CVE-2019-7384

An authenticated shell command injection issue has been discovered in Raisecom ISCOM HT803G-U, HT803G-W, HT803G-1GE, and HT803G GPON products with the firmware version ISCOMHT803G-U2.0.0140521R4.1.47.002 or below. The value of the fmgponloid parameter is used in a system call inside the boa binar...

MailCleaner Authenticated Command Injection

www/soap/application/MCSoap/Logs.php in MailCleaner Community Edition 2018.08 allows remote attackers to execute arbitrary OS commands. Recent assessments: jrobles-r7 at May 09, 2019 5:57pm UTC reported: Details The /admin/managetracing/search/search endpoint in MailCleaner Community Edition allo...

CVE-2019-3920

The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to authenticated command injection via crafted HTTP request sent by a remote, authenticated attacker to /GponForm/deviceForm?script/...

CVE-2019-3920

CVE-2019-3920 affects Alcatel Lucent I-240W-Q GPON ONT with firmware 3FE54567BOZJ19. The vulnerability is an authenticated command-injection flaw exploitable by a remote, authenticated attacker sending a crafted HTTP request to /GponForm/device_Form?script/. The core impact is authenticated remot...

CVE-2018-19660

CVE-2018-19660 affects Moxa NPort W2x50A devices with firmware prior to 2.2 Build_18082311. The vulnerability resides in the web server functionality and stems from an authenticated OS command injection via a specially crafted HTTP POST to /goform/webSettingProfileSecurity, potentially allowing r...

CVE-2018-19660

An exploitable authenticated command-injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware before 2.2 Build18082311. A specially crafted HTTP POST request to /goform/webSettingProfileSecurity can result in running OS commands as the root user...

NUUO NVRMini2 3.9.1 - Authenticated Command Injection Exploit

Exploit for php platform in category web applications Exploit Title: NUUO NVRMini2 Authenticated Command Injection Exploit Author: Artem Metla Vendor Homepage: https://www.nuuo.com/ProductNode.php?node=2 Version: 3.9.1 Tested on: NUUO NVRMini2 with firmware 3.9.1 CVE : CVE-2018-15716 Advisory:...

Nagios XI < 5.5.7 Multiple Vulnerabilities

Nagios XI is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nagios:nagiosxi"; if description...

CVE-2017-1352

IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to inject commands into work orders that could be executed by another user that downloads the affected file. IBM X-Force ID: 126538...

Kaspersky Anti-Virus for Linux File Server Cross-Site Request Forgery Vulnerability

Kaspersky Anti-Virus for Linux File Server is designed to provide antivirus protection for file servers running under the Linux operating system. A cross-site request forgery vulnerability exists in Kaspersky Anti-Virus for Linux File Server. This allows an attacker to submit authenticated reques...

WN-G300R3 vulnerable to OS command injection

Overview WN-G300R3 provided by I-O DATA DEVICE, INC. contain an OS command injection vulnerability. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...

TrueOnline / ZyXEL P660HN-T v2 Router Authenticated Command Injection

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'TrueOnline / ZyXEL P660HN-T v2 Router Authenticated Command Injection', 'Description' = %q TrueOnline is a major ISP in Thailan...

PT-2025-41460

Name of the Vulnerable Software and Affected Versions AVTECH devices affected versions not specified Description AVTECH devices that include the CloudSetup.cgi management endpoint are susceptible to authenticated OS command injection. The exefile parameter within the ''CloudSetup.cgi'' endpoint i...

CVE-2016-1000216

Ruckus Wireless H500 web management interface authenticated command injection...

acmailer vulnerable to OS command injection

Overview acmailer provided by Seeds Co.,Ltd. contains an OS command injection vulnerability CWE-78. Kazuhiro Shibuta of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...

Xloner v3.1.2 wordpress plugin authenticated command execution and XSS

This advisory is in addition to the one I filed in November http://www.openwall.com/lists/oss-security/2014/11/06/1 that had the following CVEs assigned CVE-2014-8603 CVE-2014-8604 CVE-2014-8605 CVE-2014-8606 CVE-2014-8607, advisory http://www.vapid.dhs.org/advisory.php?v=110. Title: Xloner v3.1....

WordPress Xloner 3.1.2 XSS / Command Execution Vulnerabilities

WordPress Xloner plugin version 3.1.2 suffers from command execution and cross site scripting vulnerabilities. Title: Xloner v3.1.2 wordpress plugin authenticated command execution and XSS Author: Larry W. Cashdollar, @larry0 Date: 2015-05-10 Download Site:...

Wing FTP Server Authenticated Command Execution

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote include Msf::Exploit::CmdStager include Msf::Exploit::Remote::HttpClient def...

Symantec Web Gateway 5.0.28 LFI / Code Execution

Software: Symantec Web Gateway Current Software Version: 5.0.2.8 Product homepage: www.symantec.com Author: S2 Crew Hungary CVE: CVE-2012-0297, CVE-2012-0298, ??? File include: https://192.168.82.207/spywall/previewProxyError.php?err=../../../../../../../../etc/passwd File include and OS command...