Barracuda Networks ESG Appliance Improper Input Validation Vulnerability

Barracuda Email Security Gateway ESG appliance contains an improper input validation vulnerability of a user-supplied .tar file, leading to remote command injection...

CVE-2023-2868

A remote command injection vulnerability exists in the Barracuda Email Security Gateway appliance form factor only product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file tape archives. The vulnerability ste...

CVE-2023-2868

A remote command injection vulnerability exists in the Barracuda Email Security Gateway appliance form factor only product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file tape archives. The vulnerability ste...

CVE-2023-2868

A remote command injection vulnerability exists in the Barracuda Email Security Gateway appliance form factor only product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file tape archives. The vulnerability ste...

Command injection

A remote command injection vulnerability exists in the Barracuda Email Security Gateway appliance form factor only product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file tape archives. The vulnerability ste...

CVE-2023-2868

CVE-2023-2868 affects Barracuda Email Security Gateway (ESG) Appliance versions 5.1.3.001–9.2.0.006. It is due to incomplete sanitization of a user-supplied .tar archive, enabling remote command execution via Perl's qx with the appliance privileges. Barracuda fixed it in patch BNSF-36456 (auto-ap...

CVE-2023-2682

A vulnerability was found in Caton Live up to 2023-04-26 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/ping.cgi of the component MiniHTTPD. The manipulation of the argument address with the input ;id;uname$IFS-a leads to command injection. The attack...

CVE-2023-2682

A vulnerability was found in Caton Live up to 2023-04-26 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/ping.cgi of the component MiniHTTPD. The manipulation of the argument address with the input ;id;uname$IFS-a leads to command injection. The attack...

PT-2023-20808 · Unknown · Caton Live +1

Name of the Vulnerable Software and Affected Versions: Caton Live versions up to 2023-04-26 Description: A critical issue affects the Mini HTTPD component, specifically the /cgi-bin/ping.cgi file. The manipulation of the address argument with the input ;id;uname$IFS-a leads to command injection...

CVE-2023-2647

A vulnerability was found in Weaver E-Office 9.5 and classified as critical. Affected by this issue is some unknown functionality of the file /webroot/inc/utilityall.php of the component File Upload Handler. The manipulation leads to command injection. The attack may be launched remotely. The...

CVE-2023-2649

A vulnerability was found in Tenda AC23 16.03.07.45cn. It has been declared as critical. This vulnerability affects unknown code of the file /bin/ate of the component Service Port 7329. The manipulation of the argument v2 leads to command injection. The attack can be initiated remotely. The explo...

CVE-2023-2649

CVE-2023-2649 affects Tenda AC23 with firmware 16.03.07.45_cn, where a flaw in the Service Port 7329 component (/bin/ate) allows manipulation of the v2 argument to trigger remote command injection. Exploitation can occur without user interaction and has been disclosed publicly. Impact is arbitrar...

CVE-2023-2522

A vulnerability was found in Chengdu VEC40G 3.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /sendorder.cgi?parameter=accessdetect of the component Network Detection. The manipulation of the argument COUNT with the input 3 | netstat -an...

CVE-2023-2520

Caton Prime 2.1.2.51.e8d7225049(202303031001) contains a command injection in the Ping Handler, via manipulation of the Destination argument in cgi-bin/tools_ping.cgi?action=Command. This allows remote exploitation and affects the Ping Handler component; impact is high (as per CVE-2023-2520). No ...

CVE-2023-2376

A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. It has been classified as critical. Affected is an unknown function of the component Web Management Interface. The manipulation of the argument dpi leads to command injection. It is possible to launch the attack remotely. Th...

Vulnerabilities fixed in Zyxel Firewalls and Access Points

Zyxel has fixed vulnerabilities in the firmware of several USG, APT, VPN and ZyWall systems. A malicious party can exploit the vulnerabilities exploit them for attacks that can result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Remote code execution...

Zyxel ATP 操作系统命令注入漏洞

Zyxel ATP is a firewall from China Heqin Zyxel. A security vulnerability exists in Zyxel ATP versions 4.32 through 5.35. An attacker could exploit the vulnerability to remotely execute certain operating system commands...

ZOHO ManageEngine ADManager Plus 命令注入漏洞

ZOHO ManageEngine ADManager Plus is a set of Microsoft Active Directory management software designed for enterprise users using Windows domains from ZOHO, USA. A remote command vulnerability exists in ZOHO ManageEngine ADManager Plus, which can be exploited by attackers to perform command injecti...

VulnCheck KEV: CVE-2023-1389

TP-Link Archer AX-21 contains a command injection vulnerability that allows for remote code execution...

CVE-2023-26866

GreenPacket OH736's WR-1200 Indoor Unit, OT-235 with firmware versions M-IDU-1.6.0.3V1.1 and MH-46360-2.0.3-R5-GP respectively are vulnerable to remote command injection. Commands are executed using pre-login execution and executed with root privileges allowing complete takeover...