443 matches found
CVE-2023-32347
Teltonika’s Remote Management System versions prior to 4.10.0 use device serial numbers and MAC addresses to identify devices from the user perspective for device claiming and from the device perspective for authentication. If an attacker obtained the serial number and MAC address of a device, th...
CVE-2023-20183
Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more information about these...
CVE-2023-20183
Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more information about these...
Teltonika Remote Management System 授权问题漏洞
Teltonika Remote Management System is a Teltonika remote management system for managing Teltonika products. An authorization issue vulnerability exists in Teltonika Remote Management System versions prior to 4.10.0. An attacker could use this vulnerability to execute arbitrary commands as root by...
PT-2023-3477 · Wavlink · Wavlink Wl-Wn531Ax2
Name of the Vulnerable Software and Affected Versions: WAVLINK WL-WN531AX2 versions prior to 2023526 Description: The issue is related to client-side enforcement of server-side security, which may allow an attacker with administrative privilege to execute OS commands with the root privilege. This...
CVE-2023-28143
Qualys Cloud Agent for macOS versions 2.5.1-75 before 3.7 installer allows a local escalation of privilege bounded only to the time of installation and only on older macOSX macOS 10.15 and older versions. Attackers may exploit incorrect file permissions to give them ROOT command execution...
CVE-2023-28143 Local Privilege Escalation
Qualys Cloud Agent for macOS versions 2.5.1-75 before 3.7 installer allows a local escalation of privilege bounded only to the time of installation and only on older macOSX macOS 10.15 and older versions. Attackers may exploit incorrect file permissions to give them ROOT command execution...
CVE-2023-28143 Local Privilege Escalation
Qualys Cloud Agent for macOS versions 2.5.1-75 before 3.7 installer allows a local escalation of privilege bounded only to the time of installation and only on older macOSX macOS 10.15 and older versions. Attackers may exploit incorrect file permissions to give them ROOT command execution...
CVE-2023-20128
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. These vulnerabilitie...
PT-2023-3315 · Cisco · Cisco Small Business Rv320 +1
Name of the Vulnerable Software and Affected Versions: Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers affected versions not specified Description: The web-based management interface of the affected devices has insufficient validation of user-supplied input, allowing an...
The vulnerability in the web interface for managing TP-Link Archer AX21 (AX1800 routers allows a hacker to execute arbitrary commands with root privileges.
The vulnerability in the web interface for managing TP-Link Archer AX21 AX1800 routers is related to the lack of measures taken to clean data at the management level when processing a symbolic link /cgi-bin/luci/stok=/locale. Exploiting this vulnerability allows an attacker to execute arbitrary...
CVE-2023-28503
Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from an authentication bypass vulnerability, where a special username with a deterministic password can be leveraged to bypass authentication checks and execute ...
CVE-2023-28503 Authentication bypass in UniRPC's udadmin service
Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from an authentication bypass vulnerability, where a special username with a deterministic password can be leveraged to bypass authentication checks and execute ...
Rocket Software UniData 和 UniVerse 授权问题漏洞
Rocket Software UniVerse and Rocket Software UniData are both products of Rocket Software, Inc. Rocket Software UniVerse is a suite of database management and support software now owned by Rocket Software. Software UniData is a MultiValue application platform. Rocket Software UniData is a...
The vulnerability of the microprogrammed software of D-Link DIR-820L A1 allows a hacker to execute arbitrary commands.
The vulnerability of D-Link DIR-820L A1 microprogrammed router software is related to insufficient checking of arguments passed in commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands on behalf of the root user in the target system...
The vulnerability of the SetVirtualServerSettings function in D-Link DIR-867 router microprogramming software allows a hacker to execute arbitrary commands in the device’s operating system under the identity of the root user.
The vulnerability of the SetVirtualServerSettings function in D-Link DIR-867 router microprogramming software is related to the possibility of executing commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands on the device’s operating system under the identi...
CoreDial sipXcom sipXopenfire 参数注入漏洞
CoreDial sipXcom sipXopenfire is a telecommunications application from CoreDial, Inc. A parameter injection vulnerability exists in CoreDial sipXcom sipXopenfire version 21.04 and earlier, which stems from the presence of operating system command parameter injection that can be exploited by an...
CVE-2023-23294
Korenix JetWave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection. An attacker can modify the filename parameter to execute commands as root...
Korenix Technology Korenix JetWave 命令注入漏洞
Korenix Technology Korenix JetWave is a family of wireless access points from Korenix Technology. A security vulnerability exists in Korenix Technology Korenix JetWave 4200 Series version 1.3.0, JetWave 3000 Series version 1.6.0. An attacker can exploit the vulnerability to execute commands as ro...
SUSE CVE-2017-10700
In the medialibrary component in QNAP NAS 4.3.3.0229, an un-authenticated, remote attacker can execute arbitrary system commands as the root user of the NAS application...