141 matches found
Exploit for CVE-2022-28590
CVE-2022-28590 The original discovery and manual PoC is from...
CVE-2021-44882
D-Link device DIR878FW1.30B08Hotfix02 was discovered to contain a command injection vulnerability in the twsystem function. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request...
Command injection
D-Link devices DIR878 DIR878FW1.30B08Hotfix02 and DIR882 DIR882FW1.30B06Hotfix02 were discovered to contain a command injection vulnerability in the system function. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request...
CVE-2021-44880
D-Link devices DIR878 DIR878FW1.30B08Hotfix02 and DIR882 DIR882FW1.30B06Hotfix02 were discovered to contain a command injection vulnerability in the system function. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request...
Command injection
Inim Electronics SmartLiving SmartLAN/G/SI =6.x suffers from an authenticated remote command injection vulnerability. The issue exist due to the 'par' POST parameter not being sanitized when called with the 'testemail' module through web.cgi binary. The vulnerable CGI binary ELF 32-bit LSB...
Command injection
Command Injection in Tenda G0 routers with firmware versions v15.11.0.69039CN and v15.11.0.55876CN , and Tenda G1 and G3 routers with firmware versions v15.11.0.179502CN or v15.11.0.169024CN allows remote attackers to execute arbitrary OS commands via a crafted action/setDebugCfg request. This...
Command injection
Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes glibc's system...
CVE-2021-27710
Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes glibc's system...
Command injection
Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes glibc's system...
CVE-2021-27708
Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes glibc's system...
Exploit for Incorrect Calculation in Google Android
...
The vulnerability of the SPPA-T3000 distributed application server, related to deficiencies in the deserialization mechanism, allows attackers to execute arbitrary code.
The vulnerability of the distributed application server SPPA-T3000 is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially created objects to one of the functions of the system...
Access Control Error Vulnerability in Multiple ABB Products
ABB OPCServer for AC800M and others are products of ABB Switzerland.ABB OPCServer for AC800M is an OPC OLE for Process Control server for AC800M.Control Builder M Professional is a Compact Control Builder. MMSServer for AC800M is an MMS server for AC800M. An Access Control Error vulnerability...
Whatsapp 2.19.216 Remote Code Execution
Exploit Title: Whatsapp 2.19.216 - Remote Code Execution Date: 2019-10-16 Exploit Author: Valerio Brussani @valbrux Vendor Homepage: https://www.whatsapp.com/ Version: include include include typedef uint8t byte; char gadgetp; void libc, lib; //dls iteration for rop int dlcallbackstruct dlphdrinf...
CVE-2019-9117
An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a...
Command injection
An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a...
CVE-2019-9118
An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a...
CVE-2019-9117
An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a...
CVE-2019-7297
An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via shell metacharacters in a crafted /HNAP1 request. This occurs when the GetNetworkTomographyResult function calls the system...
EulerOS Virtualization 2.5.1 : sudo (EulerOS-SA-2018-1380)
According to the version of the sudo package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - It was discovered that the sudo noexec restriction could have been bypassed if application run via sudo executed system, popen, or...