Vulnerability of the /Tool/uploadfile.php script in D-Link DAR-8000 and DAR-7000 router microprogramming software, allowing attackers to execute arbitrary commands

The vulnerability of the /Tool/uploadfile.php script in D-Link’s DAR-8000 and DAR-7000 router microprogramming systems relates to the ability to download files of a malicious nature without limitation. Exploiting this vulnerability could allow an attacker to execute arbitrary commands remotely...

The vulnerability in the /useratte/userattestation.php script of the D-Link DAR-7000 router’s microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the D-Link DAR-7000 router’s microprogramming software, located in the /useratte/userattestation.php script, involves unlimited loading of dangerous files. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

CVE-2023-40044

In WSFTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WSFTP Server operating system...

CVE-2023-40044

In WSFTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WSFTP Server operating system...

CVE-2023-40044 WS_FTP Server Ad Hoc Transfer Module .NET Deserialization Vulnerability

In WSFTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WSFTP Server operating system...

Progress Software WS_FTP Server Code Issue Vulnerability

Progress Software WSFTP Server is an effective and highly manageable FTP server from Progress Software, USA. A code issue vulnerability exists in Progress Software WSFTP Server versions prior to 8.7.4, 8.8.2. An attacker can exploit this vulnerability to remotely execute arbitrary commands...

The vulnerability of the RocketMQ messaging platform, related to improper code generation, allows attackers to execute arbitrary commands.

The vulnerability of the RocketMQ messaging platform is related to improper code generation management. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

The vulnerability of the snmp.php component of the Cacti network monitoring software allows a attacker to execute any command.

The vulnerability of the snmp.php component of the Cacti network monitoring software is related to insufficient checking of arguments passed in commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

The vulnerability of the HTTP application programming interface of the database management tool pgAdmin 4 allows a hacker to execute arbitrary commands on the server.

The vulnerability of the HTTP application programming interface of the database management tool pgAdmin 4 relates to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands on the server remotely...

The vulnerability of the D-LINK DIR-806 wireless router’s microprogramming software arises from the lack of measures taken to clean data at the control level, allowing attackers to execute arbitrary commands.

The vulnerability of the D-LINK DIR-806 wireless router’s microprogramming software is related to the lack of measures taken to clean data at the control level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands using the REMOTEPORT parameter...

The vulnerability of the microprogrammed software of the D-LINK DIR-806 wireless router is related to the lack of measures taken to clean data at the control level, allowing attackers to execute arbitrary commands.

The vulnerability of the D-LINK DIR-806 wireless router’s microprogramming software is related to the lack of measures taken to clean data at the control level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands using the HTTPST parameter...

The vulnerability of the D-LINK DIR-806 wireless router’s microprogramming software arises from the lack of measures taken to clean data at the control level, allowing attackers to execute arbitrary commands.

The vulnerability of the D-LINK DIR-806 wireless router’s microprogramming software is related to the lack of measures taken to clean data at the control level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the ct_command/fcct_command function in the software for managing Red Hat Satellite systems, as well as the Foreman management, configuration, and monitoring application, allows a perpetrator to execute arbitrary commands.

The vulnerability of the ctcommand/fcctcommand function in the Red Hat Satellite system and the Foreman management, configuration, and monitoring application exists because measures to neutralize the special elements used in the operating system commands have not been taken. Exploiting this...

The vulnerability of the tarExtract function in real-time operating systems like Wind River VxWorks allows attackers to execute arbitrary commands.

The vulnerability of the tarExtract function in real-time operating systems like Wind River VxWorks relates to the ability to bypass the directory structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely by introducing a malicious tar file...

The vulnerability of TP-Link Deco M4 Mesh-system’s microprogramming software lies in the lack of measures to neutralize specific elements, allowing attackers to execute arbitrary commands.

The vulnerability of Mesh-system TP-Link Deco M4’s microprogramming software is related to the lack of measures taken to neutralize specific elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of TP-Link Archer C20 router’s microprogramming software, related to deficiencies in authentication procedures, allows attackers to execute arbitrary commands.

The vulnerability of TP-Link Archer C20 router’s microprogramming software is related to deficiencies in authentication procedures. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands by sending specially crafted requests...

PT-2023-6719 · Ilias · Ilias

Name of the Vulnerable Software and Affected Versions: ILIAS version 7.25 Description: The issue is related to the exec function in the execQuoted method of the ilUtil class, which lacks input sanitization. This allows attackers to inject malicious commands into the system, potentially compromisi...

PT-2023-5603 · D Link · D-Link Dar-8000 +1

Name of the Vulnerable Software and Affected Versions: D-Link DAR-7000 versions up to 20151231 D-Link DAR-8000 versions up to 20151231 Description: The issue is related to an unrestricted file upload vulnerability in the /sysmanage/updatelib.php file of the D-Link DAR-7000 and DAR-8000 router...

PT-2023-5602 · D Link · D-Link Dar-8000

Name of the Vulnerable Software and Affected Versions: D-Link DAR-8000 versions up to 20151231 Description: The issue is related to an unrestricted file upload vulnerability in the /sysmanage/changelogo.php file of the D-Link DAR-8000 router's firmware. This vulnerability can be exploited remotel...

PT-2023-5605 · D Link · D-Link Dar-7000

Name of the Vulnerable Software and Affected Versions: D-Link DAR-7000 versions up to 20151231 Description: The issue is related to an unrestricted file upload vulnerability in the /sysmanage/updateos.php file of the D-Link DAR-7000 router's firmware. This vulnerability can be exploited remotely,...