CVE-2020-35851

HGiga MailSherlock is affected by CVE-2020-35851: a vulnerability where the product does not validate specific parameters properly, enabling remote command injection and arbitrary command execution. The issue is documented across multiple sources (e.g., CNVD-2021-06950, NVD, CVE lists) and is des...

CVE-2020-24634

An attacker is able to remotely inject arbitrary commands by sending especially crafted packets destined to the PAPI Aruba Networks AP Management protocol UDP port 8211 of access-pointsor controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility...

CVE-2020-24634

An attacker is able to remotely inject arbitrary commands by sending especially crafted packets destined to the PAPI Aruba Networks AP Management protocol UDP port 8211 of access-pointsor controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility...

WARNING — Critical Remote Hacking Flaws Affect D-Link VPN Routers

Some widely sold D-Link VPN router models have been found vulnerable to three new high-risk security vulnerabilities, leaving millions of home and business networks open to cyberattacks—even if they are secured with a strong password. Discovered by researchers at Digital Defense, the three securi...

ZeroShell 3.9.0 - 'cgi-bin/kerbynet' Remote Root Command Injection (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zeroshell 3.9.0 Remote Command Execution', 'Description' = %q This module exploits an unauthenticated command injection vulnerability found in...

CVE-2020-2490

If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. QTS versions prior to 4.4.3.1421 on build 20200907...

CVE-2020-23639

A command injection vulnerability exists in Moxa Inc VPort 461 Series Firmware Version 3.4 or lower that could allow a remote attacker to execute arbitrary commands in Moxa's VPort 461 Series Industrial Video Servers...

PT-2020-8658 · Qnap Systems · Music Station

Name of the Vulnerable Software and Affected Versions: QNAP Systems Inc. Music Station versions prior to 5.1.13 QNAP Systems Inc. Music Station versions prior to 5.2.9 QNAP Systems Inc. Music Station versions prior to 5.3.11 Description: This issue is a command injection vulnerability that could...

CVE-2020-27976

osCommerce Phoenix CE before 1.0.5.4 allows OS command injection remotely. Within admin/mail.php, a from POST parameter can be passed to the application. This affects the PHP mail function, and the sendmail -f option...

Nagios XI 5.7.3 Remote Command Injection

Exploit Title: Nagios XI 5.7.3 - 'mibs.php' Remote Command Injection Authenticated Date: 10-27-2020 Vulnerability Discovery: Chris Lyne Vulnerability Details: https://www.tenable.com/security/research/tra-2020-58 Exploit Author: Matthew Aberegg Vendor Homepage:...

Vulnerabilities fixed in QNAP QTS

QNAS has fixed vulnerabilities in the QTS operating system. The vulnerabilities allow a remote malicious person to to inject arbitrary commands. It is good practice to have the user interface for a system like QTS to be exposed on a separate administrator network. QNAP has released updates to fix...

Nagios XI 5.7.3 - 'mibs.php' Remote Command Injection (Authenticated)

Exploit Title: Nagios XI 5.7.3 - 'mibs.php' Remote Command Injection Authenticated Date: 10-27-2020 Vulnerability Discovery: Chris Lyne Vulnerability Details: https://www.tenable.com/security/research/tra-2020-58 Exploit Author: Matthew Aberegg Vendor Homepage:...

CVE-2020-26878

Ruckus through 1.5.1.0.21 is affected by remote command injection. An authenticated user can submit a query to the API /service/v1/createUser endpoint, injecting arbitrary commands that will be executed as root user via web.py...

CVE-2020-26878

CVE-2020-26878 affects Ruckus IoT Controller (Ruckus vRIoT) up to version 1.5.1.0.21. An authenticated user can submit a crafted request to the API at /service/v1/createUser, injecting commands that are executed with root privileges via web.py. Public sources document this as a remote command-inj...

CVE-2020-12124

A remote command-line injection vulnerability in the /cgi-bin/liveapi.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication...

Remote Command Injection Vulnerability in TP-LINK Archer AX50

TP-LINK is a leading global supplier of network communication equipment. A remote command injection vulnerability exists in the TP-LINK Archer AX50, which can be exploited by an attacker to gain server privileges...

IBM Spectrum Protect Plus hostname Command Injection

The IBM Spectrum Protect Plus SPP administrative console running on the remote host is affected by a remote command injection vulnerability due to improper validation of user-supplied data when processing a 'set hostname' HTTP request. An unauthenticated, remote attacker can exploit this, via a...

Cisco Data Center Network Manager Command Injection Vulnerability

Cisco Data Center Network Manager DCNM is a data center management system from Cisco. The system works with Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting. A security vulnerability exists in the REST API endpoint in Cisco DCNM versions...

CVE-2020-13917

rkscli in Ruckus Wireless Unleashed through 200.7.10.92 allows a remote attacker to achieve command injection and jailbreak the CLI via a crafted CLI command. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d, T310n,...

CVE-2020-13919

emfd/libemf in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to achieve command injection via a crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d, T310n, T310s, T610,...