The vulnerability of the function com.imc.iview.utils.CUtils.checkSQLInjection() in the system for centralized control of network devices and ports of Advantech iView allows a attacker to execute arbitrary SQL commands.

The vulnerability of the com.imc.iview.utils.CUtils.checkSQLInjection function in the system for managing network devices and ports of Advantech iView is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute...

Eramba 3.19.1 Remote Command Execution

Trovent Security Advisory 2303-01 Authenticated remote code execution in Eramba Overview Advisory ID: TRSA-2303-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2303-01 Affected product: Eramba Affected version: 3.19.1 Enterprise and Community...

CVE-2023-38303

An issue was discovered in Webmin 2.021. One can exploit a stored Cross-Site Scripting XSS attack to achieve Remote Command Execution RCE through the Users and Group's real name parameter...

CVE-2023-38303

An issue was discovered in Webmin 2.021. One can exploit a stored Cross-Site Scripting XSS attack to achieve Remote Command Execution RCE through the Users and Group's real name parameter...

Cross site scripting

An issue was discovered in Webmin 2.021. One can exploit a stored Cross-Site Scripting XSS attack to achieve Remote Command Execution RCE through the Users and Group's real name parameter...

PT-2023-4162 · Webmin +1 · Webmin +1

Name of the Vulnerable Software and Affected Versions: Webmin version 2.021 Description: The issue is related to the lack of protection of the web page structure in the Webmin control panel, allowing a remote attacker to conduct a cross-site scripting XSS attack. This can be exploited to achieve...

Yunyecms SQL注入漏洞

Yunyecms is a Php-based platform available for building branded websites for small and medium-sized businesses by the individual developer of Yunyecms. A SQL injection vulnerability exists in Yunyecms version 2.0.2, which originated from allowing remote attackers to run arbitrary SQL commands via...

Webmin 跨站脚本漏洞

Webmin is a set of Web-based system administration tools for use in Unix-like operating systems from the Webmin community. A security vulnerability exists in Webmin version 2.021, which stems from a stored cross-site scripting XSS attack that can be exploited to achieve Remote Command Execution R...

CVE-2023-38303

CVE-2023-38303 affects Webmin 2.021. A stored XSS in the Users and Groups real name parameter can lead to Remote Command Execution (RCE). Impact is described as RCE via authenticated user input; CVSS v3.1 base score 5.4 (MEDIUM). Public details from multiple sources confirm the vulnerability in W...

GHSA-2H26-QFXM-R3PQ Code injection in PowerJob

PowerJob v4.3.3 was discovered to contain a remote command execution RCE vulnerability via the instanceId parameter at /instance/detail...

CVE-2023-37754

PowerJob v4.3.3 was discovered to contain a remote command execution RCE vulnerability via the instanceId parameter at /instance/detail...

CVE-2023-37754

PowerJob v4.3.3 was discovered to contain a remote command execution RCE vulnerability via the instanceId parameter at /instance/detail...

PT-2023-26094 · Powerjob · Powerjob

Name of the Vulnerable Software and Affected Versions: PowerJob version 4.3.3 Description: A remote command execution issue was discovered, allowing exploitation via the instanceId parameter at the "/instance/detail" API endpoint. Recommendations: For PowerJob version 4.3.3, consider restricting...

CVE-2023-37754

CVE-2023-37754 affects PowerJob v4.3.3. The vulnerability is a remote command execution (RCE) via the instanceId parameter in the /instance/detail endpoint. The root cause is improper validation/filtering of constructor commands in the instanceId input, enabling arbitrary code/command execution o...

PT-2025-27626

Name of the Vulnerable Software and Affected Versions Hikvision Integrated Security Management Platform affected versions not specified Description An unauthenticated remote command execution issue exists in the applyCT component of the Hikvision Integrated Security Management Platform. This is d...

VMWare Aria Operations For Networks Remote Command Execution Exploit

VMWare Aria Operations for Networks vRealize Network Insight is vulnerable to command injection when accepting user input through the Apache Thrift RPC interface. This vulnerability allows a remote unauthenticated attacker to execute arbitrary commands on the underlying operating system as the ro...

The vulnerability of the lxmldbc_system() function in D-Link DIR-600 B5 router software allows for the execution of arbitrary commands.

The vulnerability of the lxmldbcsystem function in D-Link DIR-600 B5 router microprogramming software is related to insufficient checking of arguments passed in commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

The vulnerability of the access point management function in microprogrammed software for Zyxel USG FLEX, USG FLEX 50(W), USG20(W)-VPN, ATP, and VPN allows a hacker to execute arbitrary commands.

The vulnerability of the access point management function in Zyxel USG FLEX, USG FLEX 50W, USG20W-VPN, ATP, and VPN software for network devices is related to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a...

The vulnerability of the access point management function in microprogrammed software for Zyxel USG FLEX, USG FLEX 50(W), USG20(W)-VPN, ATP, and VPN allows a hacker to execute arbitrary commands.

The vulnerability of the access point management function in Zyxel USG FLEX, USG FLEX 50W, USG20W-VPN, ATP, and VPN software for network devices is related to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a...

The vulnerability of the Cloud Management mode of the Zyxel USG FLEX, USG FLEX 50(W), USG20(W)-VPN, ATP, and VPN software allows a hacker to execute arbitrary commands.

The vulnerability of the Cloud Management mode of Zyxel USG FLEX, USG FLEX 50W, USG20W-VPN, ATP, and VPN software lies in the lack of measures taken to neutralize the special elements used in the operating system. Exploiting this vulnerability allows a remote attacker to execute arbitrary command...