15286 matches found
PT-2023-3645 · D Link · D-Link Dsl-G256Dg +1
Name of the Vulnerable Software and Affected Versions: D-Link DSL-224 version 3.0.10 D-Link DSL-G256DG affected versions not specified Description: The issue is related to a command execution vulnerability that can be exploited after authentication. It is associated with deficiencies in the...
PT-2023-3392 · Tp Link · Tp-Link Tl-Wpa8630P
Name of the Vulnerable Software and Affected Versions: TP-Link TL-WPA8630P US V2 Version 171011 Description: The issue is related to a command injection vulnerability via the devicePwd parameter in the sub 40A80C function. This vulnerability may allow a remote attacker to execute arbitrary...
PT-2023-23869 · Kingsoft · Wps Office
Name of the Vulnerable Software and Affected Versions: WPS Office version 10.8.0.6186 Description: A remote attacker who can conduct a man-in-the-middle attack may execute an arbitrary OS command on the system where the product is installed by connecting the product to a malicious server and...
Anevia Flamingo XS 3.6.5 Authenticated Root Remote Code Execution
Anevia Flamingo XS 3.6.5 Authenticated Root Remote Code Execution Vendor: Ateme Product web page: https://www.ateme.com Affected version: 3.6.5 Hardware revision: 1.1 SoapLive 2.4.0 SoapSystem 1.3.1 Summary: Flamingo XL, a new modular and high-density IPTV head-end product for hospitality and...
PT-2023-4830
Name of the Vulnerable Software and Affected Versions FUXA version 1.1.13 Description A remote command execution vulnerability in the "/api/runscript" endpoint allows attackers to execute arbitrary commands via a crafted POST request. This issue is related to the lack of input data sanitization,...
Oracle Weblogic PreAuth Remote Command Execution via ForeignOpaqueReference IIOP Deserialization
Oracle Weblogic 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0 prior to the Jan 2023 security update are vulnerable to an unauthenticated remote code execution vulnerability due to a post deserialization vulnerability. This occurs when an attacker serializes a "ForeignOpaqueReference" class object,...
The vulnerability of the Honeywell OneWireless Wireless Device Manager (WDM) lies in the lack of measures taken to clean data at the control level, allowing attackers to execute arbitrary commands.
The vulnerability of the Honeywell OneWireless Wireless Device Manager WDM lies in the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
Microsoft Windows PowerShell Remote Command Execution
from base64 import b64encode import argparse,sys,os PSTrojanFile.py By hyp3rlinx c 2023 ApparitionSec hyp3rlinx.altervista.org twitter.com/hyp3rlinx twitter.com/malvuln PoC Video: https://www.youtube.com/watch?v=-ZJnA70Cf4I...
Microsoft Windows PowerShell Remote Command Execution Exploit
This python script mints a .ps1 file with an exploitable semicolon condition that allows for command execution from Microsoft Windows PowerShell. This is an updated exploit to work with Python3. from base64 import b64encode import argparse,sys,os PSTrojanFile.py By hyp3rlinx c 2023 ApparitionSec...
Hitron Technologies CODA-5310 Remote Command Execution Vulnerability
Hitron Technologies CODA-5310 is a wireless router. The Hitron Technologies CODA-5310 suffers from a remote command execution vulnerability that can be exploited by an attacker to perform a command injection attack using the administration page to execute arbitrary system commands, manipulate the...
The vulnerability of the index.cgi component of D-Link DIR-620 router microprogramming software allows a hacker to execute arbitrary commands.
The vulnerability of the index.cgi component in D-Link DIR-620 router microprogramming software is related to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands using...
The vulnerability of the HNAP1 protocol implementation in D-Link DIR-846 router microprogramming software allows a attacker to execute arbitrary commands.
The vulnerability of the HNAP1 protocol implementation in D-Link DIR-846 router microprogramming software is related to the failure to take measures to neutralize special elements used in the operating system’s command processing for handling the tomographypingaddress parameter. Exploiting this...
Exploit for Path Traversal in Apache Http_Server
Apache-CVEs Exploit created in python3 to exploit known vulner...
CVE-2023-28703
ASUS RT-AC86U’s specific cgi function has a stack-based buffer overflow vulnerability due to insufficient validation for network packet header length. A remote attacker with administrator privileges can exploit this vulnerability to execute arbitrary system commands, disrupt system or terminate...
CVE-2023-28703 ASUS RT-AC86U - Buffer Overflow
ASUS RT-AC86U’s specific cgi function has a stack-based buffer overflow vulnerability due to insufficient validation for network packet header length. A remote attacker with administrator privileges can exploit this vulnerability to execute arbitrary system commands, disrupt system or terminate...
Hitron Technologies CODA 操作系统命令注入漏洞
Hitron Technologies CODA-5310 is a wireless router. The Hitron Technologies CODA-5310 suffers from a remote command execution vulnerability that can be exploited by an attacker to perform a command injection attack using the administration page to execute arbitrary system commands, manipulate the...
ELITE Web Fax Server SQL注入漏洞
ELITE Web Fax Server is a web fax server from ELITE. ELITE Web Fax Server suffers from an SQL injection vulnerability that originates from the presence of a SQL injection vulnerability, which can be exploited by an unauthenticated, remote attacker to execute arbitrary system commands, interrupt...
CVE-2022-47616 Hitron Technologies Inc. CODA-5310 - Remote Command Execution
Hitron CODA-5310 has insufficient filtering for specific parameters in the connection test function. A remote attacker authenticated as an administrator, can use the management page to perform command injection attacks, to execute arbitrary system command, manipulate system or disrupt service...
CVE-2023-33735
D-Link DIR-846 v1.00A52 was discovered to contain a remote command execution RCE vulnerability via the tomographypingaddress parameter in the /HNAP1 interface...
CVE-2023-33735
D-Link DIR-846 v1.00A52 was discovered to contain a remote command execution RCE vulnerability via the tomographypingaddress parameter in the /HNAP1 interface...