The vulnerability of the httpd next_page function in the microprogramming software of industrial Wi-Fi routers Yifan YF325 allows a hacker to execute arbitrary commands.

The vulnerability of the httpd nextpage function in the microprogramming-based industrial Wi-Fi routers Yifan YF325 relates to reading data outside the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the nvram.cgi component of the industrial Wi-Fi router software Yifan YF325 allows a hacker to execute arbitrary commands.

The vulnerability of the nvram.cgi component of Yifan YF325 industrial Wi-Fi routers is related to deficiencies in access control. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the diag_ping_start function (validate.so) in the microprogrammed industrial Wi-Fi routers Yifan YF325 allows a hacker to execute arbitrary commands.

The vulnerability of the diagpingstart function in the validate.so library of Yifan YF325 industrial Wi-Fi routers relates to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the printer web page module (ARM) of Honeywell PM43, which allows a intruder to execute arbitrary commands

The vulnerability of the printer web page module ARM of Honeywell PM43 is related to insufficient checking of arguments passed in commands. Exploiting this vulnerability can allow a remote attacker to execute arbitrary commands...

Exploit for OS Command Injection in Wago Compact_Controller_100_Firmware

WAGO-CVE-2023-1698 WAGO系统远程代码执行漏洞CVE-2023-1698 Attention...

CVE-2022-2441

The ImageMagick Engine plugin for WordPress is vulnerable to remote code execution via the 'clipath' parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated users to run arbitrary commands leading to remote command execution, granted they can trick a site...

CVE-2022-2441 ImageMagick Engine <= 1.7.5 - Cross-Site Request Forgery to Remote Command Execution

The ImageMagick Engine plugin for WordPress is vulnerable to remote code execution via the 'clipath' parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated users to run arbitrary commands leading to remote command execution, granted they can trick a site...

PT-2023-6355 · Connectize · Connectize Ac21000 G6

Name of the Vulnerable Software and Affected Versions: Connectize AC21000 G6 version 641.139.1.1256 Description: An issue in the Connectize AC21000 G6 allows attackers to run arbitrary commands via a crafted string in the ping utility. The vulnerability is caused by weaknesses in the authorizatio...

CVE-2023-35084

Unsafe Deserialization of User Input could lead to Execution of Unauthorized Operations in Ivanti Endpoint Manager 2022 su3 and all previous versions, which could allow an attacker to execute commands remotely...

CVE-2023-35084

CVE-2023-35084 affects Ivanti Endpoint Manager (including 2022 SU3 and older versions). The issue is unsafe deserialization of user input, allowing an attacker to remotely execute commands or potentially read/exfiltrate data on the core server. Impact is described as high (remote code execution a...

CVE-2023-34975

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. QuTScloud is not affected. We have already fixed the vulnerability in the following...

The vulnerability of Atos Unify OpenScape 4000, a hybrid communication platform, and the Atos Unify OpenScape 4000 Manager, a network centralized management platform, allows attackers to execute arbitrary commands.

The vulnerability of Atos Unify OpenScape 4000, a hybrid communication platform, and the Atos Unify OpenScape 4000 Manager, a centralized network management platform, is related to insufficient cleaning of input data. Exploiting this vulnerability could allow an attacker to execute arbitrary...

CVE-2023-35055

A buffer overflow vulnerability exists in the httpd nextpage functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.This buffer overflow is in the nextpage parameter in the...

CVE-2023-35056

A buffer overflow vulnerability exists in the httpd nextpage functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.This buffer overflow is in the nextpage parameter in the...

Buffer overflow

A buffer overflow vulnerability exists in the httpd nextpage functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.This buffer overflow is in the nextpage parameter in the...

Peplink Surf SOHO HW1 Operating System Command Injection Vulnerability

The Peplink Surf SOHO HW1 is a small router from Peplink. An OS command injection vulnerability exists in Peplink Surf SOHO HW1 v6.3.5, which stems from an OS command injection vulnerability in the api.cgi cmd.mvpn.x509.write function. An attacker can exploit this vulnerability to execute command...

The vulnerability of the communication protocol implementation for microprogrammed router software ER2000, related to the implementation or modification of arguments, allows a perpetrator to execute arbitrary OS commands on devices.

The vulnerability of the communication protocol implementation for Connected IO microprogrammed routers involves the introduction or modification of arguments. Exploiting this vulnerability allows a malicious actor to execute arbitrary OS commands on devices remotely...

CVE-2023-45312

In the mtprotoproxy aka MTProto proxy component through 0.7.2 for Erlang, a low-privileged remote attacker can access an improperly secured default installation without authenticating and achieve remote command execution ability...

CVE-2023-45312

In the mtprotoproxy aka MTProto proxy component through 0.7.2 for Erlang, a low-privileged remote attacker can access an improperly secured default installation without authenticating and achieve remote command execution ability...

CVE-2023-45312

In the mtprotoproxy aka MTProto proxy component through 0.7.2 for Erlang, a low-privileged remote attacker can access an improperly secured default installation without authenticating and achieve remote command execution ability...