CVE-2024-5196

CVE-2024-5196 targets Arris VAP2500 v08.50. A vulnerability in /tools_command.php (parameter cmb_header/txt_command) allows remote command injection. Exploitation is possible remotely; public disclosure noted. No remediation details provided in the supplied documents.

CVE-2024-5194

A vulnerability was found in Arris VAP2500 08.50. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /assoctable.php. The manipulation of the argument id leads to command injection. The attack can be launched remotely. The exploit has been...

CVE-2024-4965

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in D-Link DAR-7000-40 V31R02B1413C and classified as critical. This issue affects some unknown processing of the file /useratte/resmanage.php. The manipulation of the argument load leads to os command injection. The attack may be initiated...

VulnCheck KEV: CVE-2023-50358

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network...

LoLLMs Operating System Command Injection Vulnerability

LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. An operating system command injection vulnerability exists in LoLLMs versions prior to 9.5 that stems from incorrect neutralization of special elements used in operating system commands, allowi...

Yealink Device Management Platform Pre-authentication Remote Command Injection (CVE-2021-27561)

Binary data yealinkdevicemanagementplatformCVE-2021-27561.nbin...

PT-2024-32996 · Ruijie · Ruijie Rg-Uac

Name of the Vulnerable Software and Affected Versions: Ruijie RG-UAC versions prior to 20240507 Description: A critical vulnerability exists in Ruijie RG-UAC. The manipulation of the name argument in an unknown function of the file /view/networkConfig/physicalInterface/interface commit.php leads ...

CVE-2024-4505

CVE-2024-4505 concerns Ruijie RG-UAC (up to 20240428). The issue is an OS command injection in the PHP file /view/IPV6/ipv6Addr/ip_addr_add_commit.php, triggered by manipulating the arguments prelen/ethname. It is exploitable remotely and has been publicly disclosed. Multiple sources (NVD, Red Ha...

PT-2024-31426 · Ruijie · Ruijie Rg-Uac

Name of the Vulnerable Software and Affected Versions: Ruijie RG-UAC up to 20240428 Description: A critical issue has been found in Ruijie RG-UAC, affecting an unknown functionality of the file /view/IPV6/naborTable/add commit.php. The manipulation of the ip addr/mac addr argument leads to os...

PT-2024-31421 · Ruijie · Ruijie Rg-Uac

Name of the Vulnerable Software and Affected Versions: Ruijie RG-UAC up to 20240428 Description: A critical issue has been found, allowing for OS command injection through the manipulation of the oldipmask, oldgateway, and olddevname arguments in an unknown function of the file...

VulnCheck KEV: CVE-2023-3608

A vulnerability was found in Ruijie BCR810W 2.5.10. It has been rated as critical. This issue affects some unknown processing of the component Tracert Page. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may...

CVE-2023-50217

D-Link G416 awsfile rm Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists...

CVE-2023-41200

D-Link DAP-1325 HNAP SetHostIPv6StaticSettings StaticPrefixLength Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit...

CVE-2023-41201

D-Link DAP-1325 HNAP SetSetupWizardStatus Enabled Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerabilit...

CVE-2023-34278

D-Link DIR-2150 SetSysEmailSettings EmailFrom Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this...

D-Link DIR-X3260 安全漏洞

D-Link DIR-X3260 is a Wi-Fi 6 router from China-based AUO D-Link. A security vulnerability exists in the D-Link DIR-X3260 that stems from a command injection remote code execution vulnerability...

D-Link DAP-1325 安全漏洞

D-Link DAP-1325 is a wireless access point/bridge made by D-Link, which is mainly used to extend the wireless network coverage, support the conversion of wired network to wireless network or connect different wireless networks. The D-Link DAP-1325 suffers from a Command Injection Remote Code...

D-Link DAP-1325 安全漏洞

D-Link DAP-1325 is a wireless network extender made by D-Link, which is mainly used to extend the wireless network coverage, support the conversion of wired network and wireless network or connect to different wireless networks. The D-Link DAP-1325 suffers from a command injection remote code...

CVE-2024-3191

A vulnerability, which was classified as critical, has been found in MailCleaner up to 2023.03.14. This issue affects some unknown processing of the component Email Handler. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the...

CVE-2024-3193

A vulnerability has been found in MailCleaner up to 2023.03.14 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Admin Endpoints. The manipulation leads to os command injection. The attack can be launched remotely. The exploit has been disclos...