152 matches found
CVE-2021-26727 spx_restservice SubNet_handler_func Multiple Command Injections and Stack-Based Buffer Overflows
Multiple command injections and stack-based buffer overflows vulnerabilities in the SubNethandlerfunc function of spxrestservice allow an attacker to execute arbitrary code with the same privileges as the server user root. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10...
Mageia: Security Advisory (MGASA-2020-0060)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Scarce-Apache2 - A Framework For Bug Hunting Or Pentesting Targeting Websites That Have CVE-2021-41773 Vulnerability In Public
This tool can scan websites with CVE-2021-41773 Vulnerability that are affecting Apache2 Webserver, ScaRCE can run too for executing Remote Command Injections at the webservers that found from the scanning method Only if the MODCGI is Enabled at the targeted webserver. This tool works with the...
CVE-2019-14719
Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow multiple arbitrary command injections, as demonstrated by the file manager...
CVE-2019-14719
Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow multiple arbitrary command injections, as demonstrated by the file manager...
CVE-2019-14719
CVE-2019-14719 affects Verifone MX900 series Pinpad Payment Terminals running OS 30251000, where the file manager enables multiple arbitrary command injections due to the underlying issue described in the CVE. The vulnerability is documented with local attack vector and high impact on confidentia...
CVE-2019-14719
Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow multiple arbitrary command injections, as demonstrated by the file manager...
CVE-2020-12503
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT all versions and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to...
CVE-2020-12503
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT all versions and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to...
Authorization
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT all versions and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to...
CVE-2020-12503 Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT all versions and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to...
CVE-2019-11853 ALEOS AT Command Injections
Several potential command injections vulnerabilities exist in the AT command interface of ALEOS before 4.11.0, and 4.9.4...
CVE-2020-14081
TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action sendlogemail with the key authacname or authpasswd, allowing an authenticated user to run arbitrary commands on the device...
CVE-2020-14075
TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action pppoeconnect, rupppoeconnect, or dhcpconnect with the key wanifname or wan0dns, allowing an authenticated user to run arbitrary commands on the device...
CVE-2020-14075
Summary (CVE-2020-14075) TRENDnet TEW-827DRU routers (firmware up to 2.06B04) have a command-injection vulnerability in apply.cgi. The flaw is triggered by the actions pppoe_connect, ru_pppoe_connect, or dhcp_connect using the key wan_ifname (or wan0_dns), enabling an authenticated user to execut...
CVE-2020-14075
TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action pppoeconnect, rupppoeconnect, or dhcpconnect with the key wanifname or wan0dns, allowing an authenticated user to run arbitrary commands on the device...
CVE-2020-14081
TRENDnet TEW-827DRU routers (firmware up to 2.06B04) contain a command injection in apply.cgi via the action send_log_email using the auth_acname or auth_passwd parameter. An authenticated user can execute arbitrary commands on the device. The affected component is the apply.cgi handling in TEW-8...
CVE-2019-14905
A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxosfilecopy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS...
CVE-2019-14905
A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxosfilecopy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS...
CVE-2019-14905
A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxosfilecopy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS...