CVE-2020-2014

CVE-2020-2014 : PAN-OS contains an OS command injection vulnerability in the management server. Authenticated users can inject and execute arbitrary shell commands with root privileges. Affected: PAN-OS 7.1 and 8.0; PAN-OS 8.1 before 8.1.14; PAN-OS 9.0 before 9.0.7. References indicate a fix/patc...

PAN-OS: OS injection vulnerability in PAN-OS management server

An OS Command Injection vulnerability in PAN-OS management server allows authenticated users to inject and execute arbitrary shell commands with root privileges. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7...

Command Injection

radare2 is vulnerable to command injection. A command injection vulnerability exists in the function binsymbols in libr/core/cbin.c. An attacker is able to execute arbitrary shell commands using a malicious executable file due to improper handling of symbol names embedded in executables...

Improper access control

In BIG-IQ 6.0.0-7.0.0, a remote access vulnerability has been discovered that may allow a remote user to execute shell commands on affected systems using HTTP requests to the BIG-IQ user interface...

CVE-2020-5868

In BIG-IQ 6.0.0-7.0.0, a remote access vulnerability has been discovered that may allow a remote user to execute shell commands on affected systems using HTTP requests to the BIG-IQ user interface...

CVE-2019-20773

An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. Unprivileged applications can execute shell commands via the connectivity service. The LG ID is LVE-SMP-190008 August 2019...

CVE-2019-20773

An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. Unprivileged applications can execute shell commands via the connectivity service. The LG ID is LVE-SMP-190008 August 2019...

Command injection

An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. Unprivileged applications can execute shell commands via the connectivity service. The LG ID is LVE-SMP-190008 August 2019...

CVE-2019-20773

CVE-2019-20773 affects LG mobile devices running Android OS 7.x–9.0; the issue allows unprivileged applications to execute shell commands via the connectivity service. Root cause is not detailed in the provided documents; no exploit specifics or remediation are described in the connected sources....

Dynamics Business Central Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft Dynamics Business Central. An attacker who successfully exploited this vulnerability could execute arbitrary shell commands on victim's server. To exploit the vulnerability, an authenticated attacker needs to convince the victim into conne...

CVE-2019-14868

In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those...

Design/Logic Flaw

In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those...

CVE-2019-14868

In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those...

CVE-2019-14868

In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those...

CVE-2019-14868

In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those...

rConfig 3.9.4 - 'searchField' Unauthenticated Root Remote Code Execution

Exploit Title: rConfig 3.9.4 - 'searchField' Unauthenticated Root Remote Code Execution Exploit Author: vikingfr Greetz : Orange Cyberdefense - team CSR-SO https://cyberdefense.orange.com Date: 2020-03-12 CVE-2019-19509 + CVE-2019-19585 + CVE-2020-10220 Exploit link :...

PHP: Multiple vulnerabilities

Background PHP is an open source general-purpose scripting language that is especially suited for web development. Description Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact An attacker could possibly execute arbitrary...

CVE-2020-5722

The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker can use this vulnerability to execute shell commands as root on versions before 1.0.19.20 or inject HTML in password recovery emails in versions befo...

Sql injection

The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker can use this vulnerability to execute shell commands as root on versions before 1.0.19.20 or inject HTML in password recovery emails in versions befo...

CVE-2020-5722

The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker can use this vulnerability to execute shell commands as root on versions before 1.0.19.20 or inject HTML in password recovery emails in versions befo...