Input validation

An issue was discovered in libremotedbg.so on TRENDnet TV-IP1314PI 5.5.3 200714 devices. Filtering of debug information is mishandled during use of popen. Consequently, an attacker can bypass validation and execute a shell command...

CVE-2023-49235

The CVE-2023-49235 entry affects TRENDnet TV-IP1314PI devices (firmware 5.5.3 200714) via libremote_dbg.so. The root cause is mishandled filtering of debug information during use of popen, which can allow an attacker to bypass validation and execute a shell command. Red Hat/NVD entries corroborat...

TRENDnet TV-IP1314PI Security Vulnerability

The TRENDnet TV-IP1314PI is a wireless network camera from TRENDnet. A security vulnerability exists in TRENDnet TV-IP1314PI version 5.5.3 200714, which stems from a security issue in libremotedbg.so, which incorrectly filters debugging information during popen use, and can be exploited by an...

PT-2024-13704 · Trendnet · Trendnet Tv-Ip1314Pi

Name of the Vulnerable Software and Affected Versions: TRENDnet TV-IP1314PI version 5.5.3 200714 Description: An issue was discovered in libremote dbg.so where filtering of debug information is mishandled during use of popen. Consequently, an attacker can bypass validation and execute a shell...

CVE-2023-49235

An issue was discovered in libremotedbg.so on TRENDnet TV-IP1314PI 5.5.3 200714 devices. Filtering of debug information is mishandled during use of popen. Consequently, an attacker can bypass validation and execute a shell command...

CVE-2023-49235

An issue was discovered in libremotedbg.so on TRENDnet TV-IP1314PI 5.5.3 200714 devices. Filtering of debug information is mishandled during use of popen. Consequently, an attacker can bypass validation and execute a shell command...

NewStart CGSL MAIN 5.04 : openssl Vulnerability (NS-SA-2023-0069)

The remote NewStart CGSL host, running version MAIN 5.04, has openssl packages installed that are affected by a vulnerability: - In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not properly sanitise shell...

NewStart CGSL MAIN 6.02 : openssl Multiple Vulnerabilities (NS-SA-2023-0074)

The remote NewStart CGSL host, running version MAIN 6.02, has openssl packages installed that are affected by multiple vulnerabilities: - In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not properly sanitise shell...

DEBIAN-CVE-2023-32728

The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulnerability for remote code execution...

CVE-2023-32728 Code injection in zabbix_agent2 smart.disk.get caused by smartctl plugin

The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulnerability for remote code execution...

CVE-2023-32728

The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulnerability for remote code execution...

CVE-2023-46456

In GL.iNET GL-AR300M routers with firmware 3.216 it is possible to inject arbitrary shell commands through the OpenVPN client file upload functionality...

CVE-2023-46454

In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality...

CVE-2023-46454

In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality...

CVE-2023-46454

In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality...

Design/Logic Flaw

In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality...

CVE-2023-46456

GL.iNET GL-AR300M (firmware 3.216) is affected by CVE-2023-46456, where the OpenVPN client file upload functionality can be abused to inject arbitrary shell commands, leading to remote code execution per multiple sources. The vulnerability affects the OpenVPN client file upload path; no official ...

PT-2023-30032 · Gl.Inet · Gl-Ar300M

Name of the Vulnerable Software and Affected Versions: GL.iNET GL-AR300M version 4.3.7 Description: The issue allows for the injection of arbitrary shell commands through a crafted package name in the package information functionality. This can potentially lead to unauthorized access and control ...

GHSA-HFXH-RJV7-2369 Uptime Kuma Authenticated remote code execution via TailscalePing

Summary The runTailscalePing method of the TailscalePing class injects the hostname parameter inside a shell command, leading to a command injection and the possibility to run arbitrary commands on the server. Details When adding a new monitor on Uptime Kuma, we can select the "Tailscale Ping"...

CVE-2023-40151

When user authentication is not enabled the shell can execute commands with the highest privileges. Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled UDR-A any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message comes over TCP/IP t...