CVE-2013-7380

The Etherpad Lite ep_imageconvert Plugin for Etherpad Lite is affected by a Remote Command Injection vulnerability. Affected: ep_imageconvert

CVE-2013-7380

The Etherpad Lite epimageconvert Plugin has a Remote Command Injection Vulnerability...

Cisco Webex Video Mesh Software CVE-2019-16005 Remote Command Injection Vulnerability

Description Cisco Webex Video Mesh Software is prone to a remote command injection vulnerability. Successfully exploiting this issue may allow an attacker to execute arbitrary commands with root privileges in the context of the affected device. This issue is being tracked by Cisco Bug ID...

D-Link DGS-1510 Command Injection Vulnerability

The D-Link DGS-1510 is a DGS-1510 series switch from AUO D-Link of Taiwan, China. A security vulnerability exists in the D-Link DGS-1510 using firmware versions 1.20.011, 1.30.007, and 1.31.B003 and earlier. A remote attacker can exploit the vulnerability to inject malicious scripts and execute...

DLINK DWL-2600 Authenticated Remote Command Injection

Some DLINK Access Points are vulnerable to an authenticated OS command injection. Default credentials for the web interface are admin/admin. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'DLIN...

Citrix SD-WAN Center trace_route Unauthenticated Remote Command Injection

The remote Citrix SD-WAN Center is affected by a remote command injection vulnerability due to improper sanitization of user-supplied input in the traceroute action of DiagnosticController. An unauthenticated, remote attacker can exploit this, via a specially crafted HTTP request, to execute...

Petwant PF-103 and Petalk AI OS Command Injection Vulnerabilities

Petwant PF-103 is an automated pet feeder from Petwant Pet Products China.Petalk AI is an automated pet feeder with monitoring function. An operating system command injection vulnerability exists in the 'processCommandUploadLog' function of the libcommon.so file in the Petwant PF-103 and Petalk A...

VulnCheck KEV: CVE-2019-18396

An issue was discovered in certain Oi third-party firmware that may be installed on Technicolor TD5130v2 devices. A Command Injection in the Ping module in the Web Interface in OIFwV20 allows remote attackers to execute arbitrary OS commands in the pingAddr parameter to mntping.cgi. NOTE: This...

Inim Electronics SmartLiving SmartLAN/G/SI 6.x Remote Root

!/bin/bash Inim Electronics SmartLiving SmartLAN/G/SI =6.x Root Remote Command Execution Vendor: INIM Electronics s.r.l. Product web page: https://www.inim.biz Link: https://www.inim.biz/en/antintrusion-control-panels/home-automation/control-panel-smartliving? Affected version: =6.x Affected...

Inim Electronics SmartLiving SmartLAN/G/SI <=6.x Root Remote Command Execution

Summary SmartLiving anti-intrusion control panel and security system provides important features rarely found in residential, commercial or industrial application systems of its kind. This optimized-performance control panel provides first-rate features such as: graphic display, text-to-speech,...

D-Link DNS-320 Remote Command Injection Vulnerability - Active Check

The D-Link DNS-320 NAS-device is prone to a remote command injection vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPEPREFIX =...

Computrols CBAS-Web 19.0.0 Command Injection

!/usr/bin/env python ''' Computrols CBAS-Web Unauthenticated Remote Command Injection Exploit Affected versions: 19.0.0 and below by Sipke Mellema, 2019 Advisory: https://applied-risk.com/resources/ar-2019-009 Paper: https://applied-risk.com/resources/i-own-your-building-management-system Uses tw...

CBAS-Web 19.0.0 - Remote Code Execution Exploit

Exploit for hardware platform in category web applications Exploit Title: CBAS-Web 19.0.0 - Remote Code Execution Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link: https://www.computrols.com/building-automation-software/ Version: 19.0.0...

Cisco Small Business RV Series Routers CVE-2019-15957 Remote Command Injection Vulnerability

Description Cisco Small Business RV Series Routers are prone to a remote command injection vulnerability. Successfully exploiting this issue may allow an attacker to execute arbitrary commands with root privileges in the context of the affected device. This issue is being tracked by Cisco Bug IDs...

Citrix SD-WAN Center and NetScaler SD-WAN Center addModifyZTDProxy Unauthenticated Remote Command Injection

The remote Citrix SD-WAN Center or NetScaler SD-WAN Center is affected by a remote command injection vulnerability due to improper sanitization of user-supplied input in the addModifyZTDProxy action of NmsController. An unauthenticated, remote attacker can exploit this, via a specially crafted HT...

Remote Command Injection in Zingbox Inspector

A security vulnerability exists in Zingbox Inspector that allows for remote code execution if the Inspector were sent a malicious command from the Zingbox cloud, or if the Zingbox Inspector were tampered with to connect to an attacker's cloud endpoint. Ref: CVE-2019-1584 This vulnerability can on...

Remote Command Injection in Zingbox Inspector

A security vulnerability exists in Zingbox Inspector that allows for remote code execution if the Inspector were sent a malicious command from the Zingbox cloud, or if the Zingbox Inspector were tampered with to connect to an attacker's cloud endpoint. Ref: CVE-2019-1584 This vulnerability can on...

Palo Alto Networks Zingbox Inspector CVE-2019-15020 Remote Command Injection Vulnerability

Description Palo Alto Networks Zingbox Inspector is prone to a remote command-injection vulnerability. Attackers can exploit this issue to execute arbitrary commands on the affected system. Versions prior to Zingbox Inspector 1.294 are vulnerable. Technologies Affected Paloaltonetworks Zingbox...

Multiple D-Link Products CVE-2019-16920 Remote Command Injection Vulnerability

Description Multiple D-Link products are prone to a command-injection vulnerability. Exploiting this issue could allow an attacker to execute arbitrary commands in the context of the affected device. Failed exploit attempts will likely result in denial-of-service conditions. Technologies Affected...

D-Link DNS-320 Remote Command Injection Vulnerability

The D-Link DNS-320 NAS-device is prone to a remote command injection vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if...