3845 matches found
CVE-2017-6184
In Sophos Web Appliance (SWA) versions before 4.3.1.2, the reports-generation interface is vulnerable to remote command injection through the token parameter (aka NSWA-1303). The root cause is improper input handling/sanitization in the reporting path, allowing an authenticated or network-exposed...
CVE-2017-6184
In Sophos Web Appliance SWA before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via the token parameter, aka NSWA-1303...
CVE-2017-6182
Affected product : Sophos Web Appliance (SWA) prior to version 4.3.1.2. Vulnerability : Remote command injection in the reporting UI, via functions related to report generation (NSWA-1304). Impact : Unauthenticated/remote attacker could inject commands through the reporting component; severity is...
CVE-2017-6183
In Sophos Web Appliance SWA before 4.3.1.2, a section of the machine's configuration utilities for adding and detecting Active Directory servers was vulnerable to remote command injection, aka NSWA-1314...
Logsign 4.4.24.4.137 - Remote Command Injection (Metasploit)
Logsign 4.4.24.4.137 - Remote Command Injection Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Logsign Remote Command Injection', 'Description' = %q This module exploits an command...
Logsign Remote Command Injection
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Logsign Remote Command Injection', 'Description' = %q This module exploits an command injection vulnerability in Logsign. By exploiting this...
Logsign Remote Command Injection
This module exploits a command injection vulnerability in Logsign. By exploiting this vulnerability, unauthenticated users can execute arbitrary code under the root user. Logsign has a publicly accessible endpoint. That endpoint takes a user input and then use it during operating system command...
NetCommWireless Wireless Router Remote Command Injection Vulnerability
NetCommWireless Wireless Router is a wireless router from NetComm Australia. A security vulnerability exists in NetCommWireless Wireless Router that allows remote attackers to submit a special request to execute arbitrary commands in an application context...
CVE-2016-9682
The SonicWall Secure Remote Access server version 8.1.0.2-14sv is vulnerable to two Remote Command Injection vulnerabilities in its web administrative interface. These vulnerabilities occur in the diagnostics CGI /cgi-bin/diagnostics component responsible for emailing out information about the...
CVE-2016-9684
The SonicWall Secure Remote Access server version 8.1.0.2-14sv is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'viewcert' CGI /cgi-bin/viewcert component responsible for processing SSL certificate information. The CGI...
Command injection
The SonicWall Secure Remote Access server version 8.1.0.2-14sv is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'extensionsettings' CGI /cgi-bin/extensionsettings component responsible for handling some of the server's...
Command injection
The SonicWall Secure Remote Access server version 8.1.0.2-14sv is vulnerable to two Remote Command Injection vulnerabilities in its web administrative interface. These vulnerabilities occur in the diagnostics CGI /cgi-bin/diagnostics component responsible for emailing out information about the...
CVE-2016-9682
The SonicWall Secure Remote Access server version 8.1.0.2-14sv is vulnerable to two Remote Command Injection vulnerabilities in its web administrative interface. These vulnerabilities occur in the diagnostics CGI /cgi-bin/diagnostics component responsible for emailing out information about the...
CVE-2016-9684
The SonicWall Secure Remote Access server version 8.1.0.2-14sv is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'viewcert' CGI /cgi-bin/viewcert component responsible for processing SSL certificate information. The CGI...
CVE-2016-9683
The SonicWall Secure Remote Access server version 8.1.0.2-14sv is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'extensionsettings' CGI /cgi-bin/extensionsettings component responsible for handling some of the server's...
CVE-2016-9682
The SonicWall Secure Remote Access server version 8.1.0.2-14sv is vulnerable to two Remote Command Injection vulnerabilities in its web administrative interface. These vulnerabilities occur in the diagnostics CGI /cgi-bin/diagnostics component responsible for emailing out information about the...
CVE-2016-9683
The SonicWall Secure Remote Access server version 8.1.0.2-14sv is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'extensionsettings' CGI /cgi-bin/extensionsettings component responsible for handling some of the server's...
CVE-2016-9683
The CVE-2016-9683 issue affects Dell SonicWall Secure Remote Access Server (SRA) version 8.1.0.2-14sv, specifically the extensionsettings CGI (/cgi-bin/extensionsettings). The vulnerability stems from unsanitized handling of the scriptname parameter in a multi-part form, which is read before a ca...
CVE-2016-9682
The provided connected sources confirm CVE-2016-9682 affects SonicWall Secure Remote Access (SRA) 8.1.0.2-14sv. The vulnerabilities are remote command injections in the diagnostics CGI (/cgi-bin/diagnostics) used for emailing system state. Root cause: the application fails to properly escape data...
CVE-2016-9684
Dell SonicWALL Secure Remote Access (SRA) server, version 8.1.0.2-14sv, is vulnerable to a remote command injection in the web admin CGI at /cgi-bin/viewcert. The CGI does not properly escape the CERT input before a system() call, enabling an attacker to execute arbitrary shell commands and gain ...