Fortinet FortiWeb ] Restricted user can execute arbitrary commands with root privileges (OS command Injection). (FG-IR-20-120)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-20-120 advisory. - An OS command injection vulnerability in FortiWeb's management interface 6.3.7 and below, 6.2.3 and below, 6.1.x, 6.0.x, 5.9...

Fortinet FortiWeb OS command injection vulnerability (FG-IR-21-116)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-21-116 advisory. - An OS command injection vulnerability in FortiWeb's management interface 6.3.7 and below, 6.2.3 and below, 6.1.x, 6.0.x, 5.9...

Security Bulletin: IBM Datapower Operations Dashboard could allow remote attacker to execute arbitrary commands on the system CVE-2017-16100

Summary dns-sync is used by the IBM Datapower Operations Dashboard implementation of networking operations Vulnerability Details CVEID:CVE-2017-16100 DESCRIPTION: Node.js dns-sync module could allow a remote attacker to execute arbitrary commands on the system, caused by the improper validation o...

Apache HugeGraph Server 1.0.x < 1.3.0 (CVE-2024-27348)

The version of Apache HugeGraph Server installed on the remote host is prior to 1.3.0. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-27348 advisory. - RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server. This issue affects Apache HugeGraph-Server:...

The vulnerability of the PFE (evo-pfemand) control demon in JunOS Evolved operating systems allows a intruder to trigger a service failure.

The vulnerability of the PFE evo-pfemand control demon for JunOS Evolved is related to the unlimited distribution of resources. Exploiting this vulnerability allows a malicious actor to cause service failures by executing arbitrary commands through the command line interface, or by sending...

CVE-2024-20329

A vulnerability in the SSH subsystem of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker to execute operating system commands as root. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by...

The vulnerability in the genie_fix2.cgi microprogramming software for NETGEAR EX6120 allows a hacker to execute arbitrary commands.

The vulnerability of the geniefix2.cgi microprogramming software for NETGEAR EX6120 routers is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands using the wandns1pri parameter...

The vulnerability in the operating_mode.cgi script of NETGEAR’s router microprogramming devices EX6120, EX6100, and EX3700 allows a hacker to execute arbitrary commands.

The vulnerability of the operatingmode.cgi script in NETGEAR’s microprogrammed router devices, such as EX6120, EX6100, and EX3700, is related to the lack of measures taken to protect data at the control level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

PT-2024-8798 · Advantech · Advantech Eki-6333Ac-2G +1

Name of the Vulnerable Software and Affected Versions: Advantech EKI-6333AC-2G versions 1.6.3 and earlier Advantech EKI-6333AC-2GD versions 1.6.3 and earlier Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier Description: A vulnerability was discovered in the "capture packages" operation of...

The vulnerability of the SetVirtualServerSettings() function in the prog.cgi script of D-Link DIR-878 and DIR-882 router microprogramming systems allows a hacker to execute arbitrary commands.

The vulnerability of the SetVirtualServerSettings function in the prog.cgi script of D-Link DIR-878 and DIR-882 routers exists due to the failure to take measures to neutralize special elements used in operating system commands. Exploiting this vulnerability allows a malicious actor to execute...

The vulnerability of the Routed PON Controller Software component in the Cisco IOS XR operating system of Cisco NCS 540 Series Routers, NCS 5500 Series Routers, and NCS 5700 Series Routers allows attackers to execute arbitrary commands.

The vulnerability of the Routed PON Controller Software in Cisco IOS XR routers from the Cisco NCS 540 Series, NCS 5500 Series, and NCS 5700 Series routers exists due to the lack of measures taken to neutralize specific elements used in the operating system commands. Exploiting this vulnerability...

Exploit for Unrestricted Upload of File with Dangerous Type in Git

CVE-2024-32002 Versions 1.0.0https://github.com/grec...

The vulnerability of the SetPortForwardingSettings() function in the prog.cgi script of D-Link DIR-878 and DIR-882 router microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the SetPortForwardingSettings function in the prog.cgi script of D-Link DIR-878 and DIR-882 routers exists because measures to neutralize special elements used in operating system commands are not taken. Exploiting this vulnerability allows a malicious actor to execute...

The vulnerability of the SetVLANSettings() function in the prog.cgi script of D-Link DIR-878 and DIR-882 routers allows a hacker to execute arbitrary commands.

The vulnerability of the SetVLANSettings function in the prog.cgi script of D-Link DIR-878 and DIR-882 routers exists due to the failure to take measures to neutralize special elements used in operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary...

The vulnerability of the SetVLANSettings() function in the prog.cgi script of D-Link DIR-878 and DIR-882 routers allows a hacker to execute arbitrary commands.

The vulnerability of the SetVLANSettings function in the prog.cgi script of D-Link DIR-878 and DIR-882 routers exists due to the failure to take measures to neutralize special elements used in operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary...

D-Link DIR-878 and D-Link DIR-882 Command Injection Vulnerability (CNVD-2024-41694)

The D-Link DIR-878 is a wireless router.The D-Link DIR-882 is a dual-band wireless router. A command injection vulnerability exists in the D-Link DIR-878 and D-Link DIR-882, which can be exploited by an attacker to execute arbitrary operating system commands via a constructed POST request...

PT-2024-8828 · Draytek · Draytek Vigor3900

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor 3900 version 1.5.1.3 Description: The issue exists due to the lack of neutralization of special elements used in the operating system command by the doPPPo function in the mainfunction.cgi script of the DrayTek Vigor 3900 router...

CVE-2024-10119

The wireless router WRTM326 from SECOM does not properly validate a specific parameter. An unauthenticated remote attacker could execute arbitrary system commands by sending crafted requests...

PT-2024-16041 · Secom · Wrtm326

Name of the Vulnerable Software and Affected Versions: SECOM WRTM326 wireless router affected versions not specified Description: The wireless router WRTM326 from SECOM does not properly validate a specific parameter. An unauthenticated remote attacker could execute arbitrary system commands by...

CVE-2023-32193

A vulnerability has been identified in which unauthenticated cross-site scripting XSS in Norman's public API endpoint can be exploited. This can lead to an attacker exploiting the vulnerability to trigger JavaScript code and execute commands remotely...