15286 matches found
VulnCheck KEV: CVE-2022-45699
Command injection in the administration interface in APSystems ECU-R version 5203 allows a remote unauthenticated attacker to execute arbitrary commands as root using the timezone parameter...
PT-2023-9236 · Nexgen · Nextgen Mirth Connect
Name of the Vulnerable Software and Affected Versions: NextGen Mirth Connect version 4.3.0 Description: A remote command execution issue allows attackers to execute arbitrary commands on the hosting server. The vulnerability is related to the XStreamSerializer class and is due to a lack of data...
Exploit for Code Injection in Vmware Spring_Framework
Spring4Shell Spring4Shell CVE-2022-22965 Proof Of Concept wi...
Exploit for Code Injection in Vmware Spring_Framework
Spring4Shell Spring4Shell CVE-2022-22965 Proof Of Concept wi...
The vulnerability of the setTracerouteCfg function in the TOTOLINK X18 router microprogramming system allows a hacker to execute arbitrary commands.
The vulnerability of the setTracerouteCfg function in TOTOLINK X18 router microprogramming systems is related to insufficient checking of arguments passed in commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
CVE-2023-27992
The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21AAZF.14C0, NAS540 firmware versions prior to V5.21AATB.11C0, and NAS542 firmware versions prior to V5.21ABAG.11C0 could allow an unauthenticated attacker to execute some operating system OS...
CVE-2023-27992
The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21AAZF.14C0, NAS540 firmware versions prior to V5.21AATB.11C0, and NAS542 firmware versions prior to V5.21ABAG.11C0 could allow an unauthenticated attacker to execute some operating system OS...
Metasploit Weekly Wrap-Up
Metasploit T-Shirt Design Contest In honor of Metasploit's 20th anniversary, Rapid7 is launching special edition t-shirts - and we're inviting members of our community to have a hand in its creation. The contest winner will have their design featured on the shirts, which will then be available to...
Multiple vulnerabilities in Panasonic AiSEG2
Overview Panasonic AiSEG2 contains multiple vulnerabilities listed below. OS Command Injection CWE-78 - CVE-2023-28726 Improper Authentication CWE-287 - CVE-2023-28727 Taku Toyama of NEC Corporation reported CVE-2023-28726 and CVE-2023-28727 vulnerabilities to Panasonic and coordinated. Panasonic...
PT-2023-24001 · L7 Networks · L7 Networks Instantqos Iq-8000 +1
Name of the Vulnerable Software and Affected Versions: L7 Networks InstantScan IS-8000 & InstantQoS IQ-8000 affected versions not specified Description: The file uploading function in the affected devices does not properly restrict the upload of files with dangerous types. This allows an...
The vulnerability of D-Link DIR-842V2 router’s microprogramming software, related to the lack of measures taken to clean data at the control level, allows attackers to execute arbitrary commands.
The vulnerability of D-Link DIR-842V2 router microprogramming software is related to the lack of measures taken to clean data at the control level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by importing a specially created binary file...
The vulnerability of the cable gateway Hitron CODA-5310 arises from the failure to take measures to neutralize special elements used in the operating system’s command set. This allows a hacker to execute arbitrary commands.
The vulnerability of the Hitron CODA-5310 cable gateway exists due to the failure to take measures to neutralize special elements used in the operating system’s commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...
The vulnerability of the WlanNetworkRpm component (/userRpm/WlanNetworkRpm.htm) in the software of TP-Link routers such as TL-WR940N, TL-WR740N, and TL-WR841N allows a hacker to execute arbitrary commands or cause service failures.
The vulnerability of the WlanNetworkRpm component /userRpm/WlanNetworkRpm.htm of TP-Link routers such as TL-WR940N, TL-WR740N, and TL-WR841N is related to the failure to eliminate special elements used in the operating system’s processing of the ssid1 parameter. Exploiting this vulnerability allo...
The vulnerability of the iperf3 component of the D-Link DIR-842V2 router’s microprogramming software allows a hacker to execute arbitrary commands.
The vulnerability of the iperf3 component of D-Link DIR-842V2 router microprogramming software is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
RPyC 4.1.0 through 4.1.1 Remote Command Execution
This module allows remote command execution on RPyC versions 4.1.0 and 4.1.1. You will be able to execute a specified command on the target machine as the user running the RPyC service and view the output. Module Options msf use auxiliary/scanner/http/rpycrce msf auxiliaryrpycrce show actions...
CVE-2022-32752 IBM Security Directory Suite VA command execution
IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 228439...
PT-2023-13190 · Ibm · Ibm Security Directory Suite Va
Name of the Vulnerable Software and Affected Versions: IBM Security Directory Suite VA versions 8.0.1 through 8.0.1.19 Description: The issue allows a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. Recommendations: For IBM Securit...
Symmetricom SyncServer Unauthenticated Remote Command Execution
This module exploits an unauthenticated command injection vulnerability in /controller/ping.php. The S100 through S350 End of Life models should be vulnerable to unauthenticated exploitation due to a session handling vulnerability. Later models require authentication which is not provided in this...
Changjitong T+ Remote Command Execution Vulnerability
T+ is a new Internet-based business management software. A remote command execution vulnerability exists in T+, which can be exploited by an attacker to execute arbitrary commands on the target server...
PT-2023-3645 · D Link · D-Link Dsl-G256Dg +1
Name of the Vulnerable Software and Affected Versions: D-Link DSL-224 version 3.0.10 D-Link DSL-G256DG affected versions not specified Description: The issue is related to a command execution vulnerability that can be exploited after authentication. It is associated with deficiencies in the...