Code injection

DISPUTED An issue was discovered in SageMath Sage Cell Server through 2019-10-05. Python Code Injection can occur in the context of an internet facing web application. Malicious actors can execute arbitrary commands on the underlying operating system, as demonstrated by an...

CVE-2019-7670

Prima Systems FlexAir, Versions 2.3.38 and prior. The application incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component, which could allow attackers to execute commands directly on the operating system...

Gemalto Ezio Server Operating System Command Injection Vulnerability

Gemalto Ezio Server is an authentication server from Gemalto USA. An operating system command injection vulnerability exists in Gemalto Ezio Server versions prior to 3.1.0, which can be exploited by an attacker to execute illegal operating system commands...

CVE-2018-16194

Aterm WF1200CR and Aterm WG1200CR Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier allows authenticated attackers to execute arbitrary OS commands via unspecified vectors...

Mailcleaner Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Mailcleaner Remote Code Execution", 'Description' = %q This module exploits the command injection vulnerability of MailCleaner Community Edition...

Mailcleaner Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Mailcleaner Remote Code Execution", 'Description' = %q This module exploits the command injection vulnerability of MailCleaner Community Edition...

Mailcleaner Remote Code Execution

This module exploits the command injection vulnerability of MailCleaner Community Edition product. An authenticated user can execute an operating system command under the context of the web server user which is root. /admin/managetracing/search/search endpoint takes several user inputs and then...

PT-2018-1554 · Nordvpn · Nordvpn

Name of the Vulnerable Software and Affected Versions: NordVPN version 6.14.28.0 Description: The issue is caused by the failure to neutralize special elements used in an operating system command. Exploitation of this issue can allow an attacker to execute arbitrary commands or code with SYSTEM...

CVE-2018-3856

An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The device incorrectly handles spaces in the URL field, leading to an arbitrary operating system command injection. An attacker can send a series of...

CVE-2018-9276

An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administrator web console with administrative privileges can exploit an OS command injection vulnerability both on the server and on devices by sending malformed parameters in sensor or...

PT-2018-18954 · Paessler · Prtg Network Monitor

Name of the Vulnerable Software and Affected Versions: PRTG Network Monitor versions prior to 18.2.39 Description: An issue was discovered that allows an attacker with access to the PRTG System Administrator web console and administrative privileges to exploit an OS command injection vulnerabilit...

ManageEngine Application Manager Remote Code Execution Exploit

This Metasploit module exploits a command injection vulnerability in the ManageEngine Application Manager product. An unauthenticated user can execute an operating system command under the context of privileged user. The publicly accessible testCredential.do endpoint takes multiple user inputs an...

ManageEngine Applications Manager 13.5 - Remote Code Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ManageEngine Applications Manager Remote Code Execution", 'Description' = %q This module exploits command injection vulnerability in the...

ManageEngine Applications Manager Remote Code Execution

This module exploits command injection vulnerability in the ManageEngine Application Manager product. An unauthenticated user can execute a operating system command under the context of privileged user. Publicly accessible testCredential.do endpoint takes multiple user inputs and validates suppli...

The vulnerability of the ms.cgi (/swms/ms.cgi) script in the MRF Web Panel web application allows a attacker to execute arbitrary operating system commands.

The vulnerability of the ms.cgi /swms/ms.cgi script in the MRF Web Panel application exists due to the lack of measures taken to neutralize special elements used in operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands on behalf of the...

CVE-2017-14001

An Improper Neutralization of Special Elements used in an OS Command issue was discovered in Digium Asterisk GUI 2.1.0 and prior. An OS command injection vulnerability has been identified that may allow the execution of arbitrary code on the system through the inclusion of OS commands in the URL...

Malicious GIT HTTP Server

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Malicious Git HTTP Server For CVE-2017-1000117', 'Description' = %q This module exploits CVE-2017-1000117, which affects Git version 2.7.5 and...

OS command injection vulnerability in Toshiba Lighting & Technology Corporation Home gateway

Overview Home gateway provided by Toshiba Lighting & Technology Corporation contains OS command injection. Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impa...

Crypttech CryptoLog - Remote Code Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Crypttech CryptoLog Remote Code Execution", 'Description' = %q This module exploits the sql injection and command injection vulnerability of...

Operating System Command Injection

OS command injection occurs when user supplied input is used to form a command to be executed by the operating system. Scanner was able to inject specific Operating System commands and have the output from that command contained within the server response. This indicates that input is not being...