15304 matches found
CVE-2022-45796 SHARP Multifunction Printer - Command Injection
Command injection vulnerability in nwinterface.html in SHARP multifunction printers MFPs's Digital Full-color Multifunctional System 202 or earlier, 120 or earlier, 600 or earlier, 121 or earlier, 500 or earlier, 402 or earlier, 790 or earlier, and Digital Multifunctional System Monochrome 200 or...
CVE-2022-25627
An authenticated administrator who has physical access to the environment can carry out Remote Command Execution on Management Console in Symantec Identity Manager 14.4...
CVE-2022-25627
An authenticated administrator who has physical access to the environment can carry out Remote Command Execution on Management Console in Symantec Identity Manager 14.4...
CVE-2022-25627
Symantec Identity Manager 14.4 is affected: an authenticated administrator with physical access can perform Remote Command Execution on the Management Console. The publicly documented details describe local access as the attack vector with high impact on confidentiality, integrity, and availabili...
Syncovery For Linux Web-GUI Authenticated Remote Command Execution Exploit
This Metasploit module exploits an authenticated command injection vulnerability in the Web GUI of Syncovery File Sync and Backup Software for Linux. Successful exploitation results in remote code execution under the context of the root user. Syncovery allows an authenticated user to create jobs,...
PT-2022-27018 · Unknown · Sicam Pas/Pqs
Name of the Vulnerable Software and Affected Versions: SICAM PAS/PQS versions prior to V7.0 Description: A security issue has been identified where the affected software transmits database credentials for the inbuilt SQL server in cleartext. This, combined with the default enabled xp cmdshell...
PT-2022-6344 · Delta Electronics · Dx-2100-L1-Cn
Name of the Vulnerable Software and Affected Versions: Delta Electronics DX-2100-L1-CN version 2.42 Description: The issue exists due to the lack of neutralization of special elements used in the operating system command by the lform/net diagnose component of the Delta Electronics DX-2100-L1-CN...
CVE-2022-43542
Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete...
CVE-2022-43542
Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete...
CVE-2022-43541
Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete...
CVE-2022-37920
Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete...
CVE-2022-37924
Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete...
Unauthenticated Remote Command Execution on corebos due to exposed install files.
Description While analysing corebos source-code, I found a file that looked interesting: - install/MigrationDbBackup.php This file contains the following snippet of code: php ?php /+ The contents of this file are subject to the vtiger CRM Public License Version 1.0 "License"; You may not use this...
Aruba Networks EdgeConnect 安全漏洞
Aruba Networks EdgeConnect is an edge connectivity management platform from Aruba Networks, USA. A security vulnerability exists in Aruba Networks EdgeConnect that stems from a command line interface that allows an authenticated remote user to run arbitrary commands on the underlying host...
The vulnerability of the FortiWAN traffic balancing system’s web interface allows a attacker to execute arbitrary commands.
The vulnerability of the FortiWAN traffic balancing system’s web interface is related to the failure to take measures to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands by sending speciall...
CVE-2022-45145
egg-compile.scm in CHICKEN 5.x before 5.3.1 allows arbitrary OS command execution during package installation via escape characters in a .egg file...
The vulnerability in the web interface of the Aruba EdgeConnect Enterprise Orchestrator platform allows a attacker to execute arbitrary commands.
The vulnerability of the web interface for managing the Aruba EdgeConnect Enterprise Orchestrator platform is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to execute arbitrary commands remotely...
CVE-2022-44606
OS command injection vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings...
PT-2022-27262 · Unknown · Udr-Ja1608 +2
Name of the Vulnerable Software and Affected Versions: UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier Description: The issue allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings. Recommendations: Fo...
PT-2022-26928 · Unknown · Udr-Ja1608 +2
Name of the Vulnerable Software and Affected Versions: UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier Description: The issue allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings. This is due to a...