306 matches found
D-Link G416 cfgsave Command Injection Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 wireless routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from...
D-Link G416 nodered File Handling Command Injection Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack...
(0Day) Voltronic Power ViewPower Pro selectDeviceListBy SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability. The specific flaw exists within the selectDeviceListBy method. The issue results from the lack of proper...
(0Day) Voltronic Power ViewPower Pro selectEventConfig SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability. The specific flaw exists within the selectEventConfig method. The issue results from the lack of proper...
(0Day) OpenAI ChatGPT Improper Input Validation Model Policy Bypass Vulnerability
This vulnerability allows remote attackers to bypass policy restictions on affected versions of OpenAI ChatGPT. Authentication is required to exploit this vulnerability. The specific flaw exists within the interface to the ChatGPT-Vision Data model. The issue results from the lack of proper...
SolarWinds Orion Platform VimChartInfo SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the VimChartInfo class. The issue results from the lack of proper validation of a...
NETGEAR ProSAFE Network Management System clearAlertByIds SQL Injection Privilege Escalation Vulnerability
This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability. The specific flaw exists within the clearAlertByIds function. The issue results from the lack of prop...
Adobe RoboHelp Server resolveDistinguishedName LDAP Injection Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe RoboHelp Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the resolveDistinguishedName method. The issue results from the lack of...
Adobe RoboHelp Server GetNewUserId SQL Injection Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe RoboHelp Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the GetNewUserId method. The issue results from the lack of proper...
Cacti graph_view SQL Injection Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication or escalate privileges on affected installations of Cacti. Authentication is required to exploit this vulnerability when the product is in its default configuration. The specific flaw exists within the graphview endpoint. The iss...
ManageEngine ADManager Plus installServiceWithCredentials Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of ManageEngine ADManager Plus. Authentication is required to exploit this vulnerability. The specific flaw exists within the installServiceWithCredentials function. The issue results from the lack of...
(Pwn2Own) HP Color LaserJet Pro M479fdw NotifyTo Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of HP Color LaserJet Pro M479fdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the NotifyTo element. The issue results from th...
Progress Software MOVEit Transfer UserProcessPassChangeRequest SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software MOVEit Transfer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the human.aspx endpoint. A crafted request can trigger execution of SQ...
VMware Aria Operations for Networks exportPDF Code Injection Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of VMware Aria Operations for Networks. Authentication is required to exploit this vulnerability. The specific flaw exists within the exportPDF method. The issue results from the lack of proper...
Trend Micro Apex Central modTMMS SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of setcertificatesconfig requests to the modTMMS endpoint. When...
Trend Micro Apex Central modTMMS SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of deletecertvec requests to the modTMMS endpoint. When parsing the ...
(Pwn2Own) Lexmark MC3224i fax_change_faxtrace_setting Command Injection Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark MC3224i printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the faxchangefaxtracesettings script. The issue results from the lack...
D-Link DIR-2150 SetSysEmailSettings EmailTo Command Injection Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SOAP A...
D-Link DIR-2150 SetNTPServerSettings Command Injection Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SOAP A...
(Pwn2Own) NETGEAR RAX30 SOAP Request SQL Injection Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of specific SOAP requests. The issue results from the lack ...