CVE-2023-37424

A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to run arbitrary commands on the underlying host if certain preconditions outside of the attacker's control are met. Successful exploitation of this vulnerabilit...

CVE-2023-23564

An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to execute commands...

CVE-2023-4212 Trane Thermostats Injection

​A command injection vulnerability exists in Trane XL824, XL850, XL1050, and Pivot thermostats allowing an attacker to execute arbitrary commands as root using a specially crafted filename. The vulnerability requires physical access to the device via a USB stick...

PT-2023-25956 · Riverbed · Edgeconnect Sd-Wan Orchestrator

Name of the Vulnerable Software and Affected Versions: EdgeConnect SD-WAN Orchestrator affected versions not specified Description: A vulnerability in the EdgeConnect SD-WAN Orchestrator web-based management interface allows remote authenticated users to run arbitrary commands on the underlying...

PT-2023-27298 · Cbc · Cbc

Name of the Vulnerable Software and Affected Versions: CBC products affected versions not specified Description: A hidden functionality vulnerability in the CBC products allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings. The vendor has...

PT-2023-25952 · Aruba · Edgeconnect Sd-Wan Orchestrator

Name of the Vulnerable Software and Affected Versions: Aruba EdgeConnect SD-WAN Orchestrator affected versions not specified Description: A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to run arbitrary comman...

PT-2023-25955 · Unknown · Edgeconnect Sd-Wan Orchestrator

Name of the Vulnerable Software and Affected Versions: EdgeConnect SD-WAN Orchestrator affected versions not specified Description: A vulnerability in the web-based management interface could allow an authenticated remote attacker to run arbitrary commands on the underlying host. Successful...

CVE-2023-25915

Due to improper input validation, an authenticated remote attacker could execute arbitrary commands on the target system...

CVE-2023-25915 Authenticated Remote Command Execution in Danfoss AK-SM800A

Due to improper input validation, an authenticated remote attacker could execute arbitrary commands on the target system...

CVE-2023-25915 Authenticated Remote Command Execution in Danfoss AK-SM800A

Due to improper input validation, an authenticated remote attacker could execute arbitrary commands on the target system...

CBC AMERICA 多款产品安全漏洞

CBC AMERICA DR series and CBC AMERICA NR series are a series of digital video recorders from CBC AMERICA. A security vulnerability exists in a number of CBC AMERICA products. The vulnerability stems from the presence of an unknown function, which can be exploited by a remote attacker to execute...

CBC AMERICA 多款产品授权问题漏洞

CBC AMERICA DR series and CBC AMERICA NR series are a series of digital video recorders from CBC AMERICA. A security vulnerability exists in a number of CBC AMERICA products due to incorrect authentication, which can be exploited by a remote attacker to execute arbitrary operating system commands...

Malicious code in marvelmaniac-devvit-rce (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis db9d8f161a565dceb33bc07806d7e65aae706550b73220940a4ff28cf2a50d5f The OpenSSF Package Analysis project identified 'marvelmaniac-devvit-rce' @ 1.0.3 npm as malicious. It is considered malicious because: - The...

PT-2023-27246 · Elecom · Elecom Wrc-F1167Acf +3

Name of the Vulnerable Software and Affected Versions: ELECOM WRC-F1167ACF all versions ELECOM WRC-1750GHBK all versions ELECOM WRC-1167GHBK2 all versions ELECOM WRC-1750GHBK2-I all versions ELECOM WRC-1750GHBK-E all versions Description: An OS command injection vulnerability in ELECOM wireless L...

CVE-2023-38902

CVE-2023-38902 describes a command injection in Ruijie RG-EW/RG-NBS/RG-S1930/RG-EG/EAP/RAP/NBC devices. Affected are RG-EW series (EW 3.0(1)B11P219), RG-NBS/S1930 (3.0(1)B11P219), RG-EG (3.0(1)B11P219), EAP/RAP (3.0(1)B11P219), and NBC controllers (AC 3.0(1)B11P219). The root cause is a vulnerabi...

PT-2023-25366 · Ibm · Ibm Security Guardium

Name of the Vulnerable Software and Affected Versions: IBM Security Guardium versions 10.6 through 11.5 Description: The issue allows a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. Recommendations: For versions 10.6 through 11.5...

The vulnerability of the Network Time Protocol determination function of the Zyxel NBG6604 switch allows a perpetrator to execute operating system commands.

The vulnerability of the Network Time Protocol NTP function of the Zyxel NBG6604 switch lies in the possibility of executing commands. Exploiting this vulnerability allows a remote attacker to execute operating system commands by sending a specially crafted HTTP request...

The vulnerability of the SaveUserSetting component in the SolarWinds Orion Platform software monitoring solution allows a hacker to execute arbitrary commands.

The vulnerability of the SaveUserSetting component in the SolarWinds Orion Platform software lies in the improper execution of certain actions. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

CVE-2023-33013

A post-authentication command injection vulnerability in the NTP feature of Zyxel NBG6604 firmware version V1.01ABIR.1C0 could allow an authenticated attacker to execute some OS commands remotely by sending a crafted HTTP request...

Zyxel NBG6604 操作系统命令注入漏洞

The Zyxel NBG6604 is a dual-band wireless router from China's Hopkins Zyxel. The Zyxel NBG6604 V1.01ABIR.1C0 suffers from a command injection vulnerability that stems from a failure to properly filter constructed command special characters, commands, etc. in the NTP function. An attacker can...