3851 matches found
CVE-2018-21268
The traceroute aka node-traceroute package through 1.0.0 for Node.js allows remote command injection via the host parameter. This occurs because the Child.exec method, which is considered to be not entirely safe, is used. In particular, an OS command can be placed after a newline character...
CVE-2018-21268
The traceroute aka node-traceroute package through 1.0.0 for Node.js allows remote command injection via the host parameter. This occurs because the Child.exec method, which is considered to be not entirely safe, is used. In particular, an OS command can be placed after a newline character...
CVE-2018-21268
CVE-2018-21268 concerns the node-traceroute package (v1.0.0 and earlier) for Node.js, where remote command injection is possible via the host parameter due to Child.exec() being used, allowing an OS command after a newline. Multiple sources (NVD, Red Hat, GitHub advisories, osv.dev) describe this...
QNAP QTS Remote Command Injection (CVE-2019-7193)
A remote command injection vulnerability exists in QNAP QTS. An authenticated attacker can exploit this vulnerability by injecting arbitrary PHP code into the session. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Cayin Digital Signage System xPost 2.5 - Remote Command Injection Exploit
Exploit for multiple platform in category web applications Title: Cayin Digital Signage System xPost 2.5 - Remote Command Injection Author:LiquidWorm Vendor: https://www.cayintech.com CVE: N/A !/usr/bin/env python3 Cayin Digital Signage System xPost 2.5 Pre-Auth SQLi Remote Code Execution Vendor:...
Cayin Signage Media Player 3.0 Root Remote Command Injection
Summary CAYIN Technology provides Digital Signage solutions, including media players, servers, and software designed for the DOOH Digital Out-of-home networks. We develop industrial-grade digital signage appliances and tailored services so you don't have to do the hard work. Description CAYIN...
Cayin Content Management Server 11.0 - Remote Command Injection (root) Vulnerability
Exploit for multiple platform in category web applications Title: Cayin Content Management Server 11.0 - Remote Command Injection root Author:LiquidWorm Vendor: https://www.cayintech.com CVE: N/A Cayin Content Management Server 11.0 Root Remote Command Injection Vendor: CAYIN Technology Co., Ltd...
Cayin Signage Media Player 3.0 Root Remote Command Injection
!/usr/bin/env python3 Cayin Signage Media Player 3.0 Root Remote Command Injection Vendor: CAYIN Technology Co., Ltd. Product web page: https://www.cayintech.com Affected version: SMP-8000QD v3.0 SMP-8000 v3.0 SMP-6000 v3.0 Build 19025 SMP-6000 v1.0 Build 14246 SMP-6000 v1.0 Build 14199 SMP-6000...
Cayin Content Management Server 11.0 - Remote Command Injection (root)
Title: Cayin Content Management Server 11.0 - Remote Command Injection root Author:LiquidWorm Date: 2020-06-04 Vendor: https://www.cayintech.com CVE: N/A Cayin Content Management Server 11.0 Root Remote Command Injection Vendor: CAYIN Technology Co., Ltd. Product web page: https://www.cayintech.c...
Cayin Digital Signage System xPost 2.5 - Remote Command Injection
Title: Cayin Digital Signage System xPost 2.5 - Remote Command Injection Author:LiquidWorm Date: 2020-06-04 Vendor: https://www.cayintech.com CVE: N/A !/usr/bin/env python3 Cayin Digital Signage System xPost 2.5 Pre-Auth SQLi Remote Code Execution Vendor: CAYIN Technology Co., Ltd. Product web...
NSA Announces Sandworm Actors Exploiting Exim MTA Vulnerability (CVE-2019-10149)
The Exim MTA vulnerability, initially reported by Qualys in May 2019, is currently being exploited in the wild. Recently, the US National Security Agency NSA announced that Sandworm actors Russian hacker group have been actively exploiting the Exim Mail Transfer Agent vulnerability. Qualys releas...
HP LinuxKI 6.01 - Remote Command Injection Exploit
Exploit Title: HP LinuxKI 6.01 - Remote Command Injection Exploit Author: Cody Winkler Vendor Homepage: https://www.hpe.com/us/en/home.html Software Link: https://github.com/HewlettPackard/LinuxKI/releases/tag/v6.0-1 Version: = v6.0-1 Tested on: LinuxKI Docker Image CVE: CVE-2020-7209 !/usr/bin/e...
HP LinuxKI 6.01 - Remote Command Injection
Exploit Title: HP LinuxKI 6.01 - Remote Command Injection Date: 2020-05-17 Exploit Author: Cody Winkler Vendor Homepage: https://www.hpe.com/us/en/home.html Software Link: https://github.com/HewlettPackard/LinuxKI/releases/tag/v6.0-1 Version: = v6.0-1 Tested on: LinuxKI Docker Image CVE:...
HP LinuxKI 6.01 Remote Command Injection
Exploit Title: HP LinuxKI 6.01 - Remote Command Injection Date: 2020-05-17 Exploit Author: Cody Winkler Vendor Homepage: https://www.hpe.com/us/en/home.html Software Link: https://github.com/HewlettPackard/LinuxKI/releases/tag/v6.0-1 Version: = v6.0-1 Tested on: LinuxKI Docker Image CVE:...
IBM Spectrum Protect Plus username Command Injection
The IBM Spectrum Protect Plus administrative console running on the remote host is affected by a remote command injection vulnerability due to improper validation of user-supplied data when processing a login HTTP request. An unauthenticated, remote attacker can exploit this, via a specially...
D-Link DWL-2600 Authentication Remote Command Injection Vulnerability
The D-Link DWL-2600 is a wireless access point device. A security vulnerability exists in the D-Link DWL-2600. An attacker can exploit the vulnerability to inject arbitrary commands...
CVE-2020-10603
WebAccess/NMS versions prior to 3.0.2 does not properly sanitize user input and may allow an attacker to inject system commands remotely...
CVE-2020-10603
Advantech WebAccess/NMS prior to version 3.0.2 is vulnerable to CVE-2020-10603 (OS command injection) due to improper sanitization of user input, enabling remote command execution. ZDI notes exploitation via the ManualDBBackup endpoint filename parameter, potentially with authentication bypass; c...
DLINK DWL-2600 Authenticated Remote Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'DLINK DWL-2600 Authenticated Remote Command Injection', 'Description' = %q Some DLINK Access Points are vulnerable to an authenticated OS command...
Hackers Exploit Zero-Day Bugs in Draytek Devices to Target Enterprise Networks
Cybersecurity researchers with Qihoo 360's NetLab today unveiled details of two recently spotted zero-day cyberattack campaigns in the wild targeting enterprise-grade networking devices manufactured by Taiwan-based DrayTek. According to the report, at least two separate groups of hackers exploite...