Calibre Web and Autocaliweb have OS Command Injection vulnerability

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Calibre Web, Autocaliweb allows Blind OS Command Injection. This issue affects Calibre Web: 0.6.24 Nicolette; Autocaliweb: from 0.7.0 before 0.7.1...

CVE-2025-7404 Calibre Web 0.6.24 & Autocaliweb 0.7.0 - Blind C

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Calibre Web, Autocaliweb allows Blind OS Command Injection.This issue affects Calibre Web: 0.6.24 Nicolette; Autocaliweb: from 0.7.0 before 0.7.1...

CVE-2024-36060

EnGenius EnStation5-AC A8J-ENS500AC 1.0.0 devices allow blind OS command injection via shell metacharacters in the Ping and Speed Test parameters...

CVE-2024-36060

CVE-2024-36060 affects EnGenius EnStation5-AC A8J-ENS500AC (version 1.0.0). The vulnerability is a blind OS command injection through shell metacharacters in the Ping and Speed Test parameters. CVSSv3.1 base score is 8.8 (HIGH) with adjacent access, no user interaction, and all impact metrics HIG...

CVE-2023-33272

CVE-2023-33272 affects DTS Monitoring 3.57.0. The vulnerability is an OS command injection (blind) in the Ping check function via the ip parameter. CVSS 3.1 base score 9.8 (CRITICAL) with NETWORK attack vector and no privileges required. Exploitation details are not provided in the available docu...

CVE-2020-12513

Pepperl+Fuchs Comtrol IO-Link Master Series is affected by CVE-2020-12513. Vulnerable versions include System 1.36 and Application 1.5.28 (and 1.5.48 and earlier per CVE listing) with an authenticated blind OS Command Injection. Fixed versions are System 1.52 and Application 1.6.11. The vulnerabi...

Mersive Solstice 2.8.0 - Remote Code Execution Exploit

Exploit for hardware platform in category web applications Exploit Title: Mersive Solstice 2.8.0 - Remote Code Execution Exploit Author: Alexandre Teyar Vendor Homepage: https://www2.mersive.com/ Firmware Link: http://www.mersive.com/Support/Releases/SolsticeServer/SGE/Android/2.8.0/Solstice.apk...

Realtek SDK Miniigd UPnP SOAP Command Execution

Different devices using the Realtek SDK with the miniigd daemon are vulnerable to OS command injection in the UPnP SOAP interface. Since it is a blind OS command injection vulnerability, there is no output for the executed command. This module has been tested successfully on a Trendnet TEW-731BR...

VMTurbo Operations Manager 4.6 - 'vmtadmin.cgi' Remote Command Execution (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'VMTurbo Operations Manager 4.6 vmtadmin.cgi Remote Command Execution', 'Description' = %q VMTurbo Operations Manager 4.6 and prior ar...

Linksys WRT54GL apply.cgi Command Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Linksys WRT54GL apply.cgi Command...

Linksys WRT54GL - 'apply.cgi' Command Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Linksys WRT54GL apply.cgi Command...

Linksys E1500/E2500 apply.cgi Remote Command Injection

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Linksys E1500/E2500 apply.cgi Remote...