CVE-2019-15800

An issue was discovered on Zyxel GS1900 devices with firmware before 2.50AAHH.0C0. Due to lack of input validation in the cmdsystracerouteexec, cmdsysarpclear, and cmdsyspingexec functions in the libclicmd.so library contained in the firmware, an attacker could leverage these functions to call...

CVE-2019-15348

The Tecno Camon Android device with a build fingerprint of TECNO/H612/TECNO-ID5a:8.1.0/O11019/F-180828V106:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer versionCode=7, versionName=7.0.11. This app contains an exported service named...

Input validation

The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer versionCode=7, versionName=7.0.8. This app contains an exported service named...

CVE-2019-15389

The Haier A6 Android device with a build fingerprint of Haier/A6/A6:8.1.0/O11019/1534219877:userdebug/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer versionCode=7, versionName=7.1.13. This app contains an exported service named...

CVE-2019-15388

CVE-2019-15388 affects Coolpad 1851 devices with Android 8.1.0 where a pre-installed platform app com.lovelyfont.defcontainer exposes an exported service FontCoverService that accepts arbitrary commands and runs them as the system user. The attack requires no privileges and can be triggered by a ...

CVE-2019-15351

The Tecno Camon Android device with a build fingerprint of TECNO/H622/TECNO-ID5b:8.1.0/O11019/G-180829V31:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer versionCode=7, versionName=7.0.11. This app contains an exported service named...

Lovecraft Universal Player suffers from dll hijacking vulnerability

Aqiyi Universal Player is a mainstream video and audio player developed by Aqiyi official independent research and development, supporting most of the mainstream media formats. There is a dll hijacking vulnerability in Aqiyi Universal Player, which can be exploited by an attacker to execute...

Technicolor TD5130.2 - Remote Command Execution

Exploit Title: Technicolor TD5130.2 - Remote Command Execution Date: 2019-11-12 Exploit Author: João Teles Vendor Homepage: https://www.technicolor.com/ Version: TD5130v2 Firmware Version: OIFwV20 CVE : CVE-2019-18396 --------------------------- POST /mntping.cgi HTTP/1.1 Host: HOST User-Agent:...

CVE-2010-3438

libpoe-component-irc-perl before v6.32 does not remove carriage returns and line feeds. This can be used to execute arbitrary IRC commands by passing an argument such as "some text\rQUIT" to the 'privmsg' handler, which would cause the client to disconnect from the server...

CVE-2018-18819

A vulnerability in the web conference chat component of MiCollab, versions 7.3 PR6 7.3.0.601 and earlier, and 8.0 8.0.0.40 through 8.0 SP2 FP2 8.0.2.202, and MiVoice Business Express versions 7.3 PR3 7.3.1.302 and earlier, and 8.0 8.0.0.40 through 8.0 SP2 FP1 8.0.2.202, could allow creation of...

eMerge E3 Access Controller 4.6.07 - Remote Code Execution (Metasploit)

eMerge E3 Access Controller 4.6.07 - Remote Code Execution Metasploit Exploit Title: eMerge E3 Access Controller 4.6.07 - Remote Code Execution Metasploit Google Dork: NA Date: 2018-11-11 Exploit Author: LiquidWorm Vendor Homepage: http://linear-solutions.com/nscfamily/e3-series/ Software Link:...

Linear eMerge E3 Access Controller Command Injection

Nortek Linear eMerge E3 Unauthenticated Remote Root Code Execution Metasploit by Gjoko 'LiquidWorm' Krstic Affected version: 'Linear eMerge E3 Access Controller Command Injection', 'Description' = %q This module exploits a command injection vulnerability in the Linear eMerge E3 Access Controller...

Cisco Small Business RV016, RV042, RV042G, and RV082 Routers Arbitrary Command Execution Vulnerability

A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The attacker must have either a valid credential or an active session token. The vulnerability ...

cpio input validation error vulnerability

cpio is a file backup program and file format for UNIX-like systems. An input validation error vulnerability exists in cpio. The vulnerability originates from a network system or product that does not properly validate input data. A remote attacker can exploit this vulnerability by sending a...

CVE-2019-8109

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can craft a malicious CSRF payload that can result in arbitrary command execution...

CVE-2019-8109

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can craft a malicious CSRF payload that can result in arbitrary command execution...

Trend Micro Apex One Command Injection Vulnerability

Trend Micro Apex One is a suite of endpoint security protection software from Trend Micro that provides automated threat detection and response capabilities. A command injection vulnerability exists in Trend Micro Apex One, which can be exploited by an attacker to execute an illegal command if a...

The vulnerability of the system administration program Sudo arises due to insufficient validation of input data. It allows arbitrary commands to be executed with root privileges.

The vulnerability of the system administration program Sudo exists due to insufficient validation of input data. Exploiting this vulnerability allows an attacker to execute arbitrary commands with root privileges, using the user ID “-1” or “4294967295”...

[ASA-201910-13] pacman: arbitrary command execution

Arch Linux Security Advisory ASA-201910-13 ========================================== Severity: High Date : 2019-10-23 CVE-ID : CVE-2019-18182 CVE-2019-18183 Package : pacman Type : arbitrary command execution Remote : Yes Link : https://security.archlinux.org/AVG-1049 Summary ======= The package...

CVE-2019-13411

An “invalid command” handler issue was discovered in HiNet GPON firmware I040GWR190731. It allows an attacker to execute arbitrary command through port 3097. CVSS 3.0 Base score 10.0. CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H...