276 matches found
CISA Warns of Flaws in Siemens, GE Digital, and Contec Industrial Control Systems
The U.S. Cybersecurity and Infrastructure Security Agency CISA has published four Industrial Control Systems ICS advisories, calling out several security flaws affecting products from Siemens, GE Digital, and Contec. The most critical of the issues have been identified in Siemens SINEC INS that...
EUVD-2022-51947
The webserver in Delta DX-3021 versions prior to 1.24 is vulnerable to command injection through the network diagnosis page. This vulnerability could allow a remote unauthenticated user to add files, delete files, and change file permissions...
CVE-2023-22598
InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection'. An unauthorized user with privileged access to the...
CVE-2022-44567
A command injection vulnerability exists in Rocket.Chat-Desktop 3.8.14 that could allow an attacker to pass a malicious url of openInternalVideoChatWindow to shell.openExternal, which may lead to remote code execution internalVideoChatWindow.tsL17. To exploit the vulnerability, the internal video...
CVE-2022-39265 Mail settings' command parameter injection in mybb
MyBB is a free and open source forum software. The Mail Settings → Additional Parameters for PHP's mail function mailparameters setting value, in connection with the configured mail program's options and behavior, may allow access to sensitive information and Remote Code Execution RCE. The...
PT-2022-1561 · D Link · Di-7200Gv2.E1
Name of the Vulnerable Software and Affected Versions: D-Link device DI-7200GV2.E1 version 21.04.09E1 Description: The issue is related to a command injection vulnerability in the usb paswd.asp function. This vulnerability allows attackers to execute arbitrary commands via the name parameter. The...
Exploit for OS Command Injection in Zeroshell
CVE-2019-12725 CVE-2019-12725: ZeroS...
CVE-2020-25506
D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injection in the systemmgr.cgi component, which can lead to remote arbitrary code execution...
Exploit for OS Command Injection in Webmin
CVE-2019-12840POC PoC for Webmin Package Update Au...
OS Command Injection
vim is vulnerable to OS command injection. The :source! command in a modeline allows remote attackers to execute arbitrary OS commands...
MailCleaner Authenticated Command Injection
www/soap/application/MCSoap/Logs.php in MailCleaner Community Edition 2018.08 allows remote attackers to execute arbitrary OS commands. Recent assessments: jrobles-r7 at May 09, 2019 5:57pm UTC reported: Details The /admin/managetracing/search/search endpoint in MailCleaner Community Edition allo...
Trend Micro InterScan Web Security Virtual Appliance ConfigIPNetwork saveNetworkConfiguration isDHCP6_data Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within ConfigIPNetwork's saveNetworkConfiguration method. A...
Persistent Systems Client Automation - Command Injection Remote Code Execution (Metasploit)
Persistent Systems Client Automation - Command Injection Remote Code Execution Metasploit Exploit Title: Persistent Systems Client Automation PSCA, formerly HPCA or Radia Command Injection Remote Code Execution Vulnerability Date: 2014-10-01 Exploit Author: Ben Turner Vendor Homepage: Previosuly...
Easy FTP Pro 4.2 iOS - Command Injection
Easy FTP Pro 4.2 iOS - Command Injection Document Title: =============== Easy FTP Pro v4.2 iOS - Command Inject Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1291 Release Date: ============= 2014-08-06 Vulnerability Laboratory ID VL-ID:...
GLSA-200803-06 : SWORD: Shell command injection
The remote host is affected by the vulnerability described in GLSA-200803-06 SWORD: Shell command injection Dan Dennison reported that the diatheke.pl script used in SWORD does not properly sanitize shell meta-characters in the 'range' parameter before processing it. Impact : A remote attacker...
My_eGallery Module 3.1.1 - Remote File Inclusion Command Injection
source: https://www.securityfocus.com/bid/9113/info A problem has been identified in the handling of input by MyeGallery. Because of this, it may be possible for a remote user to gain unauthorized access to a system using the vulnerable software. MyeGallery exploit Spawn bash style Shell with...