Arbitrary Command Injection

tika-server is vulnerable to arbitrary command injection. When the Tika-server is open to untrusted clients, it allows the attackers to insert arbitrary commands via the header...

Design/Logic Flaw

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD...

CVE-2018-0556

Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors...

JVN#72589538: LXR vulnerable to OS command injection

LXR provided by LXR Project contains an OS command injection vulnerability CWE-78. Impact On a server where the product is running, a remote attacker may execute an arbitrary OS command. Solution Update the Software Update to the latest version according to the information provided by the...

Exodus Wallet (ElectronJS Framework) Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/powershell' class MetasploitModule 'Exodus Wallet ElectronJS Framework remote Code Execution', 'Description' = %q This module exploits a Remote...

TP-Link WVR, WAR and ER Device Arbitrary Command Execution Vulnerability (CNVD-2018-01908)

TP-Link WVR, WAR and ER devices are all different series of router products from China P&L TP-LINK. A security vulnerability exists in the TP-Link WVR, WAR, and ER devices. A remote attacker can exploit the vulnerability by injecting commands into the olmode variable of the interfacewan.lua file ...

TP-Link TL-WVR and TL-WAR Arbitrary Command Execution Vulnerability

TP-Link TL-WVR and TL-WAR are both wireless router products from China P&L TP-LINK. A security vulnerability exists in the TP-Link TL-WVR and TL-WAR. The vulnerability can be exploited by a remote attacker to execute arbitrary commands by sending the admin/wportal command with shell metacharacter...

UBUNTU-CVE-2017-16641

lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the pathrrdtool parameter in an action=save request to settings.php...

Debian: Security Advisory (DSA-4010-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2017-13997

A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. InduSoft Web Studio provides the capability for an HMI client to trigger script execution on the server for the purposes ...

CVE-2017-13997

A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. InduSoft Web Studio provides the capability for an HMI client to trigger script execution on the server for the purposes ...

CVE-2017-13997

A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. InduSoft Web Studio provides the capability for an HMI client to trigger script execution on the server for the purposes ...

JVN#68922465: Backdoor access issue in Wi-Fi STATION L-02F

Wi-Fi STATION L-02F provided by NTT DOCOMO, INC. contains a backdoor access issue. Impact An unauthenticated remote attacker may access the device with the administrative privilege and perform an unintended operation. The reporter has conducted a test and confirmed that an attacker can log in to...

CVE-2017-9800

A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server to attack another...

CVE-2017-1182

IBM Tivoli Monitoring Portal v6 could allow a local network adjacent attacker to execute arbitrary commands on the system, when default client-server default communications, HTTP, are being used. IBM X-Force ID: 123493...

CVE-2017-2141

WN-G300R3 firmware 1.03 and earlier allows attackers with administrator rights to execute arbitrary OS commands via unspecified vectors...

Windows DCE-RPC MIBEntryGet vulnerability (ErraticGopher)

Added: 04/28/2017 Background Distributed Computing Environment - Remote Procedure Call DCE-RPC is the protocol used by Windows operating systems for calling program functions on remote targets. Problem A memory corruption vulnerability in the DCE-RPC MIBEntryGet call could allow remote attackers ...

CVE-2017-6361

QNAP QTS before 4.2.4 Build 20170313 allows attackers to execute arbitrary commands via unspecified vectors...

Geutebruck 5.02024 G-CamEFD-2250 - testaction.cgi Remote Command Execution (Metasploit)

Geutebruck 5.02024 G-CamEFD-2250 - testaction.cgi Remote Command Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Geutebruck testaction.cgi Remote Command...

Cisco WebEx - nativeMessaging Arbitrary Remote Command Execution Vulnerability

Exploit for windows platform in category remote exploits Cisco's WebEx extension jlhmfgmfgeifomenelglieieghnjghma has 20M active users, and is part of Cisco's popular web conferencing software. The extension works on any URL that contains the magic pattern...