CVE-2024-45695

The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device...

PT-2024-31513

Name of the Vulnerable Software and Affected Versions BYOB affected versions not specified Description The issue concerns unauthenticated remote code execution on BYOB via arbitrary file write. A research paper was written on this topic, but there was an incident involving the theft of this...

CVE-2024-42393

There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise...

Cloud Software Group Security Advisory for CVE-2024-6387

Advisory for 3rd party CVE-2024-6387 Cloud Software Group is aware of the vulnerability CVE-2024-6387 impacting OpenSSH. Qualys has discovered a remote unauthenticated code execution vulnerability in OpenSSH’s server sshd in glibc-based Linux systems. Because this vulnerability is a regression of...

Exploit for Race Condition in Openbsd Openssh

CVE-2024-6387 - PoC...

regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server

The Qualys Threat Research Unit TRU has discovered a Remote Unauthenticated Code Execution RCE vulnerability in OpenSSH’s server sshd in glibc-based Linux systems. CVE assigned to this vulnerability is CVE-2024-6387. The vulnerability, which is a signal handler race condition in OpenSSHs server...

PT-2024-25535 · Axiros · Axess Auto Configuration Server

Name of the Vulnerable Software and Affected Versions: Axiros AXESS Auto Configuration Server ACS versions 4.x through 5.0.0 Description: The issue is related to Incorrect Access Control, allowing an authorization bypass that enables remote attackers to achieve unauthenticated remote code...

D-Link DIR-2150 安全漏洞

The D-Link DIR-2150 is a wireless router from China-based AUO D-Link. The D-Link DIR-2150 suffers from a code execution vulnerability that stems from an application failing to properly filter special elements that construct code segments. An unauthenticated attacker could exploit the vulnerabilit...

CVE-2024-31473

There is a command injection vulnerability in the underlying deauthentication service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI Aruba's Access Point management protocol UDP port 8211. Successful exploitation of this...

CVE-2023-51590

Voltronic Power ViewPower Pro UpLoadAction Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability. T...

CVE-2023-41215

D-Link DAP-2622 DDP Set Date-Time Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The...

Aruba Networks ArubaOS 安全漏洞

Aruba Networks ArubaOS is an operating system for Aruba Mobility-Defined Networks, including Mobility Controllers and Mobility Access Switches, from Aruba Networks, USA. A security vulnerability exists in Aruba Networks ArubaOS that originates from a buffer overflow in the underlying L2/L3...

Aruba Networks ArubaOS 安全漏洞

Aruba Networks ArubaOS is an operating system for Aruba Mobility-Defined Networks, including Mobility Controllers and Mobility Access Switches, from Aruba Networks, Inc. A security vulnerability exists in Aruba Networks ArubaOS that stems from a buffer overflow in the underlying Utility daemon th...

PT-2024-25285 · Aruba · Aruba Access Point

Name of the Vulnerable Software and Affected Versions: Aruba access points affected versions not specified Description: There is a buffer overflow vulnerability in the underlying Automatic Reporting service that could lead to unauthenticated remote code execution by sending specially crafted...

CVE-2024-0740

Eclipse Target Management: Terminal and Remote System Explorer RSE version = 4.5.400 has a remote code execution vulnerability that does not require authentication. The fixed version is included in Eclipse IDE 2024-03...

PT-2024-22874 · D Link · D-Link Dir-845L

Name of the Vulnerable Software and Affected Versions: D-Link DIR-845L router version 1.01KRb03 and earlier Description: The issue is related to an Unauthenticated remote code execution vulnerability in the cgibin binary via the soapcgi main function. This allows for remote code execution without...

Apache Solr Security Vulnerability

Apache Solr is the United States Apache Apache Foundation of a search server based on Lucene a full-text search engine. The product supports level search , vertical search , highlighting search results and so on. A security vulnerability exists in Apache Solr versions 6.0.0 through 8.11.2 and 9.0...

CVE-2024-20253

A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory...

CVE-2022-1609

The School Management WordPress plugin before 9.9.7 contains an obfuscated backdoor injected in it's license checking code that registers a REST API handler, allowing an unauthenticated attacker to execute arbitrary PHP code on the site...

Apache DolphinScheduler Input Validation Error Vulnerability (CNVD-2024-27495)

Apache DolphinScheduler is a distributed DAG visualization-based workflow task scheduling system from the Apache Apache Foundation in the United States. A security vulnerability exists in Apache DolphinScheduler 3.1.9 and earlier versions, which can be exploited by an unauthenticated attacker to...