CVE-2018-13318

System command injection in User.create method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute system commands via the "name" parameter...

CVE-2018-13318

System command injection in User.create method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute system commands via the "name" parameter...

CVE-2018-13311

CVE-2018-13311 affects TOTOLINK A3002RU (firmware v1.0.8) in the formDlna component. An attacker can inject system commands via the sambaUser POST parameter, enabling remote code execution. Public references from NVD/CNVD describe a system command injection vulnerability with high severities (CVS...

CVE-2018-13311

System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "sambaUser" POST parameter...

Loadbalancer.org Enterprise VA MAX 8.3.2 - Remote Code Execution

Loadbalancer.org Enterprise VA MAX 8.3.2 - Remote Code Execution Exploit Title: Loadbalancer.org Enterprise VA MAX 8.3.2 - Remote Code Execution Date: 2018-07-24 Exploit Authors: Jakub Palaczynski Vendor Homepage: https://www.loadbalancer.org/ Version: . Such JavaScript is stored in "Apache User...

Webiness Inventory 2.9 Shell Upload

Exploit Title: Webiness Inventory 2.9 Arbitrary File Upload Date: 10/27/2018 Exploit Author: Boumediene KADDOUR Unit: Algerie Telecom R&D Unit Software Link: https://github.com/webiness/webinessinventory Version: 2.9 46 foreach $FILES as $file 47 $fileName = $file'name'; 48 $fileTmp =...

CVE-2018-12670

SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B devices allow OS Command Injection...

NUUO NVRMini2 3.8 Buffer Overflow

Exploit Title: NUUO NVRMini2 3.8 - 'cgisystem' Buffer Overflow Enable Telnet Date: 2018-09-17 Exploit Author: Jacob Baines Vendor Homepage: https://www.nuuo.com/ Device: NRVMini2 Software Link: https://www.nuuo.com/ProductNode.php?node=2 Versions: 3.8.0 and below Tested Against: 03.07.0000.0011 a...

NUUO NVRMini2 3.8 - 'cgi_system' Buffer Overflow (Enable Telnet)

Exploit Title: NUUO NVRMini2 3.8 - 'cgisystem' Buffer Overflow Enable Telnet Date: 2018-09-17 Exploit Author: Jacob Baines Vendor Homepage: https://www.nuuo.com/ Device: NRVMini2 Software Link: https://www.nuuo.com/ProductNode.php?node=2 Versions: 3.8.0 and below Tested Against: 03.07.0000.0011 a...

NUUO NVRMini2 3.8 - cgi_system Buffer Overflow (Enable Telnet)

NUUO NVRMini2 3.8 - cgisystem Buffer Overflow Enable Telnet Exploit Title: NUUO NVRMini2 3.8 - 'cgisystem' Buffer Overflow Enable Telnet Date: 2018-09-17 Exploit Author: Jacob Baines Vendor Homepage: https://www.nuuo.com/ Device: NRVMini2 Software Link: https://www.nuuo.com/ProductNode.php?node=2...

PT-2018-1554 · Nordvpn · Nordvpn

Name of the Vulnerable Software and Affected Versions: NordVPN version 6.14.28.0 Description: The issue is caused by the failure to neutralize special elements used in an operating system command. Exploitation of this issue can allow an attacker to execute arbitrary commands or code with SYSTEM...

Command Execution Vulnerability in Rice CMS

DAMI CMS aka 3gcms is a free open source, fast, simple PC station and cell phone station integration integrated system, dedicated to providing users with simple, fast PC station and smartphone station building solutions. Rice CMS command execution vulnerability. Attackers can exploit the...

CVE-2018-3856

An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The device incorrectly handles spaces in the URL field, leading to an arbitrary operating system command injection. An attacker can send a series of...

CVE-2018-12942

SQL injection vulnerability in the "Users management" functionality in SeedDMS formerly LetoDMS and MyDMS before 5.1.8 allows authenticated attackers to manipulate an SQL query within the application by sending additional SQL commands to the application server. An attacker can use this...

CVE-2018-12941

SeedDMS is affected by a remote code execution/command injection vulnerability (CVE-2018-12941) prior to version 5.1.8. An authenticated user with Settings permissions can manipulate the Cache directory path (cacheDir) to inject arbitrary system commands via the Clear Cache workflow, enabling exe...

CVE-2018-12941

This vulnerability allows remote attackers to execute arbitrary code in SeedDMS formerly LetoDMS and MyDMS before 5.1.8 by adding a system command at the end of the "cacheDir" path and following usage of the "Clear Cache" functionality. This allows an authenticated attacker, with permission to th...

MicroFocus Secure Messaging Gateway Remote Code Execution

This module exploits a SQL injection and command injection vulnerability in MicroFocus Secure Messaging Gateway. An unauthenticated user can execute a terminal command under the context of the web user. One of the user supplied parameters of API endpoint is used by the application without input...

CVE-2018-9276

An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administrator web console with administrative privileges can exploit an OS command injection vulnerability both on the server and on devices by sending malformed parameters in sensor or...

PT-2018-18954 · Paessler · Prtg Network Monitor

Name of the Vulnerable Software and Affected Versions: PRTG Network Monitor versions prior to 18.2.39 Description: An issue was discovered that allows an attacker with access to the PRTG System Administrator web console and administrative privileges to exploit an OS command injection vulnerabilit...

The vulnerability of the apply.cgi component in ASUS’ microprogramming software for routers allows a hacker to execute arbitrary commands with root privileges.

The vulnerability of the apply.cgi component in ASUS router microprogramming systems exists due to the lack of measures taken to neutralize the special elements used in operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using the...