#CommandInjection – Page 4

QNAP warns of critical command injection flaws in QTS OS, apps

November 6, 2023 by Xynik

November 6, 2023 at 07:52AM QNAP Systems has issued security advisories regarding two critical command injection vulnerabilities in its QTS operating system and applications for network-attached storage (NAS) devices. The flaws, tracked as CVE-2023-23368 and CVE-2023-23369, can be exploited remotely by attackers. Multiple QTS versions are affected, but fixes are available for download. Admins are … Read more

Critical, Unpatched Cisco Zero-Day Bug Is Under Active Exploit

October 16, 2023 by Xynik

October 16, 2023 at 04:52PM Cisco has disclosed a critical zero-day vulnerability in the Web User Interface of its IOS XE operating system. The flaw, assigned as CVE-2023-20198, affects all Cisco IOS XE devices with the Web UI feature enabled and allows attackers to create an account with complete device control. Cisco advises customers to … Read more