CVE-2023-49695

OS command injection vulnerability in WRC-X3000GSN v1.0.2, WRC-X3000GS v1.0.24 and earlier, and WRC-X3000GSA v1.0.24 and earlier allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command by sending a specially crafted request to the product...

Input validation

The improper neutralization of special elements in the CGI program of the Zyxel NAS326 firmware version V5.21AAZF.14C0 and NAS542 firmware version V5.21ABAG.11C0 could allow an authenticated attacker to execute some operating system OS commands by sending a crafted URL to a vulnerable device...

Multiple vulnerabilities in CubeCart

Overview CubeCart provided by CubeCart Limited contains multiple vulnerabilities listed below. Cross-site request forgery CWE-352 - CVE-2023-38130 Directory traversal CWE-22 - CVE-2023-42428 Directory traversal CWE-22 - CVE-2023-47283 OS command injection CWE-78 - CVE-2023-47675 Gen Sato of Mitsu...

PT-2023-29948 · Netmodule · Netmodule Router

Name of the Vulnerable Software and Affected Versions: NetModule Router Software versions 4.6 through 4.6.0.105 NetModule Router Software versions 4.8 through 4.8.0.100 Description: The web administration interface in NetModule Router Software executes an OS command, potentially leading to remote...

CVE-2023-30805 Sangfor Next-Gen Application Firewall Login Un Param Command Injection

The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /LogInOut.php endpoint. This is due to mishandling ...

Fortinet FortiManager and FortiAnalyzer and FortiADC Operating System Command Injection Vulnerability

Fortinet FortiManager and others are products of Fortinet, Inc.Fortinet FortiManager is a centralized network security management platform.Fortinet FortiAnalyzer is a centralized network security reporting solution.Fortinet FortiADC is an application delivery controller. Fortinet FortiADC is an...

Fortinet FortiWLM Operating System Command Injection Vulnerability

Fortinet FortiWLM is a wireless manager from Fortinet. A security vulnerability exists in Fortinet FortiWLM that stems from the presence of an operating system command injection vulnerability. The vulnerability allows an attacker to execute unauthorized code or commands via specially crafted http...

High-Severity Flaws in ConnectedIO's 3G/4G Routers Raise Concerns for IoT Security

Multiple high-severity security vulnerabilities have been disclosed in ConnectedIO's ER2000 edge routers and the cloud-based management platform that could be exploited by malicious actors to execute malicious code and access sensitive data. "An attacker could have leveraged these flaws to fully...

CVE-2023-43069

Dell SmartFabric Storage Software v1.4 and earlier contains an OS Command Injection Vulnerability in the CLI. An authenticated local attacker could potentially exploit this vulnerability, leading to possible injection of parameters to curl or docker...

CVE-2022-47555 Improper Neutralization of Special Elements in Ormazabal products

Operating system command injection in ekorCCP and ekorRCI, which could allow an authenticated attacker to execute commands, create new users with elevated privileges or set up a backdoor...

CVE-2023-41331

SOFARPC is a Java RPC framework. Versions prior to 5.11.0 are vulnerable to remote command execution. Through a carefully crafted payload, an attacker can achieve JNDI injection or system command execution. In the default configuration of the SOFARPC framework, a blacklist is used to filter out...

Deserialization of untrusted data

SOFARPC is a Java RPC framework. Versions prior to 5.11.0 are vulnerable to remote command execution. Through a carefully crafted payload, an attacker can achieve JNDI injection or system command execution. In the default configuration of the SOFARPC framework, a blacklist is used to filter out...

CVE-2023-41331 SOFARPC Remote Command Execution (RCE) Vulnerability

SOFARPC is a Java RPC framework. Versions prior to 5.11.0 are vulnerable to remote command execution. Through a carefully crafted payload, an attacker can achieve JNDI injection or system command execution. In the default configuration of the SOFARPC framework, a blacklist is used to filter out...

CVE-2023-41331

Summary: CVE-2023-41331 affects SOFARPC, a Java RPC framework. Versions before 5.11.0 are vulnerable to remote command execution via deserialization, enabling JNDI injection or system command execution through crafted payloads. The default blacklist for dangerous classes is incomplete, allowing g...

CVE-2023-41331 SOFARPC Remote Command Execution (RCE) Vulnerability

SOFARPC is a Java RPC framework. Versions prior to 5.11.0 are vulnerable to remote command execution. Through a carefully crafted payload, an attacker can achieve JNDI injection or system command execution. In the default configuration of the SOFARPC framework, a blacklist is used to filter out...

CVE-2023-41331 SOFARPC Remote Command Execution (RCE) Vulnerability

SOFARPC is a Java RPC framework. Versions prior to 5.11.0 are vulnerable to remote command execution. Through a carefully crafted payload, an attacker can achieve JNDI injection or system command execution. In the default configuration of the SOFARPC framework, a blacklist is used to filter out...

PT-2023-27908 · Sofarpc · Sofarpc

Name of the Vulnerable Software and Affected Versions: SOFARPC versions prior to 5.11.0 Description: SOFARPC is a Java RPC framework. Through a carefully crafted payload, an attacker can achieve JNDI injection or system command execution. The default configuration of the SOFARPC framework uses a...

PT-2023-4734 · Totolink · Totolink N200Re V5

Name of the Vulnerable Software and Affected Versions: TOTOLINK N200RE V5 version 9.3.5u.6437 B20230519 Description: The issue is related to the Validity check function in the TOTOLINK N200RE V5 router's firmware. It involves the use of uncontrolled format strings when processing the % symbol,...

TOTOLINK EX1200L 操作系统命令注入漏洞

The TOTOLINK EX1200L is a wireless repeater from China's Gion Electronics TOTOLINK. An operating system command injection vulnerability exists in the TOTOLINK EX1200L ENV9.3.5u.6146B20201023 version, which stems from the setWanCfg function that could lead to a system command injection vulnerabili...

CVE-2023-32232

An issue was discovered in Vasion PrinterLogic Client for Windows before 25.0.0.836. During client installation and repair, a PrinterLogic binary is called by the installer to configure the device. This window is not hidden, and is running with elevated privileges. A standard user can break out o...