CVE-2020-22000

HomeAutomation 3.3.2 suffers from an authenticated OS command execution vulnerability using custom command v0.1 plugin. This can be exploited with a CSRF vulnerability to execute arbitrary shell commands as the web user via the 'setcommandon' and 'setcommandoff' POST parameters in...

Subreddit Home Automation 操作系统命令注入漏洞

Subreddit Home Automation is an automation device for the Subreddit community. An automated electric light. A security vulnerability exists in Subreddit Home Automation 3.3.2, which stems from authenticated OS command execution in the custom command v0.1 plugin...

CVE-2021-22987

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3 when running in Appliance mode, the Traffic Management User Interface TMUI, also referred to as the Configuration utility, has an...

CVE-2021-22990

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, on systems with Advanced WAF or BIG-IP ASM provisioned, the Traffic Management User Interface TMUI, also referred to as the...

ManageEngine AssetExplorer Authenticated Command Execution

XL-2020-004 - Asset Explorer Windows & Linux - Authenticated Command Execution =============================================================================== Identifiers ------------------------------------------------- CVE-2019-19034 XL-20-004 CVSSv3 score...

TrixBox CE 2.8.0.4 Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'TrixBox CE endpointdevicemap.php Authenticated Command Execution', 'Description' = %q This module exploits an authenticated OS command injection...

TrixBox CE endpoint_devicemap.php Authenticated Command Execution

This module exploits an authenticated OS command injection vulnerability found in Trixbox CE version 1.2.0 to 2.8.0.4 inclusive in the "network" POST parameter of the "/maint/modules/endpointcfg/endpointdevicemap.php" page. Successful exploitation allows for arbitrary command execution on the...

CVE-2019-9859

Vesta Control Panel VestaCP 0.9.7 through 0.9.8-23 is vulnerable to an authenticated command execution that can result in remote root access on the server. The platform works with PHP as the frontend language and uses shell scripts to execute system actions. PHP executes shell script through the...

Design/Logic Flaw

Vesta Control Panel VestaCP 0.9.7 through 0.9.8-23 is vulnerable to an authenticated command execution that can result in remote root access on the server. The platform works with PHP as the frontend language and uses shell scripts to execute system actions. PHP executes shell script through the...

CVE-2019-9859

Vesta Control Panel VestaCP 0.9.7 through 0.9.8-23 is vulnerable to an authenticated command execution that can result in remote root access on the server. The platform works with PHP as the frontend language and uses shell scripts to execute system actions. PHP executes shell script through the...

CVE-2019-19509

An issue was discovered in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a GET request to ajaxArchiveFiles.php because the path parameter is passed to the exec function without filtering, which can lead to command execution...

Kaspersky Anti-Virus for Linux File Server Cross-Site Request Forgery Vulnerability

Kaspersky Anti-Virus for Linux File Server is designed to provide antivirus protection for file servers running under the Linux operating system. A cross-site request forgery vulnerability exists in Kaspersky Anti-Virus for Linux File Server. This allows an attacker to submit authenticated reques...

acmailer vulnerable to OS command injection

Overview acmailer provided by Seeds Co.,Ltd. contains an OS command injection vulnerability CWE-78. Kazuhiro Shibuta of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...

Xloner v3.1.2 wordpress plugin authenticated command execution and XSS

This advisory is in addition to the one I filed in November http://www.openwall.com/lists/oss-security/2014/11/06/1 that had the following CVEs assigned CVE-2014-8603 CVE-2014-8604 CVE-2014-8605 CVE-2014-8606 CVE-2014-8607, advisory http://www.vapid.dhs.org/advisory.php?v=110. Title: Xloner v3.1....

WordPress Xloner 3.1.2 XSS / Command Execution Vulnerabilities

WordPress Xloner plugin version 3.1.2 suffers from command execution and cross site scripting vulnerabilities. Title: Xloner v3.1.2 wordpress plugin authenticated command execution and XSS Author: Larry W. Cashdollar, @larry0 Date: 2015-05-10 Download Site:...

Wing FTP Server Authenticated Command Execution

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote include Msf::Exploit::CmdStager include Msf::Exploit::Remote::HttpClient def...

Symantec Web Gateway 5.0.28 LFI / Code Execution

Software: Symantec Web Gateway Current Software Version: 5.0.2.8 Product homepage: www.symantec.com Author: S2 Crew Hungary CVE: CVE-2012-0297, CVE-2012-0298, ??? File include: https://192.168.82.207/spywall/previewProxyError.php?err=../../../../../../../../etc/passwd File include and OS command...