Horizon Business Services Caterease 安全漏洞

Horizon Business Services Caterease is an event planning and catering software from Horizon Business Services, USA. A security vulnerability exists in Horizon Business Services Caterease versions 16.0.1.1663 through 24.0.1.2405 and later versions, which stems from improper neutralization of...

CVE-2024-7181

A vulnerability classified as critical was found in TOTOLINK A3600R 4.1.2cu.5182B20201102. This vulnerability affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument telnetenabled leads to command injection. The attack can be initiated remotely. The...

CVE-2024-7181

A vulnerability classified as critical was found in TOTOLINK A3600R 4.1.2cu.5182B20201102. This vulnerability affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument telnetenabled leads to command injection. The attack can be initiated remotely. The...

CVE-2024-7175

A vulnerability has been found in TOTOLINK A3600R 4.1.2cu.5182B20201102 and classified as critical. This vulnerability affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ipDoamin leads to os command injection. The attack can be initiated...

PT-2024-38137 · Totolink · Totolink A3600R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3600R version 4.1.2cu.5182 B20201102 Description: A critical issue has been found that affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ipDoamin leads to os command injection...

CVE-2024-7158

A vulnerability was found in TOTOLINK A3100R 4.1.2cu.5050B20200504. It has been declared as critical. This vulnerability affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument telnetenabled leads to command...

CVE-2024-7158

CVE-2024-7158 affects TOTOLINK A3100R (v4.1.2cu.5050_B20200504). The vulnerability is in the HTTP POST Request Handler’s setTelnetCfg function (/cgi-bin/cstecgi.cgi): manipulation of the telnet_enabled argument enables command injection. Impact is remote exploitation with potential high severity ...

PT-2024-38120 · Totolink · Totolink A3100R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3100R version 4.1.2cu.5050 B20200504 Description: A critical issue affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi in the HTTP POST Request Handler component. The manipulation of the telnet enabled argument leads ...

CVE-2024-7120

A vulnerability, which was classified as critical, was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. This affects an unknown part of the file listbaseconfig.php of the component Web Interface. The manipulation of the argument template leads to os command injection. It is possible...

PT-2024-22557 · Ifm · Smart Plc Ac14Xx Firmware +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: A remote attacker with high privileges may use a writing file function to inject OS commands. There is no information provided about the estimated numbe...

USN-6856-1 fontforge vulnerabilities

It was discovered that FontForge incorrectly handled filenames. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to perform a command injection. CVE-2024-25081 It was discovered that FontForge incorrectly...

CVE-2024-6269

A vulnerability has been found in Ruijie RG-UAC 1.0 and classified as critical. This vulnerability affects the function getip.addrdetails of the file /view/vpn/autovpn/sxhvpnlic.php of the component HTTP POST Request Handler. The manipulation of the argument indevice leads to command injection. T...

CVE-2024-6187

A vulnerability has been found in Ruijie RG-UAC 1.0 and classified as critical. This vulnerability affects unknown code of the file /view/vpn/autovpn/subcommit.php. The manipulation of the argument key leads to os command injection. The attack can be initiated remotely. The exploit has been...

CVE-2024-6186

A vulnerability, which was classified as critical, was found in Ruijie RG-UAC 1.0. This affects an unknown part of the file /view/userAuthentication/SSO/commit.php. The manipulation of the argument adlogname leads to os command injection. It is possible to initiate the attack remotely. The exploi...

CVE-2024-6185

A vulnerability, which was classified as critical, has been found in Ruijie RG-UAC 1.0. Affected by this issue is the function getipaddrdetails of the file /view/dhcp/dhcpConfig/commit.php. The manipulation of the argument ethname leads to os command injection. The attack may be launched remotely...

PT-2024-27683 · Totolink · Totolink X6000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A6000R version 1.0.1-B20201211.2000 Description: A command injection issue allows a remote attacker to execute arbitrary code via the iface parameter in the vif enable function. This enables the attacker to inject and execute command...

PT-2024-37441 · Ruijie · Ruijie Rg-Uac

Name of the Vulnerable Software and Affected Versions: Ruijie RG-UAC version 1.0 Description: A critical vulnerability has been found in the file /view/vpn/autovpn/sub commit.php, where the manipulation of the key argument leads to os command injection. The attack can be initiated remotely. The...

PT-2024-5054

Name of the Vulnerable Software and Affected Versions GeoVision devices affected versions not specified Description The issue exists due to the failure to properly filter user input for specific functionality, allowing unauthenticated remote attackers to inject and execute arbitrary system comman...

PT-2024-4394 · Ruijie · Ruijie Rg-Uac

Name of the Vulnerable Software and Affected Versions: Ruijie RG-UAC version 1.0 Description: A critical issue has been found in the function get ip addr details of the file /view/dhcp/dhcpConfig/commit.php. The manipulation of the argument ethname leads to os command injection. The attack may be...

ASKEY 5G NR Small Cell 操作系统命令注入漏洞

The Askey 5G NR Small Cell is a 5G base station from China's Askey Electronic Technology Askey. An OS command injection vulnerability exists in ASKEY 5G NR Small Cell version V6, which stems from the inability to properly filter user input for certain functions, allowing an attacker to execute...