ReportizFlow
Filtered by vendor
Subscriptions
Total
5750 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-8131 | 1 Dlink | 40 Dnr-202l, Dnr-202l Firmware, Dnr-322l and 37 more | 2024-08-27 | 6.3 Medium |
| A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814 and classified as critical. Affected by this issue is the function module_enable_disable of the file /cgi-bin/apkg_mgr.cgi of the component HTTP POST Request Handler. The manipulation of the argument f_module_name leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced. | ||||
| CVE-2024-8130 | 2 D-link, Dlink | 60 Dnr-202l, Dnr-322l, Dnr-326 and 57 more | 2024-08-27 | 6.3 Medium |
| A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814 and classified as critical. Affected by this vulnerability is the function cgi_s3 of the file /cgi-bin/s3.cgi of the component HTTP POST Request Handler. The manipulation of the argument f_a_key leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced. | ||||
| CVE-2024-8129 | 1 Dlink | 40 Dnr-202l, Dnr-202l Firmware, Dnr-322l and 37 more | 2024-08-27 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. Affected is the function cgi_s3_modify of the file /cgi-bin/s3.cgi of the component HTTP POST Request Handler. The manipulation of the argument f_job_name leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced. | ||||
| CVE-2024-8128 | 1 Dlink | 40 Dnr-202l, Dnr-202l Firmware, Dnr-322l and 37 more | 2024-08-27 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. This issue affects the function cgi_add_zip of the file /cgi-bin/webfile_mgr.cgi of the component HTTP POST Request Handler. The manipulation of the argument path leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced. | ||||
| CVE-2024-8127 | 1 Dlink | 40 Dnr-202l, Dnr-202l Firmware, Dnr-322l and 37 more | 2024-08-27 | 6.3 Medium |
| A vulnerability classified as critical was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. This vulnerability affects the function cgi_unzip of the file /cgi-bin/webfile_mgr.cgi of the component HTTP POST Request Handler. The manipulation of the argument path leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced. | ||||
| CVE-2020-11847 | 2 Microfocus, Opentext | 2 Netiq Privileged Access Manager, Privileged Access Manager | 2024-08-23 | 8.2 High |
| SSH authenticated user when access the PAM server can execute an OS command to gain the full system access using bash. This issue affects Privileged Access Manager before 3.7.0.1. | ||||
| CVE-2024-7580 | 1 Alientechnology | 2 Alr-f800, Alr-f800 Firmware | 2024-08-22 | 6.3 Medium |
| A vulnerability was found in Alien Technology ALR-F800 up to 19.10.24.00. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/system.html. The manipulation of the argument uploadedFile with the input ;whoami leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2022-27486 | 1 Fortinet | 2 Fortiddos, Fortiddos-f | 2024-08-22 | 5.9 Medium |
| A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiDDoS version 5.5.0 through 5.5.1, 5.4.2 through 5.4.0, 5.3.0 through 5.3.1, 5.2.0, 5.1.0, 5.0.0, 4.7.0, 4.6.0 and 4.5.0 and FortiDDoS-F version 6.3.0 through 6.3.1, 6.2.0 through 6.2.2, 6.1.0 through 6.1.4 allows an authenticated attacker to execute shell code as `root` via `execute` CLI commands. | ||||
| CVE-2024-42633 | 1 Linksys | 2 E1500, E1500 Firmware | 2024-08-20 | 8 High |
| A Command Injection vulnerability exists in the do_upgrade_post function of the httpd binary in Linksys E1500 v1.0.06.001. As a result, an authenticated attacker can execute OS commands with root privileges. | ||||
| CVE-2024-38887 | 1 Horizoncloud | 1 Caterease | 2024-08-20 | 9.8 Critical |
| An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to expand control over the operating system from the database due to the execution of commands with unnecessary privileges. | ||||
| CVE-2024-39228 | 1 Gl-inet | 57 A1300, A1300 Firmware, Ap1300 and 54 more | 2024-08-15 | 9.8 Critical |
| GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a shell injection vulnerability via the interface check_ovpn_client_config and check_config. | ||||
| CVE-2024-42744 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-08-15 | 8.8 High |
| In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setModifyVpnUser. Authenticated Attackers can send malicious packet to execute arbitrary commands. | ||||
| CVE-2024-42738 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-08-14 | 8.8 High |
| In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setDmzCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands. | ||||
| CVE-2024-42739 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-08-14 | 8.8 High |
| In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setAccessDeviceCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands. | ||||
| CVE-2024-39091 | 1 Annke | 2 Crater 2, Crater 2 Firmware | 2024-08-14 | 8.8 High |
| An OS command injection vulnerability in the ccm_debug component of MIPC Camera firmware prior to v5.4.1.240424171021 allows attackers within the same network to execute arbitrary code via a crafted HTML request. | ||||
| CVE-2024-42742 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-08-13 | 8.8 High |
| In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUrlFilterRules. Authenticated Attackers can send malicious packet to execute arbitrary commands. | ||||
| CVE-2024-42743 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-08-13 | 8.8 High |
| In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setSyslogCfg . Authenticated Attackers can send malicious packet to execute arbitrary commands. | ||||
| CVE-2024-42737 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-08-13 | 9.8 Critical |
| In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in delBlacklist. Authenticated Attackers can send malicious packet to execute arbitrary commands. | ||||
| CVE-2024-6917 | 1 Veribase | 2 Order Management, Veribase Order Management | 2024-08-13 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Veribilim Software Veribase Order Management allows OS Command Injection.This issue affects Veribase Order Management: before v4.010.2. | ||||
| CVE-2024-42747 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-08-13 | 7.3 High |
| In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWanIeCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands. | ||||