15286 matches found
The vulnerability of the do_log_on_user() function in the Rocket Software UniData and UniVerse UniRPC database platforms, related to the bypassing of authentication checks, allows attackers to circumvent security restrictions and execute arbitrary commands.
The vulnerability of the dologonuser function in the Rocket Software UniData and UniVerse UniRPC database platforms is related to the bypassing of authentication checks. Exploiting this vulnerability allows a malicious actor to circumvent security restrictions and execute arbitrary commands...
Metasploit Weekly Wrap-Up
Rocket Software UniRPC Exploits Ron Bowes submitted two exploit modules for vulnerabilities he discovered in the UniRPC server for Rocket Software’s UniData product. The first exploit module, exploit/linux/misc/unidataudadminauthbypass exploits an authentication bypass to ultimately gain remote...
PT-2023-3156 · Totolink · Totolink X18
Name of the Vulnerable Software and Affected Versions: TOTOLINK X18 version V9.1.0cu.2024 B20220329 Description: The issue is related to insufficient argument validation in the UploadFirmwareFile function of the TOTOLINK X18 router's firmware, allowing a remote attacker to execute arbitrary...
CVE-2023-20118
A vulnerability in the web-based management interface of Cisco Small Business Routers RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to improper validation of user...
The vulnerability of the web server of the microprogramming software for the processor module controllers Siemens SICAM CP-8031 and CP-8050 allows a hacker to execute arbitrary commands.
The vulnerability of the web server of the microprogramming software for the processor module controllers Siemens SICAM CP-8031 and CP-8050 is related to insufficient checking of the arguments passed in the command. Exploiting this vulnerability allows a malicious actor to execute arbitrary...
The vulnerability of the soapcgi.main() function in the D-LINK GO-RT-AC750 router software allows a hacker to execute arbitrary commands.
The vulnerability of the soapcgimain function in the D-LINK GO-RT-AC750 router’s microprogramming software is related to the lack of measures taken to clean data at the control level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
Fortinet FortiWeb 操作系统命令注入漏洞
Fortinet FortiWeb is a Web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, and other attacks to secure Web applications and protect sensitive database content. A security vulnerability exists in Fortinet...
The vulnerability of the Wizard service, a security and management tool for web devices, allows a hacker to execute arbitrary commands.
The vulnerability of the Wizard service, a security and management tool for web devices, Sophos Web Appliance SWA, is related to the failure to take measures to neutralize special elements during exception handling. Exploiting this vulnerability allows an attacker operating remotely to execute...
PT-2023-9673 · Fortinet · Forticlient
Name of the Vulnerable Software and Affected Versions: Fortinet FortiClientWindows versions prior to 7.0.7 Description: The issue is related to an incorrect permission assignment for a critical resource and a time-of-check time-of-use TOCTOU race condition vulnerability. This could allow a remote...
An outdated dependency leads to to remote command execution vulnerability
Description A few days ago, the vm2 module of nodejs found a sandbox escape vulnerability, which was officially fixed in v3.9.15 However, a fixed vm2 version is hard-coded in the package.jsonv 3.9.11 of the jsreport-core component of jsreport, which makes it impossible to install the latest vm2...
CVE-2023-26986
An issue in China Mobile OA Mailbox PC v2.9.23 allows remote attackers to execute arbitrary commands on a victim host via user interaction with a crafted EML file sent to their OA mailbox...
CVE-2023-26986
An issue in China Mobile OA Mailbox PC v2.9.23 allows remote attackers to execute arbitrary commands on a victim host via user interaction with a crafted EML file sent to their OA mailbox...
The vulnerability of the command-line interface of Siemens SCALANCE industrial switches allows a hacker to execute arbitrary commands.
The vulnerability of the command-line interface of Siemens SCALANCE industrial switches exists due to the lack of measures taken to protect the command-line interface. Exploitation of this vulnerability allows a malicious actor to execute arbitrary commands remotely...
The vulnerability of the mySCADA myPRO industrial process visualization and control system lies in the lack of measures to neutralize special elements used in the operating system’s commands. This allows attackers to execute arbitrary commands.
The vulnerability of the mySCADA myPRO industrial process visualization and control system exists due to the failure to take measures to neutralize special elements used in the operating system’s commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remote...
CVE-2023-28706 Apache Airflow Hive Provider Beeline Remote Command Execution
Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider: before 6.0.0...
CVE-2023-28706 Apache Airflow Hive Provider Beeline Remote Command Execution
Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider: before 6.0.0...
Binwalk 2.3.2 Remote Command Execution
Exploit Title: Binwalk v2.3.2 - Remote Command Execution RCE Exploit Author: Etienne Lacoche CVE-ID: CVE-2022-4510 import os import inspect import argparse print"" print"" print"------------------CVE-2022-4510----------------" print"" print"--------Binwalk Remote Command Execution--------"...
WIMAX SWC-5100W Remote Command Execution
Exploit Title: WIMAX SWC-5100W Firmware V1.11.0.1 :1.9.9.4 - Authenticated RCE Vulnerability Name: Ballin' Mada Date: 4/3/2023 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: http://www.seowonintech.co.kr/eng/main Version: Bootloader1.18.19.0 , HW 0.0.7.0, FW1.11.0.1 : 1.9.9.4 Tested...
Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Remote Command Execution (cisco-sa-sb-rv01x_rv32x_rce-nzAGWWDD)
According to its self-reported version, the Cisco Small Business Router is by a vulnerability. A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary...
CVE-2023-20128
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. These vulnerabilitie...