15286 matches found
CVE-2023-30856 eDEX-UI cross-site websocket hijacking vulnerability enables remote command execution
eDEX-UI is a science fiction terminal emulator. Versions 2.2.8 and prior are vulnerable to cross-site websocket hijacking. When running eDEX-UI and browsing the web, a malicious website can connect to eDEX's internal terminal control websocket, and send arbitrary commands to the shell. The projec...
Aigital Wireless-N Repeater Mini_Router.0.131229 Remote Command Execution
Exploit Title: Aigital Wireless-N Repeater - Command Injection Exploit Author: Matteo Mandolini Date : 13/04/2023 Vendor Homepage: https://web.archive.org/web/20220625053314/https://www.aigital.com/ Version: MiniRouter.0.131229 Command Injection POST /boafrm/formSysCmd HTTP/1.1 Host: 192.168.10.2...
PT-2023-17677 · Microsoft +1 · Msmq +1
Name of the Vulnerable Software and Affected Versions: aEnrich Technology a+HRD affected versions not specified Description: The issue is related to Deserialization of Untrusted Data within the MSMQ interpreter. An unauthenticated remote attacker can exploit this to execute arbitrary system...
Zyxel DX5401-B0 安全漏洞
The Zyxel DX5401-B0 is a wireless enhancement device from China's Hopkins Zyxel. A security vulnerability exists in the Zyxel DX5401-B0 V5.17ABYO.1C0 firmware version, which originates from a buffer overflow in the zhttpd library libclinkc.so. An attacker can exploit this vulnerability to execute...
CVE-2023-28771
Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, which could allow an unauthenticated attacker to...
CVE-2023-28771
Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, which could allow an unauthenticated attacker to...
CVE-2023-27991
The post-authentication command injection vulnerability in the CLI command of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50W firmware versions 4.16 through 5.35, USG20W-VPN firmware versions 4.16 through 5.35, and VPN series...
CVE-2023-1731
In Meinbergs LTOS versions prior to V7.06.013, the configuration file upload function would not correctly validate the input, which would allow an remote authenticated attacker with high privileges to execute arbitrary commands...
CVE-2023-22914
A path traversal vulnerability in the “accountprint.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote authenticated attacker with administrator privileges to execute unauthorized OS command...
Meinberg Funkuhren LTOS 代码问题漏洞
Meinberg Funkuhren LTOS is a tape data storage technology from Meinberg Funkuhren, Germany. A code issue vulnerability exists in Meinberg Funkuhren LTOS versions prior to V7.06.013, which stems from the file upload function of the LTOS web interface failing to properly validate input. A remote...
PT-2023-2841
Name of the Vulnerable Software and Affected Versions Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73 Zyxel VPN series firmware versions 4.60 through 5.35 Zyxel USG FLEX series firmware versions 4.60 through 5.35 Zyxel ATP series firmware versions 4.60 through 5.35 Description The iss...
PowerPanel Business 安全漏洞
Cyber Power Systems CyberPower PowerPanel Business Edition is a suite of power management software from Cyber Power Systems, USA. The software automates the shutdown of physical and virtual infrastructures and monitors and manages CyberPower UPS systems and network-connected PDUs Power Distributi...
PT-2023-19933 · Apple +2 · Apple Macos +3
Name of the Vulnerable Software and Affected Versions: PowerPanel Business Local/Remote for Windows versions 4.8.6 and earlier PowerPanel Business Management for Windows versions 4.8.6 and earlier PowerPanel Business Local/Remote for Linux 32bit versions 4.8.6 and earlier PowerPanel Business...
PT-2023-19932 · Cyberpower · Powerpanel Business Management +1
Name of the Vulnerable Software and Affected Versions: PowerPanel Business Local/Remote for Windows versions 4.8.6 and earlier PowerPanel Business Management for Windows versions 4.8.6 and earlier PowerPanel Business Local/Remote for Linux 32bit versions 4.8.6 and earlier PowerPanel Business...
PT-2023-17197 · Meinberg · Meinbergs Ltos
Name of the Vulnerable Software and Affected Versions: Meinbergs LTOS versions prior to V7.06.013 Description: The configuration file upload function in Meinbergs LTOS does not correctly validate input, allowing a remote authenticated attacker with high privileges to execute arbitrary commands...
FUXA 1.1.13-1186 Remote Code Execution
Exploit Title: FUXA V.1.1.13-1186- Unauthenticated Remote Code Execution RCE Date: 18/04/2023 Exploit Author: Rodolfo Mariano Vendor Homepage: https://github.com/frangoteam/FUXA Version: FUXA V.1.1.13-1186 current from argparse import RawTextHelpFormatter import argparse, sys, threading, requests...
The vulnerability in the web interface of the Cisco Industrial Network Director software package allows a hacker to execute arbitrary commands.
The vulnerability of the Cisco Industrial Network Director software’s web interface exists due to the lack of measures taken to neutralize special elements used in the operating system command set. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of the Linux kernel’s Bluetooth permission checking subsystem allows a perpetrator to execute arbitrary commands.
The vulnerability of the Linux operating system’s Bluetooth permission checking subsystem is related to errors in processing input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands by sending specially crafted requests remotely...
VulnCheck KEV: CVE-2020-8949
Gocloud S2AWL 4.2.7.16471, S2A 4.2.7.17278, S2A 4.3.0.15815, S2A 4.3.0.17193, S3A K2P MTK 4.2.7.16528, S3A 4.3.0.16572, and ISP3000 4.3.0.17190 devices allows remote attackers to execute arbitrary OS commands via shell metacharacters in a ping operation, as demonstrated by the...
SPIP Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SPIP form PHP Injection', 'Description' = %q This module exploits a PHP code injection in SPIP. The vulnerability exists in the oubli parameter a...