15300 matches found
CVE-2022-47504 SolarWinds Platform Deserialization of Untrusted Data Vulnerability
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands...
CVE-2023-23836 SolarWinds Platform Deserialization of Untrusted Data Vulnerability
SolarWinds Platform version 2022.4.1 was found to be susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to the SolarWinds Web Console to execute arbitrary commands...
CVE-2022-47507 SolarWinds Platform Deserialization of Untrusted Data Vulnerability
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands...
CVE-2022-47503 SolarWinds Platform Deserialization of Untrusted Data Vulnerability
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands...
The vulnerability of the httpd microprogramming software used in TOTOLINK A7100RU routers allows attackers to execute arbitrary commands.
The vulnerability of the httpd microprogramming system used in TOTOLINK A7100RU routers lies in the lack of measures to neutralize special elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of the centralized control system for network devices and ports of Advantech iView, related to the lack of measures taken to protect the SQL query structure, allows attackers to execute arbitrary SQL commands.
The vulnerability of the centralized control system for network devices and ports of Advantech iView relates to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands remotely...
The vulnerability of the exec() function implementation in D-Link DIR-846 router software allows a hacker to execute arbitrary commands.
The vulnerability of the exec function implementation in D-Link DIR-846 router microprogramming software is related to the failure to take measures to neutralize special elements used in the operating system’s command when processing the lan0dhcpsstaticlist parameter. Exploiting this vulnerabilit...
CVE-2022-45104
Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain a command execution vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to execute arbitrary commands on the underlying system...
CVE-2022-34447
PowerPath Management Appliance with versions 3.3 & 3.2, 3.1 & 3.0 contains OS Command Injection vulnerability. An authenticated remote attacker with administrative privileges could potentially exploit the issue and execute commands on the system as the root user...
PT-2023-14731
Name of the Vulnerable Software and Affected Versions APSystems ECU-R version 5203 Description The issue allows a remote unauthenticated attacker to execute arbitrary commands as root using the timezone parameter in the administration interface. Recommendations For APSystems ECU-R version 5203,...
The vulnerability of the web server of the microprogrammed wireless access points from Delta Electronics, the DVW-W02W2-E2, allows a intruder to execute arbitrary commands and gain full control over the system.
The vulnerability of the web server of the microprogrammed wireless access points from Delta Electronics DVW-W02W2-E2 lies in the lack of measures to neutralize special elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands and gain full control over the...
TerraMaster OS Remote Command Execution Vulnerability
TerraMaster OS contains a remote command execution vulnerability that allows an unauthenticated user to execute commands on the target endpoint...
PT-2023-1709 · Sap · Sap Businessobjects
Name of the Vulnerable Software and Affected Versions: SAP Business Object Adaptive Job Server versions 420, 430 Description: The issue allows remote execution of arbitrary commands on Unix systems when program objects execution is enabled. This can be done by authenticated users with scheduling...
VulnCheck KEV: CVE-2010-2261
Linksys WAP54Gv3 firmware 3.04.03 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the 1 data2 and 2 data3 parameters to a Debugcommandpage.asp and b debug.cgi...
CVE-2022-24990
TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending “User-Agent: TNAS” to module/api.php?mobile/webNasIPS and then reading the PWD field in the response. Recent assessments: cbeek-r7 at July 26, 2024 7:31pm UTC reported: A July 2024 bullet...
NVS365 安全漏洞
NVS365 is a network video server from NVS365. A security vulnerability exists in NVS365 version V01, which stems from a command execution that can be triggered by the background network test function...
Dell EMC NetWorker 代码注入漏洞
Dell EMC NetWorker is a suite of unified backup and recovery software from Dell USA. The software provides backup and recovery, deduplication elimination, backup reporting, and other features. A code injection vulnerability exists in Dell EMC NetWorker. An unauthenticated, remote attacker can sen...
The vulnerability of the web-based management interfaces for Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W microprogramming software VPN routers lies in insufficient cleaning of special elements in the output data used by the incoming component. This allows a malicious actor to execute arbitrary commands.
The vulnerability of the web-based management interfaces for Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W microprogramming systems lies in insufficient cleaning of special elements in the output data used by the incoming component. Exploiting this vulnerability allows a remote...
The vulnerability of InHand Networks InRouter 302 and InRouter 615’s microprogramming software, related to deficiencies in access control, allows attackers to execute arbitrary commands.
The vulnerability of InHand Networks InRouter 302 and InRouter 615 microprogrammed software lies in the lack of access control mechanisms. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
CVE-2022-46552
D-Link DIR-846 Firmware FW100A53DBR was discovered to contain a remote command execution RCE vulnerability via the lan0dhcpsstaticlist parameter. This vulnerability is exploited via a crafted POST request...