408 matches found
Multiple Cisco Products OS Command Injection Vulnerabilities
The Cisco Small Business RV Series Routers is an RV series router from Cisco. An operating system command injection vulnerability exists in the Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers, which can be exploited by an authenticated, remote attacker to inject arbitra...
LOGITEC CORPORATION LAN-W300N/PGRB Operating System Command Injection Vulnerability
LOGITEC CORPORATION LAN-W300N/PGRB is a wireless router device. LOGITEC CORPORATION LAN-W300N/PGRB is vulnerable to OS command injection, which can be exploited by attackers to execute arbitrary OS commands via unspecified vectors...
TP-Link TL-WR840N OS Command Injection Vulnerability
The TP-LINK TL-WR840N is a wireless router with a channel count of 13 and VPN support. An OS command injection vulnerability exists in oaliptaddBridgeIsolationRules in TP-Link TL-WR840N 6EU0.9.14.16. The vulnerability stems from raw strings entered from the web interface being used to call system...
KLog Server OS Command Injection Vulnerability
KLog is ZhaoKaiQiang KLog individual developers of a logging tool for Android development . The tool's main functions are to print line numbers, function calls, Json parsing, XML parsing, click to jump, Log information saved and other functions. KLog Server 2.4.1 suffers from an OS command...
VulnCheck KEV: CVE-2018-13023
System command injection vulnerability in wifiaccess in Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute system commands via the "timeout" URL parameter...
CVE-2020-11852
CVE-2020-11852 is a command-injection vulnerability in Micro Focus Secure Messaging Gateway (SMG) affecting the DKIM key management page. The issue allows a logged-in user with rights to generate DKIM key information to inject system commands into the DKIM system command call. Affected are SMG Ap...
PT-2020-15410 · Jenkins · Jenkins Selenium Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Selenium Plugin versions 3.141.59 and earlier Description: The issue concerns a lack of CSRF protection for HTTP endpoints in the Jenkins Selenium Plugin, allowing attackers to perform administrative actions. Specifically, this enable...
NETGEAR D3600, D6000 and XR500 OS Command Injection Vulnerability (CNVD-2020-27256)
NETGEAR XR500 and others are products of NETGEAR Corporation.NETGEAR XR500 is a wireless router.NETGEAR D3600 is a wireless modem.NETGEAR D6000 is a wireless modem.NETGEAR XR500 is a wireless router.NETGEAR XR500 is a wireless router.NETGEAR XR500 is a wireless router.NETGEAR XR500 is a wireless...
CVE-2019-15708
A system command injection vulnerability in the FortiAP-S/W2 6.2.1, 6.2.0, 6.0.5 and below, FortiAP 6.0.5 and below and FortiAP-U below 6.0.0 under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted ifconfig commands...
CVE-2019-15708
CVE-2019-15708 concerns a system command injection vulnerability in Fortinet FortiAP devices. Based on connected sources, affected products include FortiAP-S/W2 (versions 6.2.1, 6.2.0, 6.0.5 and below), FortiAP (6.0.5 and below), and FortiAP-U (below 6.0.0). The issue occurs in the CLI admin cons...
UBUNTU-CVE-2020-8130
There is an OS command injection vulnerability in Ruby Rake 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character |...
CVE-2020-9020
Iteris Vantage Velocity Field Unit 2.3.1, 2.4.2, and 3.0 devices allow the injection of OS commands into cgi-bin/timeconfig.py via shell metacharacters in the NTP Server field...
CVE-2019-13652
TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow serviceName OS Command Injection issue 4 of 5...
Gemalto Ezio Server Operating System Command Injection Vulnerability
Gemalto Ezio Server is an authentication server from Gemalto USA. An operating system command injection vulnerability exists in Gemalto Ezio Server versions prior to 3.1.0, which can be exploited by an attacker to execute illegal operating system commands...
CVE-2018-14712
Buffer overflow in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to inject system commands via the "hook" URL parameter...
Command injection
System command injection in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to execute system commands via the "loadscript" URL parameter...
CVE-2018-14714
CVE-2018-14714 describes a system command injection in ASUS RT-AC3200 (firmware 3.0.0.4.382.50010) via the load_script parameter in appGet.cgi, allowing remote command execution. Multiple connected sources confirm the vulnerability in the ASUS RT-AC3200 and the load_script vector; Red Hat/NTBD ad...
CVE-2018-15722
The Logitech Harmony Hub before version 4.15.206 is vulnerable to OS command injection via the time update request. A remote server or man in the middle can inject OS commands with a properly formatted response...
CVE-2018-19007
In Geutebrueck GmbH E2 Camera Series versions prior to 1.12.0.25 the DDNS configuration in the Network Configuration panel is vulnerable to an OS system command injection as root...
Moxa NPort W2x50A Operating System Command Injection Vulnerability
Moxa NPort W2x50A is a Moxa serial communication server for connecting industrial serial devices to a network. An operating system command injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware prior to version 2.2 Build18082311. An attacker can...