D-Link DNS-320 Remote Command Injection Vulnerability

The D-Link DNS-320 is a two-drive ShareCenter series NAS storage device. A remote command injection vulnerability exists in the loginmgr.cgi script in the D-Link DNS-320 2.05.B10 and earlier versions. A remote, unauthenticated attacker could exploit this vulnerability to access all application...

CVE-2019-16057

The loginmgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection...

CVE-2019-16057

The loginmgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection...

CVE-2019-16057

D-Link DNS-320 NAS (up to firmware 2.05.B10) is affected by a remote command injection in login_mgr.cgi, enabling remote code execution with root privileges. The vulnerability arises from improper handling of input in the login_mgr.cgi component, allowing an unauthenticated attacker to run arbitr...

CVE-2019-16057

The loginmgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection...

CVE-2019-16057

The loginmgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

Citrix SD-WAN Center Unauthenticated Remote Command Injection

The remote Citrix SD-WAN Center is affected by a remote command injection vulnerability due to improper sanitization of user-supplied input in the ping action of DiagnosticController. An unauthenticated, remote attacker can exploit this, via a specially crafted HTTP request, to execute arbitrary...

InduSoft Web Studio < v8.1 + SP3 Remote Command Injection Vulnerability

Binary data 701080.prm...

Zoom RCE Flaw Also Affects Its Rebranded Versions RingCentral and Zhumu

The same security vulnerabilities that were recently reported in Zoom for macOS also affect two other popular video conferencing software that under the hood, are just a rebranded version of Zoom video conferencing software. Security researchers confirmed The Hacker News that RingCentral, used by...

CVE-2018-14495

Vivotek FD8136 devices allow Remote Command Injection, aka "another command injection vulnerability in our target device," a different issue than CVE-2018-14494. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or have any other...

CVE-2018-14495

Vivotek FD8136 devices allow Remote Command Injection, aka "another command injection vulnerability in our target device," a different issue than CVE-2018-14494. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or have any other...

Command injection

DISPUTED Vivotek FD8136 devices allow Remote Command Injection, aka "another command injection vulnerability in our target device," a different issue than CVE-2018-14494. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or have any...

CVE-2018-14495

Vivotek FD8136 devices allow Remote Command Injection, aka "another command injection vulnerability in our target device," a different issue than CVE-2018-14494. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or have any other...

CVE-2018-14495

Vivotek FD8136 devices allow Remote Command Injection, aka "another command injection vulnerability in our target device," a different issue than CVE-2018-14494. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or have any other...

CVE-2018-14495

CVE-2018-14495 concerns Vivotek FD8136 devices with a reported Remote Command Injection vulnerability. Connected sources (Red Hat CVEs RH:CVE-2018-14494 and RH:CVE-2018-14495) describe a related issue and indicate vendor disputes, noting that the vulnerability is contested and may not affect curr...

CVE-2018-14494

Vivotek FD8136 devices allow Remote Command Injection, related to BusyBox and wget. NOTE: the vendor sent a clarification on 2019-09-17 explaining that, although this CVE was first populated in July 2019, it is a historical vulnerability that does not apply to any current or recent Vivotek hardwa...

CVE-2018-14494

Vivotek FD8136 devices allow Remote Command Injection, related to BusyBox and wget. NOTE: the vendor sent a clarification on 2019-09-17 explaining that, although this CVE was first populated in July 2019, it is a historical vulnerability that does not apply to any current or recent Vivotek hardwa...

Command injection

DISPUTED Vivotek FD8136 devices allow Remote Command Injection, related to BusyBox and wget. NOTE: the vendor sent a clarification on 2019-09-17 explaining that, although this CVE was first populated in July 2019, it is a historical vulnerability that does not apply to any current or recent Vivot...

CVE-2018-14494

Vivotek FD8136 devices allow Remote Command Injection, related to BusyBox and wget. NOTE: the vendor sent a clarification on 2019-09-17 explaining that, although this CVE was first populated in July 2019, it is a historical vulnerability that does not apply to any current or recent Vivotek hardwa...

CVE-2018-14494

CVE-2018-14494 concerns Vivotek FD8136 devices and is described as a Remote Command Injection in evidence related to BusyBox and wget. The connected Red Hat and other entries reiterate this as a vulnerability affecting the FD8136, but the Red Hat notes also classify it as historical and not appli...