15286 matches found
Command injection
D-Link DIR-846 v1.00A52 was discovered to contain a remote command execution RCE vulnerability via the tomographypingaddress parameter in the /HNAP1 interface...
CVE-2023-33735
D-Link DIR-846 v1.00A52 was discovered to contain a remote command execution RCE vulnerability via the tomographypingaddress parameter in the /HNAP1 interface...
CVE-2023-33735
CVE-2023-33735 affects D-Link DIR-846 v1.00A52. The vulnerability is a remote command execution via the tomography_ping_address parameter on the /HNAP1 interface, attributed to the HNAP1 handling in the device firmware. Impact is described as total (high confidentiality, integrity, and availabili...
CVE-2023-33735
D-Link DIR-846 v1.00A52 was discovered to contain a remote command execution RCE vulnerability via the tomographypingaddress parameter in the /HNAP1 interface...
The vulnerability of the /bin/boa component of D-Link’s router microprogramming software, DIR-619L and DIR-605L, allows a hacker to execute arbitrary commands.
The vulnerability of the /bin/boa microprogramming system components of D-Link’s DIR-619L and DIR-605L routers lies in the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary...
The vulnerability of the ping.cgi script in NETGEAR DGN2200 router’s embedded software allows a hacker to execute arbitrary commands and gain full control over the device.
The vulnerability of the ping.cgi script in NETGEAR DGN2200 router software exists because measures to neutralize specific elements used in the operating system command have not been taken. Exploiting this vulnerability allows a malicious actor to execute arbitrary operating system commands on th...
CVE-2023-27988
The post-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21AAZF.13C0 could allow an authenticated attacker with administrator privileges to execute some operating system OS commands on an affected device remotely...
CVE-2022-24630
AudioCodes Device Manager Express (versions up to 7.8.20002.47752) contains a vulnerability in BrowseFiles.php where a POST request with cmd=ssh and an ssh_command field is executed, enabling remote code execution. This affects the vulnerable command handling path and can lead to RCE. Public expl...
XXL-Job 安全漏洞
XXL-JOB is a distributed task scheduling platform based on the java language from the Xu Xueli XXL-JOB community. A security vulnerability exists in XXL-Job version v2.4.1 that originates from allowing a user to execute arbitrary commands on another user's account by using a crafted POST request ...
Exploit for Code Injection in Vmware Spring_Cloud_Function
Exploit for RCE in Spring Cloud CVE 2022-22963 Exploit for...
PT-2023-3100 · D Link · D-Link Dir-842
Name of the Vulnerable Software and Affected Versions: D-Link DIR-842V2 version 1.0.3 Description: The issue allows attackers to execute arbitrary commands via importing a crafted file. This is related to the lack of data cleaning measures at the management level, which can be exploited by a remo...
VulnCheck KEV: CVE-2023-28771
Zyxel ATP, USG FLEX, VPN, and ZyWALL/USG firewalls allow for improper error message handling which could allow an unauthenticated attacker to execute OS commands remotely by sending crafted packets to an affected device...
Seagate Central Storage 2015.0916 - Unauthenticated Remote Command Execution (Metasploit)
Exploit Title: Seagate Central Storage 2015.0916 - Unauthenticated Remote Command Execution Metasploit Date: Dec 9 2019 Exploit Author: Ege Balci Vendor Homepage: https://www.seagate.com/de/de/support/external-hard-drives/network-storage/seagate-central/ Version: 2015.0916 CVE : 2020-6627 This...
CVE-2023-33246
For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by...
CVE-2023-33246
For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by...
Design/Logic Flaw
For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by...
CVE-2023-33246
CVE-2023-33246 affects Apache RocketMQ 5.1.0 and earlier. The vulnerability arises from leakage of NameServer, Broker, and Controller on the extranet with insufficient permission verification, allowing an attacker to trigger remote code execution by using the update configuration function or by f...
Barracuda Email Security Gateway 命令注入漏洞
Barracuda Email Security Gateway is an email security gateway from Barracuda that manages and filters all inbound and outbound email traffic to protect organizations from email threats and data breaches. A security vulnerability exists in Barracuda Email Security Gateway versions 5.1.3.001 throug...
CVE-2023-33246
For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by...
Roxy WI 6.1.0.0 Remote Command Execution
Exploit Title: Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution RCE via subprocessexecute Exploit Author: Iyaad Luqman K Application: Roxy WI = v6.1.0.0 Vendor Homepage: https://roxy-wi.org Software Link: https://github.com/hap-wi/roxy-wi.git Tested on: Ubuntu 22.04 CVE : CVE-2022-31137 P...