The vulnerability of the upgrade_handler() functions in the microprogramming software for Netgear WG302v2 and Netgear WAG302v2 allows a hacker to execute arbitrary commands.

The vulnerability of the upgradehandler function in Netgear WG302v2 and Netgear WAG302v2 routers lies in the lack of measures to neutralize special elements during the processing of parameters firmwareRestore and firmwareServerip. Exploiting this vulnerability allows a remote attacker to execute...

The vulnerability of the cgi-bin/hosts_dns.tcl component of the Gaia Portal web interface allows a perpetrator to execute arbitrary commands on the Quantum Security Gateways and Quantum Appliances operating systems.

The vulnerability of the cgi-bin/hostsdns.tcl web interface for configuring the Gaia Portal on the operating system of Quantum Security Gateways and Quantum Appliances is related to the failure to eliminate special elements used in the operating system’s command processing when handling the...

PT-2023-4532 · Phoenix Contact · Phoenix Contact Wp 6Xxx Series Web Panels

Name of the Vulnerable Software and Affected Versions: PHOENIX CONTACT WP 6xxx series web panels versions prior to 4.0.10 Description: The issue is related to the SNMP daemon running with root privileges, allowing a remote attacker with knowledge of the SNMPv2 read/write community string to execu...

CVE-2023-38943

ShuiZe0x727 v1.0 was discovered to contain a remote command execution RCE vulnerability via the component /iniFile/config.ini...

CVE-2023-38943

ShuiZe0x727 v1.0 was discovered to contain a remote command execution RCE vulnerability via the component /iniFile/config.ini...

PT-2023-26700 · Unknown · Shuize 0X727

Name of the Vulnerable Software and Affected Versions: ShuiZe 0x727 version 1.0 Description: A remote command execution issue was found in the component /iniFile/config.ini, allowing for potential exploitation. Recommendations: For ShuiZe 0x727 version 1.0, consider restricting access to the...

CVE-2023-38943

ShuiZe0x727 v1.0 was discovered to contain a remote command execution RCE vulnerability via the component /iniFile/config.ini...

CVE-2023-38943

ShuiZe0x727 v1.0 was discovered to contain a remote command execution RCE vulnerability via the component /iniFile/config.ini...

CVE-2023-38943

ShuiZe_0x727 v1.0 contains a remote command execution (RCE) vulnerability via the component /iniFile/config.ini. CVSS 3.1 metrics indicate NETWORK vector, high impact to confidentiality, integrity, and availability (8.8). No remediation details or in‑the‑wild exploitation information are provided...

CVE-2023-33374

Connected IO v2.1.0 and prior has a command as part of its communication protocol allowing the management platform to specify arbitrary OS commands for devices to execute. Attackers abusing this dangerous functionality may issue all devices OS commands to execute, resulting in arbitrary remote...

CVE-2023-33377

Connected IO v2.1.0 and prior has an OS command injection vulnerability in the set firewall command in part of its communication protocol, enabling attackers to execute arbitrary OS commands on devices...

CVE-2023-33376

Connected IO v2.1.0 and prior has an argument injection vulnerability in its iptables command message in its communication protocol, enabling attackers to execute arbitrary OS commands on devices...

Command injection

Connected IO v2.1.0 and prior has a command as part of its communication protocol allowing the management platform to specify arbitrary OS commands for devices to execute. Attackers abusing this dangerous functionality may issue all devices OS commands to execute, resulting in arbitrary remote...

CVE-2023-38941

django-sspanel v2022.2.2 was discovered to contain a remote command execution RCE vulnerability via the component sspanel/adminview.py - GoodsCreateView.post...

CVE-2023-38941

django-sspanel v2022.2.2 was discovered to contain a remote command execution RCE vulnerability via the component sspanel/adminview.py - GoodsCreateView.post...

Command injection

django-sspanel v2022.2.2 was discovered to contain a remote command execution RCE vulnerability via the component sspanel/adminview.py - GoodsCreateView.post...

CVE-2023-33374

Connected IO v2.1.0 and prior has a command as part of its communication protocol allowing the management platform to specify arbitrary OS commands for devices to execute. Attackers abusing this dangerous functionality may issue all devices OS commands to execute, resulting in arbitrary remote...

PT-2023-24323 · Unknown · Connected Io

Name of the Vulnerable Software and Affected Versions: Connected IO versions 2.1.0 and prior Description: The issue allows attackers to execute arbitrary OS commands on devices, resulting in arbitrary remote command execution. This is due to a command in the communication protocol that enables th...

WordPress Plugin Forminator 1.24.6 - Unauthenticated Remote Command Execution

Exploit Title: WordPress Plugin Forminator 1.24.6 - Unauthenticated Remote Command Execution Date: 2023-07-20 Exploit Author: Mehmet Kelepçe Vendor Homepage: https://wpmudev.com/project/forminator-pro/ Software Link: https://wordpress.org/plugins/forminator/ Version: 1.24.6 Tested on: PHP - Mysql...

CVE-2023-33374

Connected IO v2.1.0 and earlier are vulnerable due to a command in the communication protocol that allows the management platform to specify arbitrary OS commands for devices to execute, causing arbitrary remote command execution. Affected component: the device communication protocol in Connected...