15286 matches found
The vulnerability of the NTPSyncWithHost function in D-Link DIR-816 A2 router microprogramming software allows a hacker to execute arbitrary commands.
The vulnerability of the NTPSyncWithHost function in D-Link DIR-816 A2 router microprogramming software exists due to the failure to take measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary...
The vulnerability of the SolarWinds Orion Platform’s network monitoring software, related to improper code generation management, allows a intruder to execute arbitrary commands.
The vulnerability of the SolarWinds Orion Platform’s network monitoring software lies in improper code generation management. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of the beh component (Backend Error Handler) of the cups-filters printing package allows a hacker to execute arbitrary commands on the printing server.
The vulnerability of the beh component Backend Error Handler of the cups-filters printing package exists because measures to neutralize special elements used in the operating system commands are not taken. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands on the...
PT-2023-5402 · Apache · Apache Rocketmq
Name of the Vulnerable Software and Affected Versions: Apache RocketMQ versions 5.1.0 and below Apache RocketMQ versions prior to 4.9.6 Description: The vulnerability is related to a permission verification issue in Apache RocketMQ, allowing attackers to perform remote command execution under...
PT-2023-2983 · D Link · D-Link Dir-846
Name of the Vulnerable Software and Affected Versions: D-Link DIR-846 version 1.00A52 Description: The issue is related to the implementation of the HNAP1 protocol in the D-Link DIR-846 router's firmware, specifically concerning the handling of the tomography ping address parameter. This can be...
The vulnerability of the application programming interface of the Cisco DNA Center allows a attacker to execute arbitrary commands with root privileges.
The vulnerability of the application programming interface of the Cisco DNA Center relates to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute arbitrary commands with root privileges using a specially created API...
VulnCheck KEV: CVE-2023-2868
Barracuda Email Security Gateway ESG appliance contains an improper input validation vulnerability of a user-supplied .tar file, leading to remote command injection...
The vulnerability of the administrator consoles of microprogrammed software for wireless signal amplifiers from D-Link’s DCH-M225 allows a intruder to execute arbitrary commands.
The vulnerability of the administrator consoles of microprogrammed software for D-Link DCH-M225 wireless signal amplifiers is related to the lack of measures taken to neutralize special elements used in the operating system’s command processing when handling the “media renderer” parameter in the...
The vulnerability of the SetQoSSettings.php script in D-Link DIR-822 router software allows a hacker to execute arbitrary commands.
The vulnerability of the SetQoSSettings.php script in D-Link DIR-822 router microprogramming software is related to insufficient checking of regular expressions during the processing of the uplink parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability in the spotifyConnect.php script of D-Link’s wireless signal amplifiers allows a hacker to execute arbitrary commands.
The vulnerability in the spotifyConnect.php microprogramming of D-Link DCH-M225 wireless signal amplifiers is related to the failure to eliminate special elements used in the operating system’s processing of the parameter userName. Exploiting this vulnerability allows a remote attacker to execute...
CVE-2023-30501
Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the...
PT-2023-8296 · Aruba · Aruba Edgeconnect Enterprise
Name of the Vulnerable Software and Affected Versions: Aruba EdgeConnect Enterprise affected versions not specified Description: The issue exists due to the lack of neutralization of special elements used in the operating system command. This allows a remote attacker to execute arbitrary commands...
PT-2023-8735 · Aruba · Aruba Edgeconnect Enterprise
Name of the Vulnerable Software and Affected Versions: Aruba EdgeConnect Enterprise affected versions not specified Description: The issue exists due to the lack of neutralization of special elements used in the operating system command. This allows remote authenticated users to run arbitrary...
Lack of security consideration leads to multiple critical weaknesses
Introduction This report serves more as a suggestion to improve security, rather than fixing any single "vulnerability". I've given examples to demonstrate the impact that neglecting security may have, but these are not the root cause of the issue. Due to the nature of a package, being able to...
PT-2023-2994 · Vmware · Vmware Aria Operations
Name of the Vulnerable Software and Affected Versions: VMware Aria Operations affected versions not specified Description: The issue is related to a deserialization vulnerability in VMware Aria Operations. A malicious actor with administrative privileges can exploit this vulnerability to execute...
The vulnerability in the web administration interface of the FileZen file-sharing server allows a hacker to execute arbitrary commands.
The vulnerability in the FileZen file-sharing server’s administrative web interface relates to the failure to take measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
CVE-2023-22790 Authenticated Remote Command Execution in Aruba InstantOS or ArubaOS 10 Command Line Interface
Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system...
CVE-2023-22790 Authenticated Remote Command Execution in Aruba InstantOS or ArubaOS 10 Command Line Interface
Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system...
CVE-2023-22789 Authenticated Remote Command Execution in Aruba InstantOS or ArubaOS 10 Command Line Interface
Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system...
CVE-2023-22788 Authenticated Remote Command Execution in Aruba InstantOS or ArubaOS 10 Command Line Interface
Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system...