The vulnerability of the Quick.cgi file allows attackers to execute arbitrary commands on QTS, QuTS hero, and QuTScloud operating systems for network devices from Qnap.

The vulnerability of the Quick.cgi file exists in operating systems such as QTS, QuTS Hero, and QuTScloud, as well as in networking devices from Qnap. This vulnerability stems from the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this...

The vulnerability of the uHTTPd web server, a microprogramming-based VPN router from TP-Link, model ER7206 Omada, allows a hacker to execute arbitrary commands.

The vulnerability of the uHTTPd web server of the TP-Link ER7206 Omada wireless router exists due to the failure to take measures to neutralize specific elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands through ports 80/443 remotely...

The vulnerability of the uHTTPd web server, a microprogramming-based software for TP-Link ER7206 Omada VPN routers, allows attackers to execute arbitrary commands.

The vulnerability of the uHTTPd web server of the TP-Link ER7206 Omada wireless router exists due to the failure to take measures to neutralize specific elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands through ports 80/443 remotely...

Debian dsa-5625 : engrampa - security update

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5625 advisory. - Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal vulnerability that can be leveraged to achieve full...

SUSE-SU-2024:0513-1 Security update for SUSE Manager Server 4.3

This update fixes the following issues: release-notes-susemanager: - Update to SUSE Manager 4.3.11 Migrate from RHEL and its clones to SUSE Liberty Linux Reboot required indication for non-SUSE distributions SSH key rotation for enhanced security Configure remote command execution End of Debian 1...

The vulnerability of the Photo Station photo storage app, which stems from the lack of protective measures for the website structure, allows attackers to execute arbitrary commands.

The vulnerability of the Photo Station photo storage application is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

Fedora 38 : engrampa (2024-8dc64f8f59)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-8dc64f8f59 advisory. - update to 1.26.2 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

Fedora 39 : engrampa (2024-23085d548c)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-23085d548c advisory. - update to 1.26.2 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

Vulnerability of QuTS hero, QTS, and QuTScloud network devices: commands that allow attackers to execute arbitrary commands

The vulnerability of the QuTS hero, QTS, and QuTScloud network devices from operating systems is related to the possibility of executing commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

The vulnerability of the gena.cgi module in D-Link DAP-1650 wireless access points allows a intruder to execute arbitrary commands.

The vulnerability of the gena.cgi module in D-Link DAP-1650 wireless access points is related to improper validation of input data during the processing of UPnP SUBSCRIBE messages. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands using specially crafted data...

The vulnerability of the UPnP SUBSCRIBE Message Handler component in the wireless access points from D-Link, such as the DAP-1650, allows a hacker to execute arbitrary commands.

The vulnerability of the UPnP SUBSCRIBE Message Handler component in the wireless access points from D-Link DAP-1650 is related to improper input validation. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands using specially crafted data...

The vulnerability of the XWiki Admin Tools administrative tool of the XWiki Platform, a platform for creating collaborative web applications. This vulnerability allows a perpetrator to execute arbitrary commands.

The vulnerability of the XWiki Admin Tools administrative tool, a component of the XWiki Platform for creating collaborative web applications, is related to insufficient verification of the authenticity of executed queries. Exploiting this vulnerability could allow a malicious actor, operating...

The vulnerability in the web interface of the Cisco WAP371 wireless router’s microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability in the web-based management interface of the Cisco WAP371 wireless router involves a lack of measures for securing input data. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary commands...

The vulnerability of the graphical interface of the FortiSIEM security management system allows a hacker to execute arbitrary commands.

The vulnerability of the FortiSIEM security management graphical interface is related to the failure to take measures to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

The vulnerability of the microprogrammed software of TP-Link Wi-Fi routers such as Archer AX3000, Archer AX5400, DECO XE200, DECO X50, Archer AXE75 allows a intruder to execute arbitrary commands.

The vulnerability of TP-Link Archer AX3000, Archer AX5400, DECO XE200, DECO X50, and Archer AXE75 Wi-Fi routers exists due to the lack of measures taken to neutralize special elements used in the operating system. Exploiting this vulnerability allows a remote attacker to execute arbitrary command...

SUSE CVE-2023-32193

A vulnerability has been identified in which unauthenticated cross-site scripting XSS in Norman's public API endpoint can be exploited. This can lead to an attacker exploiting the vulnerability to trigger JavaScript code and execute commands remotely...

The vulnerability of the syncNtpTime() function in the SystemHandler.class.php script of the software for backup and recovery, Vinchin Backup & Recovery, allows a perpetrator to execute arbitrary commands.

The vulnerability of the syncNtpTime function in the SystemHandler.class.php script of the software for backup and recovery solutions, Vinchin Backup & Recovery, is related to the failure to eliminate special elements used in the operating system’s command processing when handling the ntphost...

The vulnerability of the setNetworkCardInfo() function in the Vinchin Backup & Recovery software allows a hacker to execute arbitrary commands.

The vulnerability of the setNetworkCardInfo function in the Vinchin Backup & Recovery software relates to the lack of measures taken to neutralize special elements used in the operating system’s command when processing the NAME parameter. Exploiting this vulnerability allows a malicious actor to...

The vulnerability of the Vinchin Backup & Recovery software regarding backup and restoration, related to the lack of measures for cleaning input data, allows a perpetrator to execute arbitrary commands.

The vulnerability of the Vinchin Backup & Recovery software regarding backup and restoration involves a lack of measures for cleaning input data. Exploiting this vulnerability allows a malicious actor operating remotely to execute arbitrary commands...

DLink DIR-610 Multiple Vulnerabilities

The version of DLink installed on the remote host is unsupported and affected by multiple vulnerabilities as referenced in the vendor advisory. - D-Link DIR-610 devices allow Remote Command Execution via the cmd parameter to command.php - D-Link DIR-610 devices allow Information Disclosure via...