advisory, lead to remote code execution on the underlying OS. T...

CVE-2024-47462 Arbitrary File Creation Vulnerability in Instant AOS-8 and AOS-10 leads to Authenticated Remote Command Execution (RCE)

An arbitrary file creation vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. Successful exploitation of this vulnerability could allow an authenticated remote attacker to create arbitrary files, which could lead to a remote command execution RCE on the underlying...

CVE-2024-47461 Authenticated Arbitrary Remote Command Execution (RCE) in Instant AOS-8 and AOS-10

An authenticated command injection vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. A successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to...

CVE-2023-29120 Unauthorized Remote Command Execution in Enel X Juicebox

Waybox Enel X web management application could be used to execute arbitrary OS commands and provide administrator’s privileges over the Waybox system...

CVE-2023-29120 Unauthorized Remote Command Execution in Enel X Juicebox

Waybox Enel X web management application could be used to execute arbitrary OS commands and provide administrator’s privileges over the Waybox system...

PT-2024-8272 · NetGear · Netgear R6400 +3

Name of the Vulnerable Software and Affected Versions: Netgear R8500 version 1.0.2.160 Netgear XR300 version 1.0.3.78 Netgear R7000P version 1.3.3.154 Netgear R6400 v2 version 1.0.4.128 Description: A command injection vulnerability was discovered in the wlg adv.cgi component of Netgear routers,...

Hewlett Packard Enterprise ArubaOS 安全漏洞

Hewlett Packard Enterprise ArubaOS HPE ArubaOS is a networked wireless operating system from Hewlett Packard Enterprise. A security vulnerability exists in Hewlett Packard Enterprise ArubaOS that stems from an arbitrary file creation vulnerability, which can be exploited by an attacker to allow a...

PT-2024-8320 · NetGear · Netgear R8500

Name of the Vulnerable Software and Affected Versions: Netgear R8500 version 1.0.2.160 Description: The issue exists due to the lack of measures to neutralize special elements used in the operating system command. This allows a remote attacker to execute arbitrary commands by sending a specially...

VulnCheck KEV: CVE-2023-28769

The buffer overflow vulnerability in the library “libclinkc.so” of the web server “zhttpd” in Zyxel DX5401-B0 firmware versions prior to V5.17ABYO.1C0 could allow a remote unauthenticated attacker to execute some OS commands or to cause denial-of-service DoS conditions on a vulnerable device...

Tenda AX2 Pro Operating System Command Injection Vulnerability

Tenda AX2 Pro is a home user designed entry-level Gigabit Wi-Fi 6 router from Tenda China. The Tenda AX2 Pro suffers from an operating system command injection vulnerability that can be exploited by an attacker to execute commands by building a malicious payload...

MAL-2024-12287 Malicious code in hmac2 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 055915f62eab8a5fe37b7501a3ed565a2aba267bdd69e82acaa13525bacf41a1 The package contains obfuscated code that exfiltrate basic data, and then executes commands delivered from remote server --- Category: MALICIOUS - The campaign...

The software’s vulnerability regarding backup and disaster recovery in HBS 3 Hybrid Backup Sync. This allows a hacker to execute arbitrary commands on QNAP network devices.

The vulnerability of the HBS 3 Hybrid Backup Sync software regarding backup and disaster recovery operations is related to the lack of measures taken to neutralize special elements used in the operating system. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

PT-2024-9704 · Draytek · Draytek Vigor3900

Name of the Vulnerable Software and Affected Versions: Draytek Vigor3900 version 1.5.1.3 Description: The issue is related to the ldap search dn function in the mainfunction.cgi script of the Draytek Vigor3900 web interface. It allows attackers to inject malicious commands and execute arbitrary...

CVE-2023-33246

A vulnerability was found in Apache RocketMQ where, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification. This flaw allows an attacker to use...

CyberPanel 安全漏洞

CyberPanel is a web hosting control panel with built-in DNS and email servers by Usman Nasir, an individual developer. CyberPanel has a security vulnerability that originates from getresetstatus in dns/views.py that allows remote attackers to bypass authentication and execute arbitrary commands v...

The vulnerability of the SetGuestZoneRouterSettings function in D-Link’s DIR-822 and DIR-878 router microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the SetGuestZoneRouterSettings function in D-Link DIR-822 and DIR-878 router microprogramming systems lies in the lack of measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

PT-2024-7401

Name of the Vulnerable Software and Affected Versions: HBS 3 Hybrid Backup Sync versions prior to 25.1.1.673 Description: The issue is related to an OS command injection vulnerability. This vulnerability could allow remote attackers to execute commands. It is reported that over 113,000 instances...

The vulnerability of the ate_iwpriv_set() and ate_ifconfig_set() functions (/goform/ate) in the Tenda AC1206 router microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the ateiwprivset and ateifconfigset functions /goform/ate of the Tenda AC1206 router software is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability in the web interface for managing Cisco Firepower Management Center software allows a perpetrator to execute arbitrary commands.

The vulnerability of the web-based interface for managing Cisco Firepower Management Center FMC software involves deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to execute arbitrary commands remotely...

The vulnerability of the microprogrammed control system of the ABB AC 800M is related to errors in processing input data, allowing a intruder to execute arbitrary commands.

The vulnerability of the ABB AC 800M controller’s microprogramming software is related to errors in processing input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands by sending specially crafted MMS packets remotely...