CVE-2023-36670

A remotely exploitable command injection vulnerability was found on the Kratos NGC-IDU 9.1.0.4. An attacker can execute arbitrary Linux commands as root by sending crafted TCP requests to the device...

PT-2023-25672 · Kratos · Kratos Ngc-Idu

Name of the Vulnerable Software and Affected Versions: Kratos NGC-IDU version 9.1.0.4 Description: A remotely exploitable command injection issue was discovered, allowing an attacker to execute arbitrary Linux commands as root by sending crafted TCP requests to the device. Recommendations: For...

CVE-2023-3606

A vulnerability was found in TamronOS up to 20230703. It has been classified as critical. This affects an unknown part of the file /api/ping. The manipulation of the argument host leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

PT-2023-25418 · Tamronos · Tamronos

Name of the Vulnerable Software and Affected Versions: TamronOS versions up to 20230703 Description: A critical issue has been found, affecting an unknown part of the file "/api/ping". The manipulation of the host argument leads to os command injection, allowing remote attacks. The issue has been...

Western Digital My Cloud Multiple Products 5.x < 5.26.300 Multiple Vulnerabilities (WDC-23010)

Multiple Western Digital My Cloud products are prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-22816

A post-authentication remote command injection vulnerability in a CGI file in Western Digital My Cloud OS 5 devices that could allow an attacker to build files with redirects and execute larger payloads. This issue affects My Cloud OS 5 devices: before 5.26.300...

CVE-2023-22816

A post-authentication remote command injection vulnerability in a CGI file in Western Digital My Cloud OS 5 devices that could allow an attacker to build files with redirects and execute larger payloads. This issue affects My Cloud OS 5 devices: before 5.26.300...

CVE-2023-22815

Post-authentication remote command injection vulnerability in Western Digital My Cloud OS 5 devices that could allow an attacker to execute code in the context of the root user on vulnerable CGI files. This vulnerability can only be exploited over the network and the attacker must already have...

CVE-2023-22815

The CVE-2023-22815 issue affects Western Digital My Cloud OS 5 devices prior to 5.26.300. It enables post-authentication remote code execution as root via vulnerable CGI files over the network, requiring existing admin/root privileges (authentication bypass needed) and risking high impact to inte...

CVE-2023-22815 Post-authentication remote command injection vulnerability on Western Digital My Cloud OS 5 devices

Post-authentication remote command injection vulnerability in Western Digital My Cloud OS 5 devices that could allow an attacker to execute code in the context of the root user on vulnerable CGI files. This vulnerability can only be exploited over the network and the attacker must already have...

CVE-2023-22816 Limited Post-Authentication Remote Command Injection in My Cloud Products

A post-authentication remote command injection vulnerability in a CGI file in Western Digital My Cloud OS 5 devices that could allow an attacker to build files with redirects and execute larger payloads. This issue affects My Cloud OS 5 devices: before 5.26.300...

Western Digital My Cloud 命令注入漏洞

Western Digital My Cloud is a personal cloud storage device from Western Digital. A security vulnerability exists in Western Digital My Cloud OS 5, which originates from a remote command injection vulnerability in a CGI file in the device...

PT-2023-24908 · Ruijie · Ruijie Rg-Bcr860

Name of the Vulnerable Software and Affected Versions: Ruijie RG-BCR860 version 2.5.13 Description: A critical issue affects the Network Diagnostic Page component, leading to os command injection through unknown processing. This can be exploited remotely. Recommendations: For Ruijie RG-BCR860...

PT-2023-24778 · Unknown +1 · Glpi Agent +1

Name of the Vulnerable Software and Affected Versions: GLPI Agent versions prior to 1.5 Description: The issue affects the GLPI Agent, a generic management agent, when running the remoteinventory task against a Unix platform using the ssh command. An administrator user on the remote system can...

CVE-2022-38156

A remote command injection issues exists in the web server of the Kratos SpectralNet device with SpectralNet Narrowband NB before 1.7.5. As an admin user, an attacker can send a crafted password in order to execute Linux commands as the root user...

CVE-2022-38156

A remote command injection issues exists in the web server of the Kratos SpectralNet device with SpectralNet Narrowband NB before 1.7.5. As an admin user, an attacker can send a crafted password in order to execute Linux commands as the root user...

CVE-2022-38156

A remote command injection issues exists in the web server of the Kratos SpectralNet device with SpectralNet Narrowband NB before 1.7.5. As an admin user, an attacker can send a crafted password in order to execute Linux commands as the root user...

CVE-2023-2868: Total Compromise of Physical Barracuda ESG Appliances

Rapid7 incident response teams are investigating exploitation of physical Barracuda Networks Email Security Gateway ESG appliances dating back to at least November 2022. As of June 6, 2023, as part of an ongoing product incident response, Barracuda is urging ESG customers to immediately...

CVE-2023-28702

ASUS RT-AC86U does not filter special characters for parameters in specific web URLs. A remote attacker with normal user privileges can exploit this vulnerability to perform command injection attack to execute arbitrary system commands, disrupt system or terminate service...

CVE-2023-28702

ASUS RT-AC86U does not filter special characters for parameters in specific web URLs. A remote attacker with normal user privileges can exploit this vulnerability to perform command injection attack to execute arbitrary system commands, disrupt system or terminate service...