Filtered by vendor
Subscriptions
Total
2165 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-39001 | 1 Opnsense | 1 Opnsense | 2024-11-21 | 9.8 Critical |
A command injection vulnerability in the component diag_backup.php of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary commands via a crafted backup configuration file. | ||||
CVE-2023-38942 | 1 Dango | 1 Dango-translator | 2024-11-21 | 9.8 Critical |
Dango-Translator v4.5.5 was discovered to contain a remote command execution (RCE) vulnerability via the component app/config/cloud_config.json. | ||||
CVE-2023-38941 | 1 Ehco1996 | 1 Django-sspanel | 2024-11-21 | 9.8 Critical |
django-sspanel v2022.2.2 was discovered to contain a remote command execution (RCE) vulnerability via the component sspanel/admin_view.py -> GoodsCreateView._post. | ||||
CVE-2023-38928 | 1 Netgear | 2 R7100lg, R7100lg Firmware | 2024-11-21 | 9.8 Critical |
Netgear R7100LG 1.0.0.78 was discovered to contain a command injection vulnerability via the password parameter at usb_remote_invite.cgi. | ||||
CVE-2023-38921 | 1 Netgear | 4 Wag302v2, Wag302v2 Firmware, Wg302v2 and 1 more | 2024-11-21 | 8.8 High |
Netgear WG302v2 v5.2.9 and WAG302v2 v5.1.19 were discovered to contain multiple command injection vulnerabilities in the upgrade_handler function via the firmwareRestore and firmwareServerip parameters. | ||||
CVE-2023-38902 | 1 Ruijie | 197 Nbc Series Wireless Controllers, Rg-eap101, Rg-eap101 Firmware and 194 more | 2024-11-21 | 8.8 High |
A command injection vulnerability in RG-EW series home routers and repeaters v.EW_3.0(1)B11P219, RG-NBS and RG-S1930 series switches v.SWITCH_3.0(1)B11P219, RG-EG series business VPN routers v.EG_3.0(1)B11P219, EAP and RAP series wireless access points v.AP_3.0(1)B11P219, and NBC series wireless controllers v.AC_3.0(1)B11P219 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /cgi-bin/luci/api/cmd via the remoteIp field. | ||||
CVE-2023-38866 | 1 Comfast | 2 Cf-xr11, Cf-xr11 Firmware | 2024-11-21 | 9.8 Critical |
COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub_415588. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter interface and display_name. | ||||
CVE-2023-38865 | 1 Comfast | 2 Cf-xr11, Cf-xr11 Firmware | 2024-11-21 | 9.8 Critical |
COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub_4143F0. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter timestr. | ||||
CVE-2023-38864 | 1 Comfast | 2 Cf-xr11, Cf-xr11 Firmware | 2024-11-21 | 9.8 Critical |
An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the protal_delete_picname parameter in the sub_41171C function at bin/webmgnt. | ||||
CVE-2023-38863 | 1 Comfast | 2 Cf-xr11, Cf-xr11 Firmware | 2024-11-21 | 9.8 Critical |
An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the ifname and mac parameters in the sub_410074 function at bin/webmgnt. | ||||
CVE-2023-38862 | 1 Comfast | 2 Cf-xr11, Cf-xr11 Firmware | 2024-11-21 | 9.8 Critical |
An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the destination parameter of sub_431F64 function in bin/webmgnt. | ||||
CVE-2023-38861 | 1 Wavlink | 3 Wl-wn575a3, Wl-wn575a3 Firmware, Wl Wnj575a3 | 2024-11-21 | 9.8 Critical |
An issue in Wavlink WL_WNJ575A3 v.R75A3_V1410_220513 allows a remote attacker to execute arbitrary code via username parameter of the set_sys_adm function in adm.cgi. | ||||
CVE-2023-38829 | 1 Netis-systems | 2 Wf2409e, Wf2409e Firmware | 2024-11-21 | 8.8 High |
An issue in NETIS SYSTEMS WF2409E v.3.6.42541 allows a remote attacker to execute arbitrary code via the ping and traceroute functions of the diagnostic tools component in the admin management interface. | ||||
CVE-2023-38690 | 2 Matrix, Matrix-org | 2 Matrix Irc Bridge, Matrix-appservice-irc | 2024-11-21 | 5.8 Medium |
matrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to version 1.0.1, it is possible to craft a command with newlines which would not be properly parsed. This would mean you could pass a string of commands as a channel name, which would then be run by the IRC bridge bot. Versions 1.0.1 and above are patched. There are no robust workarounds to the bug. One may disable dynamic channels in the config to disable the most common execution method but others may exist. | ||||
CVE-2023-38336 | 1 Netkit | 1 Netkit | 2024-11-21 | 9.8 Critical |
netkit-rcp in rsh-client 0.17-24 allows command injection via filenames because /bin/sh is used by susystem, a related issue to CVE-2006-0225, CVE-2019-7283, and CVE-2020-15778. | ||||
CVE-2023-38286 | 2 Codecentric, Thymeleaf | 2 Spring Boot Admin, Thymeleaf | 2024-11-21 | 7.5 High |
Thymeleaf through 3.1.1.RELEASE, as used in spring-boot-admin (aka Spring Boot Admin) through 3.1.1 and other products, allows sandbox bypass via crafted HTML. This may be relevant for SSTI (Server Side Template Injection) and code execution in spring-boot-admin if MailNotifier is enabled and there is write access to environment variables via the UI. | ||||
CVE-2023-38193 | 1 Superwebmailer | 1 Superwebmailer | 2024-11-21 | 8.8 High |
An issue was discovered in SuperWebMailer 9.00.0.01710. It allows Remote Code Execution via a crafted sendmail command line. | ||||
CVE-2023-38027 | 2 Myspotcam, Spotcam Co Ltd | 3 Sense, Sense Firmware, Spotcam Sense | 2024-11-21 | 9.8 Critical |
SpotCam Co., Ltd. SpotCam Sense’s hidden Telnet function has a vulnerability of OS command injection. An remote unauthenticated attacker can exploit this vulnerability to execute command injection attack to perform arbitrary system commands or disrupt service. | ||||
CVE-2023-37794 | 1 Wayos | 2 Fbm-291w, Fbm-291w Firmware | 2024-11-21 | 9.8 Critical |
WAYOS FBM-291W 19.09.11V was discovered to contain a command injection vulnerability via the component /upgrade_filter.asp. | ||||
CVE-2023-37679 | 1 Nextgen | 1 Mirth Connect | 2024-11-21 | 9.8 Critical |
A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting server. |