The vulnerability of the version_upgrade.asp function in D-Link router microprogramming devices such as DI-7003G, DI-7003GV2, DI-7100G+V2, DI-7100GV2, DI-7200GV2, DI-7300G+V2, and DI-7400G+V2 allows a hacker to execute arbitrary commands.

The vulnerability of the versionupgrade.asp function in D-Link router microprogramming devices such as DI-7003G, DI-7003GV2, DI-7100G+V2, DI-7100GV2, DI-7200GV2, DI-7300G+V2, and DI-7400G+V2 is related to insufficient testing of the arguments passed in the command. Exploitation of this...

The vulnerability of the cgi_get_cooliris() function (/cgi-bin/photocenter_mgr.cgi) in the microprogramming software of D-Link devices such as DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04 allows a hacker to execute arbitrary commands.

The vulnerability of the cgigetcooliris function /cgi-bin/photocentermgr.cgi in the microprogramming software of D-Link devices such as DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4...

The vulnerability of the cgiMovePhoto() function (/cgi-bin/photocenter_mgr.cgi) in the software of D-Link devices such as DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04 allows a hacker to execute arbitrary commands.

The vulnerability of the cgiMovePhoto function /cgi-bin/photocentermgr.cgi in the microprogramming software of D-Link devices such as DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4,...

The vulnerability of the cgi_photo_search() function (/cgi-bin/photocenter_mgr.cgi) in the microprogramming software of D-Link devices such as DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04 allows a hacker to execute arbitrary commands.

The vulnerability of the cgiphotosearch function /cgi-bin/photocentermgr.cgi in the microprogramming software of D-Link devices such as DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4...

The vulnerabilities of the functions cgi_create_playlist() and cgi_get_tracks_list() (/cgi-bin/MyMusic.cgi) in the microprogramming software of D-Link devices such as DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04 allow a malicious individual to execute arbitrary commands.

The vulnerabilities of the functions cgicreateplaylist and cgigettrackslist /cgi-bin/MyMusic.cgi in the microprogramming software of D-Link devices such as DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343...

The vulnerability of the cgi_FMT_R12R5_3rd_DiskMGR() function (/cgi-bin/hd_config.cgi) in the D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04 devices allows a hacker to execute arbitrary commands.

The vulnerability of the cgiFMTR12R53rdDiskMGR function /cgi-bin/hdconfig.cgi in the D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04...

The vulnerability of the msp_info.htm file on the D-Link DI-8100G network device allows a hacker to bypass security restrictions and execute arbitrary commands.

The vulnerability of the mspinfo.htm file on the D-Link DI-8100G network device is related to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to bypass security restrictions and execute arbitra...

The vulnerability of the upgrade_filter_asp() function (located in the upgrade_filter.asp script) of the D-Link DI-8100 router software allows a hacker to execute arbitrary commands.

The vulnerability of the upgradefilterasp function located in the upgradefilter.asp script of D-Link DI-8100 routers is related to the lack of measures taken at the control level to clean up data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the msp_info_htm function in D-Link DI-8004W router microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the mspinfohtm function in D-Link DI-8004W router microprogramming software is related to the lack of measures taken to clean data at the control level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the upgrade_filter_asp function in D-Link DI-8004W router software allows a hacker to execute arbitrary commands.

The vulnerability of the upgradefilterasp function in D-Link DI-8004W router microprogramming software is related to the lack of measures taken to clean data at the control level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the cgi_FMT_Std2R1_DiskMGR() function (/cgi-bin/hd_config.cgi) in the D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04 devices allows a hacker to execute arbitrary commands.

The vulnerability of the cgiFMTStd2R1DiskMGR function /cgi-bin/hdconfig.cgi in the D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04...

The vulnerability of the cgi_FMT_Std2R5_2nd_DiskMGR() function (/cgi-bin/hd_config.cgi) in the D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04 devices allows a hacker to execute arbitrary commands.

The vulnerability of the cgiFMTStd2R52ndDiskMGR function /cgi-bin/hdconfig.cgi in the D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04...

Command Injection

cups-filters is vulnerable to Command Injection. Any value passed to FoomaticRIPCommandLine via a PPD file will be executed as a user controlled command. When combined with other logic bugs as described in CVE2024-47176, this can lead to remote command execution...

Improper Source Verification

cups-filter is vulnerable to Improper Source Verification. cups-browsed binds to INADDRANY:631, causing it to trust any packet from any source, and can cause the Get-Printer-Attributes IPP request to an attacker controlled URL. Due to the service binding to :631 INADDRANY , multiple bugs in...

CUPS cups-browsed input validation error vulnerability

CUPS is a standards-based open source printing system. An input validation error vulnerability exists in CUPS cups-browsed, which can be exploited by an attacker to remotely execute arbitrary commands on the target machine when starting a print job...

Backdoor.Win32.Benju.a MVID-2024-0700 Remote Command Execution

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/88922242e8805bfbc5981e55fdfadd71.txt Contact: [email protected] Media: x.com/malvuln Threat: Backdoor.Win32.Benju.a Vulnerability: Unauthenticated Remote Command Execution Family: Benju Typ...

CVE-2024-47177

REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-47076, CVE-2024-47175, CVE-2024-47176. Reason: This candidate is a duplicate of CVE-2024-47076, CVE-2024-47175, and CVE-2024-47176. Notes: All CVE users should reference CVE-2024-47076, CVE-2024-47175, and/or CVE-2024-47176 instead of...

CVE-2024-47177

Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-47076, CVE-2024-47175, CVE-2024-47176. Reason: This candidate is a duplicate of CVE-2024-47076, CVE-2024-47175, and CVE-2024-47176. Notes: All CVE users should reference CVE-2024-47076, CVE-2024-47175, and/or...

CVE-2024-47177

Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-47076, CVE-2024-47175, CVE-2024-47176. Reason: This candidate is a duplicate of CVE-2024-47076, CVE-2024-47175, and CVE-2024-47176. Notes: All CVE users should reference CVE-2024-47076, CVE-2024-47175, and/or...

CVE-2024-47177

CVE-2024-47177 is rejected/not used; reference CVE-2024-47076, CVE-2024-47175, and CVE-2024-47176.