24 matches found
EUVD-2020-7415
Malware in sbrugna...
EUVD-2025-16093
Malicious code in bioql PyPI...
(Pwn2Own) Phoenix Contact CHARX SEC-3150 DHCP Configuration Command Injection Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Phoenix Contact CHARX SEC-3150 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration service, which listens on TCP port 50...
Hewlett Packard Enterprise StoreOnce VSA setLocateBeaconOnHardware Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise StoreOnce VSA. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...
CVE-2025-3882
The CVE-2025-3882 issue affects eCharge Hardy Barth cPH2 and is triggered in the nwcheckexec.php endpoint by unsafely handling the dest parameter. The flaw arises from insufficient validation of a user-supplied string before it is used to execute a system call, enabling arbitrary code execution w...
CVE-2024-54805
Netgear WNR854T 1.5.2 North America is vulnerable to Command Injection. An attacker can send a specially crafted request to post.cgi, updating the nvram parameter getemail. After which, they can visit the sendlog.cgi endpoint which uses the parameter in a system call to achieve command execution...
CVE-2024-23971 ChargePoint Home Flex OCPP bswitch Command Injection
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of OCPP messages. The issue results from...
CVE-2024-12828 Webmin CGI Command Injection Remote Code Execution Vulnerability
Webmin CGI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Webmin. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of CGI requests. The...
CVE-2023-41192
CVE-2023-41192 affects D-Link DAP-1325 (HNAP1 SOAP endpoint) with a SetAPLanSettings/PrimaryDNS input handling flaw that allows remote code execution as root. The issue stems from insufficient validation of a user-supplied string used in a system call, enabling network-adjacent attackers to execu...
CVE-2022-43626
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...
CVE-2022-43624
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...
CVE-2022-43628
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...
Design/Logic Flaw
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...
CVE-2022-43626
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...
CVE-2022-43643
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-825 1.0.9/EE routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Generic plugin for the xupnpd service, which listens on TC...
CVE-2022-43628
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...
CVE-2022-43629
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...
CVE-2022-43642
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-825 1.0.9/EE routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the YouTube plugin for the xupnpd service, which listens on TC...
Cacti poll_for_data Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cacti. Authentication is not required to exploit this vulnerability. The specific flaw exists within the pollfordata function. The issue results from the lack of proper validation of a user-supplied...
Microsoft Azure Defender for IoT Password Change Command Injection Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Azure Defender for IoT. An attacker must first obtain the ability to execute code as the www-data user on the target system in order to exploit this vulnerability. The specific flaw exists with...