FileCatalyst Workflow ftpservlet file upload

Added: 04/08/2024 Background FileCatalyst Workflow is a managed file transfer product. Problem The ftpservlet component in the FileCatalyst Workflow web portal is affected by a directory traversal vulnerability which could allow an anonymous user to upload files to arbitrary locations. This leads...

PT-2024-5338 · Adtran · Adtran 834-5

Name of the Vulnerable Software and Affected Versions: Adtran 834-5 versions 11.1.0.101-202106231430 SmartOS versions prior to 12.6.3.1 Description: The issue is related to the Ping and Traceroute utilities in the SmartOS operating system of AdTran SRG 834-5 Wi-Fi routers. It allows OS Command...

The vulnerability of the web application of the software platform for centralized management and monitoring of data storage resources in heterogeneous environments, Veritas InfoScale Operations Manager, allows a perpetrator to execute arbitrary commands.

The vulnerability of the web application of the centralized management and monitoring software for data storage resources in heterogeneous environments like Veritas InfoScale Operations Manager exists due to the failure to take measures to neutralize specific elements. Exploiting this vulnerabili...

The vulnerability in the web interface for controlling the Flowmon operating system of network monitoring devices allows a perpetrator to execute arbitrary commands.

The vulnerability of the web interface for controlling the Flowmon operating system in devices for network monitoring exists due to the lack of measures taken to neutralize special elements used in the operating system’s commands. Exploiting this vulnerability allows a malicious actor to execute...

Metasploit Weekly Wrap-Up 04/05/2024

New ESC4 Templates for AD CS Metasploit added capabilities for exploiting the ESC family of flaws in AD CS in Metasploit 6.3. The ESC4 technique in particular has been supported for some time now thanks to the adcscerttemplates module which enables users to read and write certificate template...

PT-2024-23609 · Unknown · Ros Kinetic Kame

Name of the Vulnerable Software and Affected Versions: ROS Kinetic Kame affected versions not specified Description: A remote command execution issue has been identified. The estimated number of potentially affected devices worldwide is not available. Details about real-world incidents where this...

PT-2024-6456 · D Link · D-Link Dns-321 +16

Name of the Vulnerable Software and Affected Versions: D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04 versions up to 20240814...

PT-2024-21010 · Elecom · Wmc-X1800Gst-B +2

Name of the Vulnerable Software and Affected Versions: ELECOM wireless LAN routers versions prior to v1.25 WRC-G01-W versions prior to v1.24 WMC-X1800GST-B versions prior to v1.41 Description: The issue allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands by sending...

PT-2024-6453 · D Link · D-Link Dns-321 +16

Name of the Vulnerable Software and Affected Versions: D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04 affected versions not specified...

The vulnerability of the QuMagie multimedia file storage application for QNAP NAS stems from the failure to take measures to neutralize special elements used in the operating system’s command set. This vulnerability allows a perpetrator to execute arbitrary commands.

The vulnerability of the QuMagie multimedia file storage application for QNAP NAS exists because measures to neutralize special elements have not been taken. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

The vulnerability of the vpnAction function (/itbox_pi/vpn_quickset_service.php?a=set_vpn) in the microprogramming software for Ruijie’s RG-EG series routers allows a hacker to execute arbitrary commands.

The vulnerability of the vpnAction function /itboxpi/vpnquicksetservice.php?a=setvpn of the Ruijie RG-EG series router microprogramming software is related to the failure to eliminate special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to...

The vulnerability of the formWriteFacMac function (/goform/WriteFacMac) in the Tenda AC7 router software allows a attacker to execute arbitrary commands.

The vulnerability of the fromSetRouteStatic /goform/SetStaticRouteCfg function in the Tenda AC7 router software relates to the failure to take measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

The vulnerability of the setAction function (/itbox_pi/networksafe.php?a=set) in the Ruijie RG-EG series of router microprogramming software allows a attacker to execute arbitrary commands.

The vulnerability of the setAction function /itbox.pi.networksafe.php?a=set in the Ruijie RG-EG series of router microprogramming systems is related to the failure to take measures to neutralize special elements used in operating system commands. Exploiting this vulnerability allows a remote...

WatchGuard XTM Firebox Unauthenticated Remote Command Execution Exploit

This Metasploit module exploits a buffer overflow at the administration interface 8080 or 4117 of WatchGuard Firebox and XTM appliances which is built from a cherrypy python backend sending XML-RPC requests to a C binary called wgagent using pre-authentication endpoint /agent/login. This...

The vulnerability of the formWriteFacMac function (/goform/WriteFacMac) in the Tenda F1202 router software allows a attacker to execute arbitrary commands.

The vulnerability of the formWriteFacMac function /goform/WriteFacMac in the Tenda F1202 router software is related to the lack of measures taken to clean data at the control level. Exploiting this vulnerability can allow an attacker to execute arbitrary commands remotely...

The vulnerability of the formWriteFacMac() function (/goform/WriteFacMac) in the Tenda FH1205 router software allows a hacker to execute arbitrary commands.

The vulnerability of the formWriteFacMac function /goform/WriteFacMac of the Tenda FH1205 router’s software lies in the lack of measures taken to neutralize special elements used in the OS commands when processing the mac parameter. Exploiting this vulnerability allows a remote attacker to execut...

Exploit for Server-Side Request Forgery in Anyscale Ray

PoC for a remote command execution vulnerability in Ray framew...

SUSE CVE-2024-3019

A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the privileges of the Redis user. This issue can only be exploited when pmproxy is running. By default, pmproxy is not running and needs to be...

WatchGuard XTM Firebox Unauthenticated Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'zlib' class MetasploitModule 'WatchGuard XTM Firebox Unauthenticated Remote Command Execution', 'Description' = %q This module exploits a buffer overflow at the...

The vulnerability of the platform’s management interface for deploying and managing LoadMaster applications allows a perpetrator to execute arbitrary commands.

The vulnerability of the platform interface for deploying and managing LoadMaster applications exists due to the lack of measures taken to neutralize the special elements used in the operating system command set. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands...