CVE-2024-42366 VR Overlay RCE

VRCX is an assistant/companion application for VRChat. In versions prior to 2024.03.23, a CefSharp browser with over-permission and cross-site scripting via overlay notification can be combined to result in remote command execution. These vulnerabilities are patched in VRCX 2023.12.24. In additio...

The vulnerability in the web interface for controlling the Cisco AsyncOS operating system of the Cisco Secure Email Gateway allows a attacker to execute arbitrary system commands.

The vulnerability in the web interface of the Cisco AsyncOS operating system of the Cisco Secure Email Gateway lies in the improper elimination of special elements in the output data used by the incoming component. Exploiting this vulnerability allows a malicious actor to execute arbitrary system...

VRCX 安全漏洞

VRCX is a helper/companion application for VRChat from the VRCX team. A security vulnerability exists in versions of VRCX prior to 2024.03.23, which stems from the fact that the CefSharp browser with over-privileges and cross-site scripting via override notifications can be used in combination to...

The vulnerability of the ssvpn_config_mod function in the /vpn/list_ip_network.php web interface of the Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 router integrated software allows a malicious actor to execute arbitrary commands.

The vulnerability of the ssvpnconfigmod function in the /vpn/listipnetwork.php web interface of the Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 router integrated software is related to the failure to eliminate special elements used in commands when processing parameters like template and...

The vulnerability of the `sslvpn_config_mod` function in the `/vpn/vpn_template_style.php` file of the web interface of the Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 software is exploited by attackers to execute arbitrary commands.

The vulnerability of the sslvpnconfigmod function in the /vpn/vpntemplatestyle.php web interface of the Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 routers is related to the failure to eliminate special elements used in commands when processing template and stylenum parameters. Exploiting th...

The vulnerability of the ssvpn_config_mod function in the /vpn/list_vpn_web_custom.php web interface of the Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 router integrated software allows a malicious actor to execute arbitrary commands.

The vulnerability of the ssvpnconfigmod function in the /vpn/listvpnwebcustom.php web interface of the Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 router integrated software is related to the failure to eliminate special elements used in the command when processing parameters template and...

The vulnerability of the setTelnetCfg function in the Telnet service of TOTOLINK CP900 microprogramming software allows a intruder to execute arbitrary commands.

The vulnerability of the setTelnetCfg function in the Telnet service of TOTOLINK CP900 router software lies in the lack of measures to sanitize input data during the processing of the telnetenabled parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by...

The vulnerability of the msp_info_htm() function in the msp_info.htm file of the D-Link DI-8100 router’s microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the mspinfohtm function in the mspinfo.htm file of the D-Link DI-8100 router’s microprogramming system is related to the lack of data cleaning at the control level when processing the cmd parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

The vulnerability of the ssvpn_config_mod function in the /vpn/list_service_manage.php web interface of the Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 integrated routing software allows a malicious actor to execute arbitrary commands.

The vulnerability of the ssvpnconfigmod function in the /vpn/listipnetwork.php web interface of the Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 router integrated software is related to the failure to eliminate special elements used in commands when processing parameters like template and...

VulnCheck KEV: CVE-2023-52028

TOTOlink A3700R v9.1.2u.5822B20200513 was discovered to contain a remote command execution RCE vulnerability via the setTracerouteCfg function...

CVE-2024-42393 Unauthenticated Stack-Based Buffer Overflow Remote Command Execution (RCE) in the Soft AP Daemon Service Accessed by the PAPI Protocol

There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise...

CVE-2024-42393 Unauthenticated Stack-Based Buffer Overflow Remote Command Execution (RCE) in the Soft AP Daemon Service Accessed by the PAPI Protocol

There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise...

CVE-2024-42394 Unauthenticated Stack-Based Buffer Overflow Remote Command Execution (RCE) in the Soft AP Daemon Service Accessed by the PAPI Protocol

There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise...

CVE-2024-42395 Unauthenticated Stack-Based Buffer Overflow Remote Command Execution (RCE) in the AP Certificate Management Service Accessed by the PAPI Protocol

There is a vulnerability in the AP Certificate Management Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise...

CVE-2024-42395 Unauthenticated Stack-Based Buffer Overflow Remote Command Execution (RCE) in the AP Certificate Management Service Accessed by the PAPI Protocol

There is a vulnerability in the AP Certificate Management Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise...

SUSE CVE-1999-0155

The ghostscript command with the -dSAFER option allows remote attackers to execute commands...

PT-2024-28398 · Gl.Inet · X750 +19

Name of the Vulnerable Software and Affected Versions: GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 version 4.3.11 GL-iNet products MT3000/MT2500/AXT1800/AX1800/A1300/X300B version 4.5.16 GL-iNet products XE300 version 4.3.16 GL-iNet products E750 version 4.3....

PT-2024-5395 · Raisecom · Raisecom Msg2200 +3

Name of the Vulnerable Software and Affected Versions: Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 version 3.90 Description: A critical issue affects the sslvpn config mod function of the /vpn/list ip network.php file in the Web Interface component. The manipulation of the template and stylen...

CVE-2024-38887

An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to expand control over the operating system from the database due to the execution of commands with unnecessary privileges...

CVE-2024-38882

An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform command line execution through SQL Injection due to improper neutralization of special elements used in an OS command...