PYSEC-2019-148

In Apache Airflow 1.8.2 and earlier, a CSRF vulnerability allowed for a remote command injection on a default install of Airflow...

CVE-2017-17835

In Apache Airflow 1.8.2 and earlier, a CSRF vulnerability allowed for a remote command injection on a default install of Airflow...

CVE-2017-17835

In Apache Airflow 1.8.2 and earlier, a CSRF vulnerability allowed for a remote command injection on a default install of Airflow...

CVE-2017-17835

CVE-2017-17835 affects Apache Airflow 1.8.2 and earlier. The vulnerability is described as a CSRF flaw that allowed remote command injection on a default Airflow install. The connected documents corroborate the CSRF/vector and the potential for command execution, but do not provide exploitation d...

CVE-2017-17835

In Apache Airflow 1.8.2 and earlier, a CSRF vulnerability allowed for a remote command injection on a default install of Airflow...

AudioCode 400HD Remote Command Injection Vulnerability

Exploit for cgi platform in category web applications CVE-2018-10093 Remote command injection vulnerability in AudioCode IP phones Description The AudioCodes 400HD series of IP phones consists in a range of easy-to-use, feature-rich desktop devices for the service provider hosted services,...

AudioCode 400HD Remote Command Injection

CVE-2018-10093 Remote command injection vulnerability in AudioCode IP phones Description The AudioCodes 400HD series of IP phones consists in a range of easy-to-use, feature-rich desktop devices for the service provider hosted services, enterprise IP telephony and contact center markets. The CGI...

Wifi-soft's Unibox Controllers Remote Command Injection Vulnerability (CNVD-2019-00771)

Wifi-soft's Unibox Controllers are fast-paced network controllers for all large and small venues. A remote code injection vulnerability exists in Wifi-soft's Unibox Controllers. An attacker can exploit the vulnerability to inject arbitrary code...

Wifi-soft's Unibox Controllers Remote Command Injection Vulnerability (CNVD-2019-00770)

Wifi-soft's Unibox Controllers are fast-paced network controllers for all large and small venues. A remote code injection vulnerability exists in Wifi-soft's Unibox Controllers. An attacker can exploit the vulnerability to inject arbitrary code...

FutureNet NXR-G240 Series ShellShock Command Injection Exploit

-- coding: utf-8 -- Title: FutureNet NXR-G240 Series - "ShellShock" Remote Command Injection Author: Nassim Asrir You have a Q ? Contact me at: https://www.linkedin.com/in/nassim-asrir-b73a57122/ Vendor: http://www.centurysys.co.jp/ CVE: CVE-2014-6271 Greetz to : Nadia BENCHIKHA for the great hel...

FutureNet NXR-G240 Series ShellShock Command Injection

-- coding: utf-8 -- Title: FutureNet NXR-G240 Series - "ShellShock" Remote Command Injection Date: 2018-06-12 Author: Nassim Asrir You have a Q ? Contact me at: https://www.linkedin.com/in/nassim-asrir-b73a57122/ Vendor: http://www.centurysys.co.jp/ CVE: CVE-2014-6271 Greetz to : Nadia BENCHIKHA...

CVE-2018-15716

NUUO NVRMini2 version 3.9.1 is vulnerable to authenticated remote command injection. An attacker can send crafted requests to upgradehandle.php to execute OS commands as root...

CVE-2018-15716

NUUO NVRMini2 version 3.9.1 is vulnerable to authenticated remote command injection. An attacker can send crafted requests to upgradehandle.php to execute OS commands as root...

CVE-2018-15716

NUUO NVRMini2 version 3.9.1 is vulnerable to an authenticated command injection via upgrade_handle.php, allowing OS command execution as root. Exploitation details and PoCs are present in multiple sources (PacketStorm, Exploit-DB; authenticated flow shown). The advisory recommends upgrading to ve...

CVE-2018-13307

System command injection in fromNtp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ntpServerIp2" POST parameter. Certain payloads cause the device to become permanently inoperable...

Legacy Server BMC Remote Command Injection

In some Lenovo ThinkServer-branded servers, a command injection vulnerability exists in the BMC firmware download command. This allows a privileged user to download and execute arbitrary code inside the BMC. This can only be exploited by authorized privileged users...

Command injection

The karo gem 2.3.8 for Ruby allows Remote command injection via the host field...

CVE-2014-10075

The karo gem 2.3.8 for Ruby allows Remote command injection via the host field...

CVE-2014-10075

CVE-2014-10075 affects the Ruby karo gem (v2.3.8) and enables Remote command injection via the host field. The flaw resides in db.rb where metacharacters are mishandled, allowing an attacker to execute arbitrary commands (examples show building and executing a shell command with unsanitized input...

WordPress Plainview Activity Monitor Plugin OS Command Injection Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports PHP and MySQL server set up a personal blog site . Plainview Activity Monitor plugin is used in one of the website user activity monitoring plugin . An operating syst...