PT-2024-2094 · Aruba · Arubaos

Name of the Vulnerable Software and Affected Versions: ArubaOS affected versions not specified Description: The issue is related to authenticated command injection vulnerabilities in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to...

Easywall 0.3.1 - Authenticated Remote Command Execution Exploit

Exploit Title: Easywall 0.3.1 - Authenticated Remote Command Execution Exploit Author: Melvin Mejia Vendor Homepage: https://jpylypiw.github.io/easywall/ Software Link: https://github.com/jpylypiw/easywall Version: 0.3.1 Tested on: Ubuntu 22.04 import requests, json, urllib3 urllib3.disablewarnin...

Easywall 0.3.1 Remote Command Execution

Exploit Title: Easywall 0.3.1 - Authenticated Remote Command Execution Date: 30-11-2023 Exploit Author: Melvin Mejia Vendor Homepage: https://jpylypiw.github.io/easywall/ Software Link: https://github.com/jpylypiw/easywall Version: 0.3.1 Tested on: Ubuntu 22.04 import requests, json, urllib3...

Easywall 0.3.1 - Authenticated Remote Command Execution

Exploit Title: Easywall 0.3.1 - Authenticated Remote Command Execution Date: 30-11-2023 Exploit Author: Melvin Mejia Vendor Homepage: https://jpylypiw.github.io/easywall/ Software Link: https://github.com/jpylypiw/easywall Version: 0.3.1 Tested on: Ubuntu 22.04 import requests, json, urllib3...

The vulnerability of the File Transfer Protocol (FTP) implementation in the microprogrammed networking devices of ZyXEL USG FLEX, USG FLEX 50(W)/USG20(W)-VPN, USG FLEX H, and ATP allows a perpetrator to execute arbitrary commands.

The vulnerability of the File Transfer Protocol FTP implementation in microprogrammed network devices such as ZyXEL USG FLEX, USG FLEX 50W/USG20W-VPN, USG FLEX H, and ATP lies in the lack of measures to neutralize special elements used in operating system commands during the loading of binary...

CVE-2023-25925

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 247632...

PT-2024-12080 · Ibm · Ibm Security Guardium Key Lifecycle Manager

Name of the Vulnerable Software and Affected Versions: IBM Security Guardium Key Lifecycle Manager versions 3.0 through 4.1.1 Description: The issue allows a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. Recommendations: For...

The vulnerability of the CMS system BaserCMS arises from the lack of measures taken to neutralize special elements used in the operating system’s command set, allowing attackers to execute arbitrary commands.

The vulnerability of the CMS system BaserCMS exists due to the lack of measures taken to neutralize special elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

CVE-2024-26294

CVE-2024-26294 affects Aruba Networks’ ClearPass Policy Manager Web UI. The vulnerability allows remote authenticated users to execute arbitrary commands on the underlying host with root privileges, potentially leading to full system compromise. Public details consistently describe this remote co...

Aruba Networks ClearPass Policy Manager Security Vulnerability

Aruba Networks ClearPass Policy Manager is an Aruba Networks application that provides a secure access management system for wireless networks. A security vulnerability exists in Aruba Networks ClearPass Policy Manager that stems from a web-based management interface that allows an authenticated...

Aruba Networks ClearPass Policy Manager Security Vulnerability

Aruba Networks ClearPass Policy Manager is an Aruba Networks application that provides a secure access management system for wireless networks. A security vulnerability exists in Aruba Networks ClearPass Policy Manager that stems from a web-based management interface that allows an authenticated...

PT-2024-21339 · Aruba · Clearpass Policy Manager

Name of the Vulnerable Software and Affected Versions: ClearPass Policy Manager affected versions not specified Description: Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successf...

The vulnerability of the setWizardCfg function in the /cgi-bin/cstecgi.cgi file of the shttpd component of the TOTOLINK X6000R AX3000 router’s microprogramming system allows a hacker to execute arbitrary commands.

The vulnerability of the setWizardCfg function in the /cgi-bin/cstecgi.cgi file of the shttpd component of the TOTOLINK X6000R AX3000 router software lies in the lack of measures to sanitize input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the Task Manager module of the VitalPBX unified communication system allows a hacker to execute arbitrary commands.

The vulnerability of the Task Manager module of the VitalPBX unified communication system is related to errors in access control due to insufficient protection of service data during script processing from the /var/lib/vitalpbx directory. Exploiting this vulnerability allows a remote attacker to...

CVE-2023-49959

In Indo-Sol PROFINET-INspektor NT through 2.4.0, a command injection vulnerability in the gedtupdater service of the firmware allows remote attackers to execute arbitrary system commands with root privileges via a crafted filename parameter in POST requests to the /api/updater/ctrl/startupdate...

Backdoor.Win32.AutoSpy.10 MVID-2024-0671 Remote Command Execution

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/b012704cad2bae6edbd23135394b9127.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.AutoSpy.10 Vulnerability: Unauthenticated Remote Command Execution...

Tenda AC23 schedStartTime Parameter Stack Buffer Overflow Vulnerability

Tenda AC23 is a dual-band wireless router from Tenda that supports 802.11acWave2 technology with dual-band concurrent transmission rates up to 2033Mbps, including up to 1733Mbps in the 5GHz band, which is suitable for high-bandwidth applications such as 4K video and online live streaming. The Ten...

Debian dla-3741 : engrampa - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3741 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3741-1 [email protected] https://www.debian.org/lts/security/...

VulnCheck KEV: CVE-2020-15916

goform/AdvSetLanip endpoint on Tenda AC15 AC1900 15.03.05.19 devices allows remote attackers to execute arbitrary system commands via shell metacharacters in the lanIp POST parameter...

PT-2024-1833

Name of the Vulnerable Software and Affected Versions Totolink X6000R AX3000 versions 9.4.0cu.852 20230719 Description A critical issue exists in the setWizardCfg function of the shttpd component, located in the /cgi-bin/cstecgi.cgi file. This is due to a lack of input validation, which allows fo...