15300 matches found
Siretta QUARTZ-GOLD 缓冲区错误漏洞
Siretta QUARTZ-GOLD is a high-speed dual-port Gigabit Ethernet industrial router from Siretta.The Siretta QUARTZ-GOLD is vulnerable to a buffer overflow vulnerability that could be exploited by an attacker to cause arbitrary command execution by sending a specially crafted network packet...
PT-2023-13745 · Unknown · Rawchen Blog-Ssm
Name of the Vulnerable Software and Affected Versions: Rawchen blog-ssm version 1.0 Description: An issue in Rawchen blog-ssm allows a remote attacker to escalate privileges and execute arbitrary commands via the component "/upFile". Recommendations: For Rawchen blog-ssm version 1.0, consider...
The vulnerability of the utils.exec build method of the Nginx Proxy Manager web proxy server allows a hacker to execute arbitrary commands on the server.
The vulnerability of the utils.exec build method of the Nginx Proxy Manager proxy server exists because measures to eliminate special elements used in operating system commands have not been taken. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands on the server...
Vulnerability of the web interface of the Cisco IOS XE operating system, allowing a hacker to execute arbitrary commands
The vulnerability of the Cisco IOS XE operating system’s web interface exists due to the lack of measures taken to neutralize special elements used in the operating system’s commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
CVE-2023-20045
A vulnerability in the web-based management interface of Cisco Small Business RV160 and RV260 Series VPN Routers could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validati...
CVE-2022-20964
A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to inject arbitrary commands on the underlying operating system. This vulnerability is due to improper validation of user input within requests as part of the...
CVE-2022-47911 CVE-2022-47911
Sewio’s Real-Time Location System RTLS Studio version 2.0.0 up to and including version 2.6.2 does not properly validate the input module name to the backup services of the software. This could allow a remote attacker to access sensitive functions of the application and execute arbitrary system...
CVE-2023-22279
MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and MAHO-PBX NetDevancer MobileGate Home/Office prior to Ver.1.11.00 allow a remote unauthenticated attacker to execute an arbitrary OS command...
CVE-2023-22280
MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and MAHO-PBX NetDevancer MobileGate Home/Office prior to Ver.1.11.00 allow a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command...
CVE-2023-22279
MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and MAHO-PBX NetDevancer MobileGate Home/Office prior to Ver.1.11.00 allow a remote unauthenticated attacker to execute an arbitrary OS command...
PT-2023-18392 · Maho Pbx · Maho-Pbx Netdevancer Vsg Lite/Uni +2
Name of the Vulnerable Software and Affected Versions: MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud versions prior to 1.11.00 MAHO-PBX NetDevancer VSG Lite/Uni versions prior to 1.11.00 MAHO-PBX NetDevancer MobileGate Home/Office versions prior to 1.11.00 Description: The issue allows a remote...
PT-2023-18394 · Maho Pbx · Maho-Pbx Netdevancer Vsg Lite/Uni +2
Name of the Vulnerable Software and Affected Versions: MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud versions prior to 1.11.00 MAHO-PBX NetDevancer VSG Lite/Uni versions prior to 1.11.00 MAHO-PBX NetDevancer MobileGate Home/Office versions prior to 1.11.00 Description: The issue allows a remote...
The vulnerability of the implementation of the remote_agent.php script in the network monitoring software Cacti allows a perpetrator to execute arbitrary commands.
The vulnerability of the remoteagent.php script implementation of the Cacti network monitoring software is related to the failure to take measures to neutralize special elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...
PT-2023-15526 · Sewio · Sewio'S Real-Time Location System (Rtls) Studio
Name of the Vulnerable Software and Affected Versions: Sewio’s Real-Time Location System RTLS Studio versions 2.0.0 through 2.6.2 Description: The issue is related to improper validation of the input module name to the backup services of the software. This could allow a remote attacker to access...
The vulnerability of the command-line interface of the FortiExtender signal booster software arises from insufficient validation of arguments passed in commands, allowing attackers to execute arbitrary commands.
The vulnerability of the command-line interface of the FortiExtender signal booster software relates to insufficient checking of arguments passed in commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
Zendo Project Management System Remote Command Execution Vulnerability
Zendo Project Management System is a homegrown open source project management software. A remote command execution vulnerability exists in Zendo Project Management System. The vulnerability is caused by not exiting the program properly during the authentication process, resulting in an...
The vulnerability of FortiWLC wireless access controller software, related to deficiencies in access control, allows attackers to execute arbitrary commands and increase their privileges.
The vulnerability of the microprogrammed software of FortiWLC wireless access controllers is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely and elevate their privileges to the root level, bypassing the...
Cisco Small Business RV160 and RV260 Series VPN Routers Remote Command Execution Vulnerability
A vulnerability in the web-based management interface of Cisco Small Business RV160 and RV260 Series VPN Routers could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validati...
CVE-2022-48253
nhttpd in Nostromo before 2.1 is vulnerable to a path traversal that may allow an attacker to execute arbitrary commands on the remote server. The vulnerability occurs when the homedirs option is used...
CVE-2022-48253
nhttpd in Nostromo before 2.1 is vulnerable to a path traversal that may allow an attacker to execute arbitrary commands on the remote server. The vulnerability occurs when the homedirs option is used...