PT-2024-5933 · D Link · D-Link Dir-846

Name of the Vulnerable Software and Affected Versions: D-Link DIR-846W A1 FW100A43 Description: The issue is a remote command execution vulnerability that can be exploited via a crafted POST request. It is related to the wl0.0 ssid parameter. This vulnerability allows a remote attacker to execute...

CVE-2024-44341

D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution RCE vulnerability via the lan0dhcpsstaticlist parameter. This vulnerability is exploited via a crafted POST request...

PT-2024-5964 · D Link · D-Link Dir-846

Name of the Vulnerable Software and Affected Versions: D-Link DIR-846W A1 FW100A43 Description: The issue is related to a remote command execution vulnerability via the tomography ping address parameter in the /HNAP1/ interface. This vulnerability may allow a remote attacker to execute arbitrary...

Aruba 501 CN12G5W0XX Remote Command Execution

Exploit Title: Remote Command Execution | Aurba 501 Date: 17-07-2024 Exploit Author: Hosein Vita Vendor Homepage: https://www.hpe.com Version: Aurba 501 CN12G5W0XX Tested on: Linux import requests from requests.auth import HTTPBasicAuth def getinputprompt, defaultvalue: userinput = inputprompt...

Ray cpu_profile command injection

Ray RCE via cpuprofile command injection vulnerability. Module Options msf use exploit/linux/http/raycpuprofilecmdinjectioncve20236019 msf exploitraycpuprofilecmdinjectioncve20236019 show targets ...targets... msf exploitraycpuprofilecmdinjectioncve20236019 set TARGET msf...

CVE-2024-44381

D-Link DI8004W 16.07.26A1 contains a command execution vulnerability in jhttpd mspinfohtm function...

Acronis Cyber Infrastructure 5.1.x < 5.1.1-71 / 5.2.x < 5.2.1-69 / 5.3.x < 5.3.1-53 / 5.4.x < 5.4.4-132 / < 5.0.1-61 (SEC-6452)

The version of Acronis Cyber Infrastructure installed on the remote host is prior to 5.0.1-61, 5.1.1-71, 5.2.1-69, 5.3.1-53, or 5.4.4-132. It is, therefore, affected by a vulnerability as referenced in the SEC-6452 advisory. - Remote command execution due to use of default passwords. The followin...

Remote Command Execution Vulnerability in H2 Component of e-cology Product of Panmicro Networks Technology Co.

e-cology is a new and efficient collaborative office system created by Panavision for medium and large organizations. A remote command execution vulnerability exists in the H2 component of the e-cology product of Panmicro Networks Technology Co. The vulnerability allows obtaining an administrator...

PT-2024-6664 · D Link · D-Link Di-8100

Name of the Vulnerable Software and Affected Versions: D-Link DI-8100G version 17.12.20A1 Description: The issue is related to a command injection vulnerability via the sub47A60C function in the upgrade filter.asp file. This vulnerability is associated with the failure to neutralize special...

PT-2024-14840 · Undefined · Undefined

"Source": "CVE FEED", "Title": "CVE-2023-5888 - Apache Web Server Remote Command Execution Vulnerability", "Content": "CVE ID : CVE-2023-5888 Published : Aug. 16, 2024, 7:15 p.m. | 38 minutes ago Description : Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-7246...

PT-2024-30218 · Tenda · Tenda Fh1201

Name of the Vulnerable Software and Affected Versions: Tenda FH1201 version 1.2.0.14 Description: An issue in the handler function in "/goform/telnet" allows attackers to execute arbitrary commands via a crafted HTTP request. Recommendations: For Tenda FH1201 version 1.2.0.14, as a temporary...

The export function of the graphical user interface of the artificial intelligence-based security threat detection software FortiAIOps is vulnerable, allowing a perpetrator to execute arbitrary commands.

The vulnerability of the export function of the graphical user interface of the artificial intelligence-based security threat detection software FortiAIOps relates to the absence of a mechanism to neutralize elements in the CSV file. Exploiting this vulnerability allows an attacker operating...

Backdoor.Win32.Nightmare.25 MVID-2024-0687 Code Execution

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/0fe8f37543e8face08941899add38e35.txt Contact: [email protected] Media: x.com/malvuln Threat: Backdoor.Win32.Nightmare.25 Vulnerability: Unauthenticated Remote Command Execution Family:...

PT-2024-38516

Name of the Vulnerable Software and Affected Versions TeamT5 ThreatSonar Anti-Ransomware versions through 3.4.5 Description ThreatSonar Anti-Ransomware from TeamT5 does not properly validate the content of uploaded files. This allows remote attackers with administrator privileges on the product...

Malicious code in artifact-lab-3-package-34b21b63 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a814378a8188b464c5289007203c2b20c3ec2a0383ee18bd96e0f41ad44d7982 Packages showing simple variants of revshell with targets to ngrok. Most probably experiments. Later versions moved to use Burp Collaborator to exfiltrate simp...

PT-2024-41041 · Qtech · Qtech Gigabit Spf Wifi Gateway

Name of the Vulnerable Software and Affected Versions: Qtech Gigabit SPF WiFi Gateway affected versions not specified Description: The issue is related to inadequate access control in the Qtech Gigabit SPF WiFi Gateway's firmware, allowing a remote attacker to execute arbitrary commands on the...

CVE-2024-42366

VRCX is an assistant/companion application for VRChat. In versions prior to 2024.03.23, a CefSharp browser with over-permission and cross-site scripting via overlay notification can be combined to result in remote command execution. These vulnerabilities are patched in VRCX 2023.12.24. In additio...

CVE-2024-42366 VR Overlay RCE

VRCX is an assistant/companion application for VRChat. In versions prior to 2024.03.23, a CefSharp browser with over-permission and cross-site scripting via overlay notification can be combined to result in remote command execution. These vulnerabilities are patched in VRCX 2023.12.24. In additio...

CVE-2024-42366

Summary of CVE-2024-42366 (VR Overlay RCE) VRCX, a VRChat assistant/companion app, contained a vulnerability in versions prior to 2024.03.23 where a CefSharp browser with elevated privileges could be combined with an overlay notification to perform remote command execution (RCE). The issue is doc...

CVE-2024-42366 VR Overlay RCE

VRCX is an assistant/companion application for VRChat. In versions prior to 2024.03.23, a CefSharp browser with over-permission and cross-site scripting via overlay notification can be combined to result in remote command execution. These vulnerabilities are patched in VRCX 2023.12.24. In additio...