The vulnerability of the microprogramming software of Osprey Pump Controller allows a intruder to execute arbitrary commands.

The vulnerability of the microprogrammed software of Osprey Pump Controller controllers exists due to the lack of measures taken to neutralize certain special elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands via the HTTP POST parameter...

The vulnerability of the account_print.cgi component in the microprogramming software for Zyxel USG FLEX and VPN devices allows a hacker to execute arbitrary commands.

The vulnerability of the accountprint.cgi component in the Zyxel USG FLEX and VPN network devices is related to an incorrect limitation on the path name to the tmp directory. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the authentication function of ASUS RT-AX55 router’s microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the authentication function of ASUS RT-AX55 router software exists due to the failure to take measures to neutralize the special elements used in the operating system command. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the authentication function of ASUS RT-AX55 router’s microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the authentication function of ASUS RT-AX55 router software exists due to the failure to take measures to neutralize the special elements used in the operating system command. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the authentication function of ASUS RT-AX55 router’s microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the authentication function of ASUS RT-AX55 router software exists due to the lack of measures taken to neutralize the special elements used in the operating system command. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

CVE-2023-48800

In TOTOLINK X6000RFirmware V9.4.0cu.852B20230719, the shttpd file sub417338 function obtains fields from the front-end, connects them through the snprintf function, and passes them to the CsteSystem function, resulting in a command execution vulnerability...

The vulnerability of the microprogrammed software for Zyxel NAS326 and NAS542 networks exists due to the lack of measures taken to neutralize special elements used in the operating system commands. This allows a perpetrator to execute any desired operating system command.

The vulnerability of Zyxel NAS326 and NAS542 network storage devices due to the lack of measures to neutralize specific elements used in the operating system commands exists. Exploiting this vulnerability allows a malicious actor to execute arbitrary operating system commands by sending a special...

VulnCheck KEV: CVE-2023-45852

In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method...

WBCE CMS 1.6.1 Shell Upload Vulnerability

Exploit Title: WBCE CMS Version : 1.6.1 Remote Command Execution Exploit Author: tmrswrr Vendor Homepage: https://wbce-cms.org/ Software Link: https://github.com/WBCE/WBCECMS/archive/refs/tags/1.6.1.zip Version: 1.6.1 Tested on: https://www.softaculous.com/apps/cms/WBCECMS POC: 1 Login with admin...

SUSE CVE-2023-30801

All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. The administrator is not forced to change the default credentials. As of 4.5.5, this issue has not been fixed. A remote attacker can use the default credentials to authenticate and...

WBCE CMS 1.6.1 Shell Upload

Exploit Title: WBCE CMS Version : 1.6.1 Remote Command Execution Date: 30/11/2023 Exploit Author: tmrswrr Vendor Homepage: https://wbce-cms.org/ Software Link: https://github.com/WBCE/WBCECMS/archive/refs/tags/1.6.1.zip Version: 1.6.1 Tested on: https://www.softaculous.com/apps/cms/WBCECMS POC: 1...

CVE-2023-48810

In TOTOLINK X6000R V9.4.0cu.852B20230719, the shttpd file, sub4119A0 function obtains fields from the front-end through Uci Set The Str function when passed to the CsteSystem function creates a command execution vulnerability...

PT-2023-7631 · Totolink · Totolink X6000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK X6000R version V9.4.0cu.852 B20230719 Description: The issue exists due to the lack of neutralization of special elements used in the operating system command. This allows a remote attacker to execute arbitrary commands. The sub 4119...

PT-2023-7636 · Totolink · Totolink X6000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK X6000R version 9.4.0cu.852 B20230719 Description: The issue arises from the sub 4119A0 function in the shttpd file, which obtains fields from the front-end through the Uci Set The Str function. When these fields are passed to the...

PT-2023-7632 · Totolink · Totolink X6000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK X6000R version 9.4.0cu.852 B20230719 Description: The issue arises from the sub 4119A0 function in the shttpd file, which obtains fields from the front-end through the Uci Set The Str function. When these fields are passed to the...

TOTOLINK X6000R 安全漏洞

TOTOLINK X6000R is a wireless router from China's Gion Electronics TOTOLINK. A security vulnerability exists in the TOTOLINK X6000R shttpd sub4119A0, which can be exploited by a remote attacker to submit a special request that can be used in an application context to execute arbitrary commands...

CVE-2023-42004

IBM Security Guardium 11.3, 11.4, and 11.5 is potentially vulnerable to CSV injection. A remote attacker could execute malicious commands due to improper validation of csv file contents. IBM X-Force ID: 265262...

IBM Security Guardium 安全漏洞

IBM Security Guardium is a suite of platforms from International Business Machines IBM that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. A CSV injection vulnerability exists in IBM Security Guardi...

CSZ CMS 1.3.0 Remote Command Execution Exploit

Exploit Title: CSZ CMS Version 1.3.0 Remote Command Execution Date: 17/11/2023 Exploit Author: tmrswrr Vendor Homepage: https://www.cszcms.com/ Software Link: https://www.cszcms.com/link/3https://sourceforge.net/projects/cszcms/files/latest/download Version: Version 1.3.0 Tested on:...

VulnCheck KEV: CVE-2023-6448

Unitronics Vision Series PLCs and HMIs ship with an insecure default password, which if left unchanged, can allow attackers to execute remote commands...