Foscam camera remote command injection vulnerability

Foscam camera is a webcam that pushes messages to your phone and also enables video Baidu cloud storage directly through WIFI. Foscam camera has a remote command injection vulnerability in the modelName in the /mnt/mtd/app/config/ProductConfig.xml file. By installing the ProductConfig.xml file in...

Sierra Wireless GX440 Command Injection Vulnerability

The Sierra Wireless GX440 is a gateway device from Sierra Wireless Canada. The Sierra Wireless GX440 suffers from a command injection vulnerability that can be exploited by a remote attacker to submit a special request and execute arbitrary commands...

NETGEAR Multiple Model PHP Remote Command Injection

The remote NETGEAR device is affected by a remote command injection vulnerability in multiple PHP scripts due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially crafted URL, to execute arbitrary commands on the device. Note that...

CVE-2017-8051

Tenable Appliance 3.5 - 4.4.0, and possibly prior versions, contains a flaw in the simpleupload.py script in the Web UI. Through the manipulation of the tnsappliancesessionuser parameter, a remote attacker can inject arbitrary commands...

CVE-2017-8051

CVE-2017-8051 affects Tenable Appliance 3.5–4.4.0 (and possibly earlier) via the simpleupload.py Web UI. The flaw allows arbitrary command execution by manipulating the tns_appliance_session_user parameter, enabling unauthenticated, remote code execution as described in multiple sources (e.g., Re...

Western Digital My Cloud Products Authentication Bypass and Multiple Remote Command Injection Vulnerabilities

Western Digital My Cloud Products are prone to an authentication bypass and multiple remote command injection vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Textract Operating System Command Injection Vulnerability

textract is a Python library for extracting text content from various documents. An operating system command injection vulnerability exists in textract. A remote attacker can use this vulnerability to inject operating system commands by calling the process function from a filename...

QNAP QTS Remote Command Injection

QNAP QTS multiple RCE vulnerabilities ===================================== The latest version of this advisory is available at: https://sintonen.fi/advisories/qnap-qts-multiple-rce-vulnerabilities.txt Overview -------- QNAP QTS firmware contains multiple Command Injection CWE-77 vulnerabilities...

Sophos Web Appliance < 4.3.1.2 Multiple Vulnerabilities

According to its self-reported build number, the Sophos Web Appliance running on the remote host is prior to 4.3.1.2. It is, therefore, affected by following vulnerabilities : - A remote command injection vulnerability exists due to a failure in certain functions to properly sanitize input upon...

Sophos Web Appliance Remote Command Injection Vulnerability (CNVD-2017-05238)

Sophos Web Appliance SWA is a suite of Web security gateway products from Sophos UK. The product supports real-time web threat protection, customized web filtering and dynamic control of applications. A remote command injection vulnerability exists in Sophos Web Appliance SWA versions prior to...

Sophos Web Appliance Remote Command Injection Vulnerability (CNVD-2017-05239)

Sophos Web Appliance SWA is a suite of Web security gateway products from Sophos UK. The product supports real-time web threat protection, customized web filtering and dynamic control of applications. A remote command injection vulnerability exists in Sophos Web Appliance SWA versions prior to...

CVE-2016-8779

Huawei FusionAccess with software V100R005C10 and V100R005C20 could allow remote attackers with specific permission to inject a Lightweight Directory Access Protocol LDAP operation command into a specific input variable to obtain sensitive information from the database...

Sophos Web Appliance Remote Command Injection Vulnerability (CNVD-2017-04889)

Sophos Web Appliance SWA is a suite of Web security gateway products from Sophos UK. The product supports real-time web threat protection, customized web filtering and dynamic control of applications. A remote command injection vulnerability exists in the interface for report generation in Sophos...

CVE-2017-6183

In Sophos Web Appliance SWA before 4.3.1.2, a section of the machine's configuration utilities for adding and detecting Active Directory servers was vulnerable to remote command injection, aka NSWA-1314...

CVE-2017-6182

In Sophos Web Appliance SWA before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304...

CVE-2017-6184

In Sophos Web Appliance SWA before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via the token parameter, aka NSWA-1303...

Command injection

In Sophos Web Appliance SWA before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304...

CVE-2017-6183

In Sophos Web Appliance SWA before 4.3.1.2, a section of the machine's configuration utilities for adding and detecting Active Directory servers was vulnerable to remote command injection, aka NSWA-1314...

CVE-2017-6182

In Sophos Web Appliance SWA before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304...

CVE-2017-6184

In Sophos Web Appliance SWA before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via the token parameter, aka NSWA-1303...