CVE-2023-26866

GreenPacket OH736's WR-1200 Indoor Unit, OT-235 with firmware versions M-IDU-1.6.0.3V1.1 and MH-46360-2.0.3-R5-GP respectively are vulnerable to remote command injection. Commands are executed using pre-login execution and executed with root privileges allowing complete takeover...

Command injection

GreenPacket OH736's WR-1200 Indoor Unit, OT-235 with firmware versions M-IDU-1.6.0.3V1.1 and MH-46360-2.0.3-R5-GP respectively are vulnerable to remote command injection. Commands are executed using pre-login execution and executed with root privileges allowing complete takeover...

CVE-2023-26866

CVE-2023-26866 affects GreenPacket OH736 WR-1200 Indoor Unit (M-IDU-1.6.0.3_V1.1) and OT-235 (MH-46360-2.0.3-R5-GP). It enables remote command injection via pre-login execution, with root privileges and potential full system takeover. CVSS v3.1 base score 9.8 (NETWORK, HIGH impact on confidential...

PT-2023-20835 · Green Packet · Ot-235 +1

Name of the Vulnerable Software and Affected Versions: GreenPacket OH736's WR-1200 Indoor Unit version M-IDU-1.6.0.3 V1.1 GreenPacket OH736's OT-235 version MH-46360-2.0.3-R5-GP Description: The issue allows for remote command injection. Commands are executed before login and with root privileges...

CVE-2023-26866

GreenPacket OH736's WR-1200 Indoor Unit, OT-235 with firmware versions M-IDU-1.6.0.3V1.1 and MH-46360-2.0.3-R5-GP respectively are vulnerable to remote command injection. Commands are executed using pre-login execution and executed with root privileges allowing complete takeover...

PT-2023-2256 · D Link · D-Link Go-Rt-Ac750

Name of the Vulnerable Software and Affected Versions: D-Link GO-RT-AC750 version revA v101b03 Description: The issue is related to a command injection vulnerability via the service parameter at soapcgi.main. This vulnerability can be exploited by a remote attacker to execute arbitrary commands...

CVE-2023-1685

A vulnerability was found in HadSky up to 7.11.8. It has been declared as critical. This vulnerability affects unknown code of the file /install/index.php of the component Installation Interface. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has be...

CVE-2023-1685

HadSky up to 7.11.8 contains a command injection vulnerability in the Installation Interface, specifically the /install/index.php file. The vulnerability allows remote exploitation and has been publicly disclosed. Affected software: HadSky versions up to 7.11.8. Root cause: unknown code in the In...

MiniDVBLinux 5.4 - Remote Root Command Injection

Exploit Title: MiniDVBLinux 5.4 - Remote Root Command Injection Exploit Author: LiquidWorm !/usr/bin/env python3 MiniDVBLinux 5.4 Remote Root Command Injection Vulnerability Vendor: MiniDVBLinux Product web page: https://www.minidvblinux.de Affected version: =5.4 Summary: MiniDVBLinuxTM...

CVE-2023-1458

A vulnerability has been found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6 and classified as critical. Affected by this vulnerability is an unknown functionality of the component OSPF Handler. The manipulation of the argument area leads to command injection. The attack can be launched remotely. The...

CVE-2023-1457

A vulnerability, which was classified as critical, was found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6. Affected is an unknown function of the component Static Routing Configuration Handler. The manipulation of the argument next-hop-interface leads to command injection. It is possible to launch the...

CVE-2023-1456

A vulnerability, which was classified as critical, has been found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6. This issue affects some unknown processing of the component NAT Configuration Handler. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been...

CVE-2023-27078

A command injection issue was found in TP-Link MR3020 v.1150921 that allows a remote attacker to execute arbitrary commands via a crafted request to the tftp endpoint...

PT-2023-16918 · Liferea +2 · Liferea +2

Name of the Vulnerable Software and Affected Versions: liferea affected versions not specified Description: A critical issue has been found, affecting the function update job run of the file src/update.c in the component Feed Enrichment. The manipulation of the argument source with the input |dat...

CVE-2023-22761

Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to full...

Command injection

Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to full...

Aruba Networks ArubaOS 命令注入漏洞

Aruba Networks ArubaOS is an operating system for Aruba Mobility-Defined Networks, including Mobility Controllers and Mobility Access Switches from Aruba Networks, Inc. A security vulnerability exists in Aruba Networks ArubaOS that originates from an authenticated remote command injection...

CVE-2023-22759

ArubaOS web-based management interface is affected by authenticated remote command injection in ArubaOS. The root cause is insufficient input handling in the web interface, allowing an attacker with valid credentials to execute arbitrary commands as a privileged OS user, potentially fully comprom...

PT-2023-1583 · Aruba · Arubaos

Name of the Vulnerable Software and Affected Versions: ArubaOS affected versions not specified Description: The issue exists in the ArubaOS web-based management interface, where authenticated remote command injection is possible. This allows an attacker to execute arbitrary commands as a privileg...

SUSE CVE-2006-0377

CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary IMAP commands via newline characters in the mailbox parameter of the sqimapmailboxselect command, aka "IMAP injection."...