3852 matches found
Hackers Exploit Zero-Day Bugs in Draytek Devices to Target Enterprise Networks
Cybersecurity researchers with Qihoo 360's NetLab today unveiled details of two recently spotted zero-day cyberattack campaigns in the wild targeting enterprise-grade networking devices manufactured by Taiwan-based DrayTek. According to the report, at least two separate groups of hackers exploite...
Draytek Vigor3900, Vigor2960 and Vigor300B Operating System Command Injection Vulnerability
DrayTek Vigor3900 and others are products of DrayTek Taiwan, China.DrayTek Vigor3900 is a broadband router/VPN gateway appliance.Vigor2960 is a load-balancing router and VPN gateway appliance.Vigor300B is a load-balancing router. A security vulnerability exists in the /cgi-bin/activate.cgi file i...
CVE-2020-10826
/cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve command injection via a remote HTTP request in DEBUG mode...
EKAKIN Shihonkanri Plus GOOUT Operating System Command Injection Vulnerability
EKAKIN Shihonkanri Plus GOOUT is a CGI Common Gateway Interface from EKAKIN Japan. An operating system command injection vulnerability exists in EKAKIN Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10. A remote attacker could exploit this vulnerability to execute arbitrary operating system commands...
Keijiban Tsumiki Free CGI Operating System Command Injection Vulnerability
Keijiban Tsumiki Free CGI is a free CGI public gateway interface. An operating system command injection vulnerability exists in Keijiban Tsumiki v1.15. A remote attacker can exploit this vulnerability to execute arbitrary operating system commands...
UCM6202 1.0.18.13 - Remote Command Injection Exploit
Exploit for hardware platform in category web applications Exploit Title: UCM6202 1.0.18.13 - Remote Command Injection Exploit Author: Jacob Baines Vendor: http://www.grandstream.com Product Link: http://www.grandstream.com/products/ip-pbxs/ucm-series-ip-pbxs/product/ucm6200-series Tested on:...
UCM6202 1.0.18.13 Remote Command Injection
Exploit Title: UCM6202 1.0.18.13 - Remote Command Injection Date: 2020-03-23 Exploit Author: Jacob Baines Vendor: http://www.grandstream.com Product Link: http://www.grandstream.com/products/ip-pbxs/ucm-series-ip-pbxs/product/ucm6200-series Tested on: UCM6202 1.0.18.13 CVE : CVE-2020-5722 Shodan...
UCM6202 1.0.18.13 - Remote Command Injection
UCM6202 1.0.18.13 - Remote Command Injection Exploit Title: UCM6202 1.0.18.13 - Remote Command Injection Date: 2020-03-23 Exploit Author: Jacob Baines Vendor: http://www.grandstream.com Product Link: http://www.grandstream.com/products/ip-pbxs/ucm-series-ip-pbxs/product/ucm6200-series Tested on:...
UCM6202 1.0.18.13 - Remote Command Injection
Exploit Title: UCM6202 1.0.18.13 - Remote Command Injection Date: 2020-03-23 Exploit Author: Jacob Baines Vendor: http://www.grandstream.com Product Link: http://www.grandstream.com/products/ip-pbxs/ucm-series-ip-pbxs/product/ucm6200-series Tested on: UCM6202 1.0.18.13 CVE : CVE-2020-5722 Shodan...
rConfig 3.9.4 - (search.crud.php) Remote Command Injection Exploit
Exploit for php platform in category web applications Exploit Title: rConfig 3.9.4 - 'search.crud.php' Remote Command Injection Exploit Author: Matthew Aberegg, Michael Burkey Vendor Homepage: https://www.rconfig.com Software Link: https://www.rconfig.com/downloads/rconfig-3.9.4.zip Version:...
rConfig 3.9.4 Remote Command Injection
Exploit Title: rConfig 3.9.4 - 'search.crud.php' Remote Command Injection Date: 2020-03-21 Exploit Author: Matthew Aberegg, Michael Burkey Vendor Homepage: https://www.rconfig.com Software Link: https://www.rconfig.com/downloads/rconfig-3.9.4.zip Version: rConfig 3.9.4 Tested on: Cent OS 7 1908...
rConfig 3.9.4 - search.crud.php Remote Command Injection
rConfig 3.9.4 - search.crud.php Remote Command Injection Exploit Title: rConfig 3.9.4 - 'search.crud.php' Remote Command Injection Date: 2020-03-21 Exploit Author: Matthew Aberegg, Michael Burkey Vendor Homepage: https://www.rconfig.com Software Link:...
rConfig 3.9.4 - 'search.crud.php' Remote Command Injection
Exploit Title: rConfig 3.9.4 - 'search.crud.php' Remote Command Injection Date: 2020-03-21 Exploit Author: Matthew Aberegg, Michael Burkey Vendor Homepage: https://www.rconfig.com Software Link: https://www.rconfig.com/downloads/rconfig-3.9.4.zip Version: rConfig 3.9.4 Tested on: Cent OS 7 1908...
CVE-2019-19940
Incorrect input sanitation in text-oriented user interfaces telnet, ssh in Swisscom Centro Grande before 6.16.12 allows remote authenticated users to execute arbitrary commands via command injection...
Drobo 5N2 4.1.1 Remote Command Injection
Exploit Title: Drobo 5N2 4.1.1 - Remote Command Injection Date: 2020-03-12 Exploit Author: Rick Ramgattie, Ian Sindermann Vendor Homepage: https://www.drobo.com/ Version: 4.1.1 and lower. CVE: CVE-2018-14709, CVE-2018-14701 !/usr/bin/env python3 nasty.py - A proof-of-concept utility for malicious...
Drobo 5N2 4.1.1 - Remote Command Injection Exploit
Exploit Title: Drobo 5N2 4.1.1 - Remote Command Injection Date: 2020-03-12 Exploit Author: Rick Ramgattie, Ian Sindermann Vendor Homepage: https://www.drobo.com/ Version: 4.1.1 and lower. CVE: CVE-2018-14709, CVE-2018-14701 !/usr/bin/env python3 nasty.py - A proof-of-concept utility for malicious...
Drobo 5N2 4.1.1 - Remote Command Injection
Exploit Title: Drobo 5N2 4.1.1 - Remote Command Injection Date: 2020-03-12 Exploit Author: Rick Ramgattie, Ian Sindermann Vendor Homepage: https://www.drobo.com/ Version: 4.1.1 and lower. CVE: CVE-2018-14709, CVE-2018-14701 !/usr/bin/env python3 nasty.py - A proof-of-concept utility for malicious...
Drobo 5N2 4.1.1 - Remote Command Injection
Drobo 5N2 4.1.1 - Remote Command Injection Exploit Title: Drobo 5N2 4.1.1 - Remote Command Injection Date: 2020-03-12 Exploit Author: Rick Ramgattie, Ian Sindermann Vendor Homepage: https://www.drobo.com/ Version: 4.1.1 and lower. CVE: CVE-2018-14709, CVE-2018-14701 !/usr/bin/env python3 nasty.py...
D-Link DIR-825 and TRENDnet TEW-632BRP Command Injection Vulnerability (CNVD-2020-16100)
The D-Link DIR-825 is an AC 1200 Wi-Fi dual-band Gigabit LAN/WAN router.The TRENDnet TEW-632BRP is a 300Mbps wireless home router. A command injection vulnerability exists in the D-Link DIR-825 and TRENDnet TEW-632BRP. A remote attacker can exploit this vulnerability to execute arbitrary commands...
CVE-2013-7380
The Etherpad Lite epimageconvert Plugin has a Remote Command Injection Vulnerability...