Page 2 of 7 results (0.009 seconds)

CVSS: 9.0EPSS: 17%CPEs: 1EXPL: 5

Command injection vulnerability in networking of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands. Vulnerabilidad de inyección de comandos en networking en QNAP Q'center Virtual Appliance en versiones 1.7.1063 y anteriores podría permitir que usuarios autenticados ejecuten comandos arbitrarios. QNAP Qcenter Virtual Appliance versions 1.6.1056 (20170825) and 1.6.1075 (20171123) suffer from information disclosure and command injection vulnerabilities. • https://www.exploit-db.com/exploits/45015 http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html http://seclists.org/fulldisclosure/2018/Jul/45 https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities https://www.qnap.com/zh-tw/security-advisory/nas-201807-10 https://www.securityfocus.com/archive/1/542141/100/0/threaded • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 9.0EPSS: 8%CPEs: 1EXPL: 5

Command injection vulnerability in SSH of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands. Vulnerabilidad de inyección de comandos en SSH en QNAP Q'center Virtual Appliance en versiones 1.7.1063 y anteriores podría permitir que usuarios autenticados ejecuten comandos arbitrarios. QNAP Qcenter Virtual Appliance versions 1.6.1056 (20170825) and 1.6.1075 (20171123) suffer from information disclosure and command injection vulnerabilities. • https://www.exploit-db.com/exploits/45015 http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html http://seclists.org/fulldisclosure/2018/Jul/45 https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities https://www.qnap.com/zh-tw/security-advisory/nas-201807-10 https://www.securityfocus.com/archive/1/542141/100/0/threaded • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •