CVE-2020-22000

HomeAutomation 3.3.2 suffers from an authenticated OS command execution vulnerability using custom command v0.1 plugin. This can be exploited with a CSRF vulnerability to execute arbitrary shell commands as the web user via the 'setcommandon' and 'setcommandoff' POST parameters in...

Subreddit Home Automation 操作系统命令注入漏洞

Subreddit Home Automation is an automation device for the Subreddit community. An automated electric light. A security vulnerability exists in Subreddit Home Automation 3.3.2, which stems from authenticated OS command execution in the custom command v0.1 plugin...

CVE-2021-22990

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, on systems with Advanced WAF or BIG-IP ASM provisioned, the Traffic Management User Interface TMUI, also referred to as the...

CVE-2021-22987

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3 when running in Appliance mode, the Traffic Management User Interface TMUI, also referred to as the Configuration utility, has an...

CVE-2021-29069

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects XR450 before 2.3.2.114, XR500 before 2.3.2.114, and WNR2000v5 before 1.0.0.76...

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Authenticated Command Injection

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Authenticated Command Injection Vendor: KZ Broadband Technologies, Ltd. | Jaton Technology, Ltd. Product web page: http://www.kzbtech.com | http://www.jatontec.com | https://www.neotel.mk http://www.jatontec.com/products/show.php?itemid=258...

CVE-2021-28143

/jsonrpc on D-Link DIR-841 3.03 and 3.04 devices allows authenticated command injection via ping, ping6, or traceroute under System Tools...

CVE-2021-3317

KLog Server up to version 2.4.1 is affected by an authenticated command injection vulnerability. The issue arises in async.php, where the source parameter is passed to shell_exec() without proper input validation, allowing an attacker with valid credentials to execute arbitrary commands on the se...

CVE-2020-35794

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBS40V before 2.6.1.4, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25...

CVE-2020-35792

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7500v2 before 1.0.3.48, R8900 before 1.0.5.2, R9000 before 1.0.5.2, and R7800 before 1.0.2.68...

HTTP Authenticated OS Command Injection (CVE-2020-17408; CVE-2020-24916; CVE-2020-25079; CVE-2020-3117; CVE-2020-7049)

A command injection vulnerability exists in web and application servers. Successful exploitation of this vulnerability could result in execution of arbitrary code on the target system...

VulnCheck KEV: CVE-2019-12991

Authenticated Command Injection in Citrix SD-WAN Appliance and NetScaler SD-WAN Appliance...

CVE-2020-12503

Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT all versions and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to...

TP-Link Cloud Cameras NCXXX Bonjour Command Injection

TP-Link cloud cameras NCXXX series NC200, NC210, NC220, NC230, NC250, NC260, NC450 are vulnerable to an authenticated command injection. In all devices except NC210, despite a check on the name length in swSystemSetProductAliasCheck, no other checks are in place in order to prevent shell...

CVE-2020-25079

An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. cgi-bin/ddnsenc.cgi allows authenticated command injection...

CVE-2020-7116

CVE-2020-7116 affects Aruba Networks ClearPass Policy Manager WebUI. An attacker already authenticated to the administrative interface could perform an authenticated command remote execution, leading to remote code execution on the underlying OS. The vulnerability is addressed by fixes in version...

CVE-2020-7117

The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote execution. When the attacker is already authenticated to the administrative interface, they could then exploit the system, leading to remote command execution in the underlying operating system...

CVE-2020-11766

sendfax.php in iFAX AvantFAX before 3.3.6 and HylaFAX Enterprise Web Interface before 0.2.5 allows authenticated Command Injection...

ManageEngine AssetExplorer Authenticated Command Execution

XL-2020-004 - Asset Explorer Windows & Linux - Authenticated Command Execution =============================================================================== Identifiers ------------------------------------------------- CVE-2019-19034 XL-20-004 CVSSv3 score...

TrixBox CE 2.8.0.4 Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'TrixBox CE endpointdevicemap.php Authenticated Command Execution', 'Description' = %q This module exploits an authenticated OS command injection...