15286 matches found
CVE-2023-33831
A remote command execution RCE vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request...
CVE-2023-33831
A remote command execution RCE vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request...
FUXA Command Injection Vulnerability
FUXA is an open source web-based process visualization SCADA/HMI/Dashboard software. A security vulnerability exists in FUXA version 1.1.13, which stems from a Remote Command Execution RCE vulnerability in the /api/runscript endpoint. An attacker can exploit the vulnerability to execute arbitrary...
CVE-2023-33831
CVE-2023-33831 affects FUXA 1.1.13 via the unauthenticated /api/runscript endpoint, enabling remote code execution through a crafted POST request. The underlying issue allows attackers to execute arbitrary commands, potentially compromising the SCADA/HMI system. Affected component: runscript API ...
The vulnerability of the XML-RPC protocol implementation in the network printing control software PaperCut NG allows a hacker to execute arbitrary commands.
The vulnerability of the XML-RPC protocol implementation in the PaperCut NG network printing control software is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...
CVE-2023-42362
An arbitrary file upload vulnerability in Teller Web App v.4.4.0 allows a remote attacker to execute arbitrary commands and obtain sensitive information via uploading a crafted file...
CVE-2023-42362
An arbitrary file upload vulnerability in Teller Web App v.4.4.0 allows a remote attacker to execute arbitrary commands and obtain sensitive information via uploading a crafted file...
PT-2023-28323 · Unknown · Teller Web App
Name of the Vulnerable Software and Affected Versions: Teller Web App version 4.4.0 Description: An arbitrary file upload vulnerability allows a remote attacker to execute arbitrary commands and obtain sensitive information via uploading a crafted file. Recommendations: For Teller Web App version...
The vulnerability of the Zoho ManageEngine ADManager Plus software for managing Active Directory services stems from deficiencies in access control. This allows attackers to execute arbitrary commands with superuser privileges.
The vulnerability of the Zoho ManageEngine ADManager Plus software for managing Active Directory services is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands with superuser privileges remotely...
The vulnerability of the Traffic Analyzer – Statistical function in the microprogramming software for Wi-Fi routers from ASUS’ RT-AC86U allows a hacker to execute arbitrary commands or cause service failures.
The vulnerability of the Traffic Analyzer – Statistical function in the microprogramming software for Wi-Fi routers from ASUS’ RT-AC86U relates to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability can allow a remote...
PT-2023-5241 · 1с · 1С-Битрикс
Name of the Vulnerable Software and Affected Versions: 1С-Битрикс: Управление сайтом affected versions not specified Description: The issue is caused by synchronization errors when using a shared resource in the landing module of the 1С-Битрикс site management system. Exploitation of this issue m...
CVE-2023-41331
SOFARPC is a Java RPC framework. Versions prior to 5.11.0 are vulnerable to remote command execution. Through a carefully crafted payload, an attacker can achieve JNDI injection or system command execution. In the default configuration of the SOFARPC framework, a blacklist is used to filter out...
Deserialization of untrusted data
SOFARPC is a Java RPC framework. Versions prior to 5.11.0 are vulnerable to remote command execution. Through a carefully crafted payload, an attacker can achieve JNDI injection or system command execution. In the default configuration of the SOFARPC framework, a blacklist is used to filter out...
CVE-2023-41331 SOFARPC Remote Command Execution (RCE) Vulnerability
SOFARPC is a Java RPC framework. Versions prior to 5.11.0 are vulnerable to remote command execution. Through a carefully crafted payload, an attacker can achieve JNDI injection or system command execution. In the default configuration of the SOFARPC framework, a blacklist is used to filter out...
CVE-2023-41331
Summary: CVE-2023-41331 affects SOFARPC, a Java RPC framework. Versions before 5.11.0 are vulnerable to remote command execution via deserialization, enabling JNDI injection or system command execution through crafted payloads. The default blacklist for dangerous classes is incomplete, allowing g...
CVE-2023-41331 SOFARPC Remote Command Execution (RCE) Vulnerability
SOFARPC is a Java RPC framework. Versions prior to 5.11.0 are vulnerable to remote command execution. Through a carefully crafted payload, an attacker can achieve JNDI injection or system command execution. In the default configuration of the SOFARPC framework, a blacklist is used to filter out...
SOFARPC Security Vulnerabilities
SOFARPC is a high-performance, highly scalable, production-grade Java RPC framework for SOFAStack. A security vulnerability exists in SOFARPC versions prior to 5.11.0 that stems from vulnerability to remote command execution attacks, where an attacker can leverage certain native JDK classes and...
PT-2023-6281 · Honeywell · Honeywell Pm43
Name of the Vulnerable Software and Affected Versions: Honeywell PM43 versions prior to P10.19.050004 Description: The issue is related to an Improper Input Validation vulnerability in the Honeywell PM43 printer's web page modules, allowing Command Injection. This can enable a remote attacker to...
CVE-2023-40193
Deco M4 firmware versions prior to 'Deco M4JPV21.5.8 Build 20230619' allows a network-adjacent authenticated attacker to execute arbitrary OS commands...
SolarView Compact 6.00 Remote Command Execution Exploit
This Metasploit module exploits a command injection vulnerability on the SolarView Compact version 6.00 web application via the vulnerable endpoint downloader.php. After exploitation, an attacker will have full access with the same user privileges under which the webserver is running typically as...