CVE-2024-0293

A vulnerability classified as critical was found in Totolink LR1200GB 9.1.0u.6619B20230130. Affected by this vulnerability is the function setUploadSetting of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to os command injection. The attack can be launched remotel...

CVE-2024-0292

A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619B20230130. Affected is the function setOpModeCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to os command injection. It is possible to launch the attack remotely. The explo...

PT-2024-1056 · Totolink · Totolink Lr1200Gb

Name of the Vulnerable Software and Affected Versions: Totolink LR1200GB version 9.1.0u.6619 B20230130 Description: The issue affects the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi, where the manipulation of the FileName argument leads to command injection. This can be exploited...

Exploit for Command Injection in Flir Flir_Ax8_Firmware

CVE-2023-51126 FLIR AX8 up to 1.46.16 is vulnerable to command...

PT-2023-8323 · Tenda · Tenda W9

Name of the Vulnerable Software and Affected Versions: Tenda W9 version 1.0.0.74456 CN Description: The issue exists due to the lack of neutralization of special elements in the formSetDiagnoseInfo function of the Tenda W9 wireless access point's firmware. This can allow a remote attacker to...

Command injection

A vulnerability was found in kalcaddle kodbox up to 1.48. It has been declared as critical. Affected by this vulnerability is the function check of the file plugins/officeViewer/controller/libreOffice/index.class.php. The manipulation of the argument soffice leads to command injection. The attack...

CVE-2023-6848

The CVE-2023-6848 issue affects kalcaddle kodbox up to 1.48. The vulnerable component is plugins/officeViewer/controller/libreOffice/index.class.php (check function). Manipulating the soffice argument leads to remote command injection. Exploitation has been disclosed publicly. A fix is available ...

PT-2023-32789 · Kodbox · Kodbox

Name of the Vulnerable Software and Affected Versions: kalcaddle kodbox versions up to 1.48 Description: A critical issue has been found, affecting the function check of the file plugins/officeViewer/controller/libreOffice/index.class.php. The manipulation of the soffice argument leads to command...

CVE-2023-48380

Softnext Mail SQR Expert is an email management platform, it has insufficient filtering for a special character within a spcific function. A remote attacker authenticated as a localhost can exploit this vulnerability to perform command injection attacks, to execute arbitrary system command,...

Fortinet FortiPortal 安全漏洞

Fortinet FortiPortal is an advanced, feature-rich hosted security analysis and management support tool for Fortinet's FortiGate, FortiWiFi and FortiAP product lines, available as a virtual machine for MSPs. A command injection vulnerability exists in Fortinet FortiPortal, which can be exploited b...

CVE-2023-44291

Dell DM5500 5.14.0.0 contains an OS command injection vulnerability in the appliance. A remote attacker with high privileges could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the underlying OS, with the privileges of the vulnerable application...

Security Vulnerability in WAGO Industrial Managed Switch

WAGO Industrial Managed Switch is a series of industrial Ethernet switches from WAGO, Germany. A security vulnerability exists in the WAGO Industrial Managed Switch that originates from allowing an unauthenticated, remote attacker to inject arbitrary system commands and gain full system control...

CVE-2023-35762

Versions of INEA ME RTU firmware 3.36b and prior are vulnerable to operating system OS command injection, which could allow remote code execution...

CVE-2023-6019

A command injection existed in Ray's cpuprofile URL parameter allowing attackers to execute os commands on the system running the ray dashboard remotely without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here:...

CVE-2023-20273

A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web...

TOTOLINK X6000R Command Injection Vulnerability

The TOTOLINK X6000R is a wireless router from China's Gion Electronics TOTOLINK. A security vulnerability exists in the TOTOLINK X6000R v9.4.0cu.652B20230116 version that stems from a remote command execution vulnerability in the method in the sub412688 location...

TOTOLINK X6000R Command Injection Vulnerability

The TOTOLINK X6000R is a wireless router from China's Gion Electronics TOTOLINK. A security vulnerability exists in the TOTOLINK X6000R v9.4.0cu.652B20230116 version that stems from a remote command execution vulnerability in the method in the sub41A414 location...

CVE-2023-43510 Authenticated Remote Command Injection in ClearPass Policy Manager Web-Based Management Interface Leading to Partial System Compromise

A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a non-privileged user on the underlying operating system...

CVE-2023-43510 Authenticated Remote Command Injection in ClearPass Policy Manager Web-Based Management Interface Leading to Partial System Compromise

A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a non-privileged user on the underlying operating system...

CVE-2023-5684

A vulnerability was found in Byzoro Smart S85F Management Platform up to 20231012. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /importexport.php. The manipulation leads to os command injection. The attack can be launched remotely. The...