PT-2023-28078 · Synology · Synology Router Manager

Name of the Vulnerable Software and Affected Versions: Synology Router Manager SRM versions prior to 1.3.1-9346-6 Description: The issue is related to improper neutralization of special elements used in an OS command, allowing remote authenticated users to execute arbitrary commands via unspecifi...

PT-2023-5317 · Acronis · Acronis Cloud Manager

Name of the Vulnerable Software and Affected Versions: Acronis Cloud Manager Windows versions before 6.2.23089.203 Description: The issue is related to remote command execution due to improper input validation. This allows a remote attacker to execute arbitrary commands. Recommendations: For...

PT-2023-5318 · Acronis · Acronis Cloud Manager

Name of the Vulnerable Software and Affected Versions: Acronis Cloud Manager Windows versions before 6.2.23089.203 Description: The issue is related to remote command execution due to improper input validation. This allows a remote attacker to execute arbitrary commands. Recommendations: For...

The vulnerability of the web interface of the Cisco Intersight Virtual Appliance, a software tool for managing cloud systems, allows a perpetrator to execute arbitrary commands.

The vulnerability of the web interface for managing Cisco Intersight Virtual Appliance software lies in insufficient validation of input data during the extraction of loaded software packages. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the setTracerouteCfg function in the microprogramming software of TOTOLINK EX1200L allows a intruder to execute arbitrary commands.

The vulnerability of the setTracerouteCfg function in TOTOLINK EX1200L router microprogramming systems is related to errors in processing input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary commands remotely...

CVE-2023-40837

Tenda AC6 USAC6V1.0BRV15.03.05.16multiTD01.bin function 'subADD50' contains a command execution vulnerability. In the "formSetIptv" function, obtaining the "list" and "vlanId" fields, unfiltered passing these two fields as parameters to the "subADD50" function to execute commands...

PT-2023-6881 · Nagios · Nagios Xi

Name of the Vulnerable Software and Affected Versions: NagiosXI affected versions not specified Description: The issue is related to the failure to neutralize special elements in the software. This could allow a remote attacker to execute arbitrary commands. Recommendations: At the moment, there ...

Vulnerability of the script /app/sys1.php of the D-Link DAR-8000-10 router microprogramming system, allowing a hacker to execute arbitrary commands

The vulnerability of the /app/sys1.php script of the D-Link DAR-8000-10 router microprogramming system is related to errors in processing the invoked URL address. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

Remote Command Execution Vulnerability in NC Cloud of UFIDA Network Technology Co.

NC Cloud is a large-scale enterprise digital platform that deeply applies new-generation digital intelligence technology and is completely based on cloud-native architecture to create an open, interconnected, converged and intelligent integrated cloud platform. A remote command execution...

CVE-2023-38030

Saho’s attendance devices ADM100 and ADM-100FP have a vulnerability of missing authentication for critical functions. An unauthenticated remote attacker can execute system commands in partial website URLs to read sensitive device information without permissions...

CVE-2023-22877

IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 244368...

Saho ADM100和ADM-100FP 访问控制错误漏洞

Saho ADM100 and Saho ADM-100FP are both full-featured security appliances from China's Saho Corporation. An access control error vulnerability exists in the Saho ADM100 and ADM-100FP, which stems from the lack of authentication for critical functions, and can be exploited by remote attackers to...

PT-2023-5170 · Papercut · Papercut Ng

Name of the Vulnerable Software and Affected Versions: PaperCut NG versions 22.0.12 and below Description: The issue is related to the implementation of the XML-RPC protocol in PaperCut NG, which has weaknesses in its authentication procedure. This can allow a remote attacker to execute arbitrary...

The vulnerability of the web-based administration interface for microprogrammed software-based industrial routers NB800, NG800, NB1601, NB1800, NB1810, NB2800, NB2810, NB3701, and NB3800 allows a hacker to execute arbitrary commands with elevated privileges.

The vulnerability of the web-based administration interface for microprogrammed software-based industrial routers such as NB800, NG800, NB1601, NB1800, NB1810, NB2800, NB2810, NB3701, and NB3800 exists due to the lack of measures taken to neutralize the special elements used in the operating syst...

The vulnerability of the web interface of the Cisco Intersight Virtual Appliance, a software tool for managing cloud systems, allows a perpetrator to execute arbitrary commands.

The vulnerability of the web interface for managing Cisco Intersight Virtual Appliance software lies in insufficient validation of input data during the extraction of loaded software packages. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the web interface of the Cisco Intersight Virtual Appliance, a software tool for managing cloud systems, allows a perpetrator to execute arbitrary commands.

The vulnerability of the web interface for managing Cisco Intersight Virtual Appliance software lies in insufficient validation of input data during the extraction of loaded software packages. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

CVE-2022-43907

IBM Security Guardium 11.4 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 240901...

CVE-2022-43907

IBM Security Guardium 11.4 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 240901...

PT-2023-27640 · Phicomm · Phicomm K2

Name of the Vulnerable Software and Affected Versions: Phicomm k2 version 22.6.529.216 Description: The Phicomm k2 router contains a command injection vulnerability via the luci.sys.call function. This issue allows for remote command execution. Recommendations: For Phicomm k2 version 22.6.529.216...

PT-2023-27685

Name of the Vulnerable Software and Affected Versions Tenda AC8 version US AC8V4.0si V16.03.34.06 cn Zyxel CPE affected versions not specified Description A stack overflow issue was discovered in Tenda AC8 via the firewallEn parameter at the "/goform/SetFirewallCfg" API endpoint. For Zyxel CPE...