Remote Command Injection Vulnerability in Riptide Networks NBR1300G-E&RG-EG2000CE-1T

Riptide Networks NBR1300G-E is a new generation gateway product. Riptide Networks RG-EG2000CE-1T is an SSL VPN device. A remote command injection vulnerability exists in Riptide Networks NBR1300G-E & RG-EG2000CE-1T. An attacker can send malicious code to realize remote command injection before...

Zoho ManageEngine Applications Manager Remote Code Execution Vulnerability (CNVD-2018-06478)

ZOHO ManageEngine Applications Manager is a set of application performance monitoring software from ZOHO. The software allows remote monitoring and management of different business systems, applications and network services e.g. servers, operating systems, etc.. A command injection vulnerability...

Multiple IoT Vendors – Multiple Vulnerabilities

Vulnerabilities summary The following advisory describes three 3 vulnerabilities found in the following vendors: Lorex StarVedia Eminent Kraun The vulnerabilities found: Hard-coded credentials Remote command injection 2 It is possible to chain the vulnerabilities and to achieve unauthenticated...

USN-3571-1 erlang vulnerabilities

It was discovered that the Erlang FTP module incorrectly handled certain CRLF sequences. A remote attacker could possibly use this issue to inject arbitrary FTP commands. This issue only affected Ubuntu 14.04 LTS. CVE-2014-1693 It was discovered that Erlang incorrectly checked CBC padding bytes. ...

RubyGems echor 'backplane.rb' remote command injection vulnerability

RubyGems echor is a Ruby-based Echo application developed by software developer Pedro Del Gallego. A remote command injection vulnerability exists in RubyGems echor, which stems from the program failing to adequately filter user-submitted input data. An attacker could use this vulnerability to...

Exploit for OS Command Injection in Atom Electron

CVE-2018-1000006-DEMO A demo version of CVE-2018-1000006...

CVE-2017-15637

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the pptphellointerval variable in the pptpserver.lua file...

CVE-2017-15628

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the lcpechointerval variable in the pptpserver.lua file...

CVE-2017-15635

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the maxconn variable in the sessionlimits.lua file...

CVE-2017-15632

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-mppeencryption variable in the pptpserver.lua file...

CVE-2017-15630

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-remotesubnet variable in the pptpclient.lua file...

CVE-2017-15615

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the lcpechointerval variable in the pptpclient.lua file...

CVE-2017-15616

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-interface variable in the phddns.lua file...

Command injection

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the olmode variable in the interfacewan.lua file...

CVE-2017-15623

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-enable variable in the pptpserver.lua file...

CVE-2017-15620

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-zone variable in the ipmacimport.lua file...

TP-Link Remote Command Injection

Introduction: ================ The WVR-, WAR- and ER- products are the SOHO/WIFI routers of TP-Link. These issues allow remote authenticated administrators to execute arbitrary commands via command injection through different variables of different lua files. If the attacker obtains the account a...

CVE-2017-17105

Zivif PR115-204-P-RS V2.3.4.2103 and V4.7.4.2121 and possibly in-between versions web cameras are vulnerable to unauthenticated, blind remote command injection via CGI scripts used as part of the web interface, as demonstrated by a...

CVE-2017-17105

Zivif PR115-204-P-RS V2.3.4.2103 and V4.7.4.2121 and possibly in-between versions web cameras are vulnerable to unauthenticated, blind remote command injection via CGI scripts used as part of the web interface, as demonstrated by a...

CVE-2017-17105

Zivif PR115-204-P-RS V2.3.4.2103 and V4.7.4.2121 and possibly in-between versions web cameras are vulnerable to unauthenticated, blind remote command injection via CGI scripts used as part of the web interface, as demonstrated by a...