SYS.1.3.A14

Die Ausgabe von Informationen ueber das Betriebssystem und der Zugriff auf Protokoll- und Konfigurationsdateien SOLLTE fuer Benutzer auf das notwendige Mass beschraenkt werden. Ausserdem SOLLTEN bei Befehlsaufrufen keine vertraulichen Informationen als Parameter uebergeben werden. Copyright C 202...

NCR Command Center Agent Operating System Command Injection Vulnerability

NCR Aloha Essentials is the mobile POS enabled hardware from NCR USA. It provides an end-to-end restaurant management platform A security vulnerability exists in the CMCAgent in NCR Command Center Agent 16.3, which originates from allowing submission of the runCommand parameter in an XML document...

D-Link DIR-610 Remote Code Execution Vulnerability

The D-Link DIR-610 is a wireless router from AUO D-Link of Taiwan, China. A remote code execution vulnerability exists in the D-Link DIR-610, which arises from a failure of a network system or product to properly filter specific elements of externally entered data during the construction of a cod...

PT-2020-6844

Name of the Vulnerable Software and Affected Versions D-Link DIR-610 devices affected versions not specified Description The issue allows for Remote Command Execution via the cmd parameter to "command.php". This is due to the lack of measures to neutralize special elements used in the operating...

adb-driver injection vulnerability

adb-driver is a universal Android USB driver. An injection vulnerability exists in adb-driver. The vulnerability can be exploited to execute arbitrary commands with the help of the 'command' parameter...

VulnCheck KEV: CVE-2019-17270

Yachtcontrol through 2019-10-06: It's possible to perform direct Operating System commands as an unauthenticated user via the "/pages/systemcall.php?command=COMMAND" page and parameter, where COMMAND will be executed and returning the results to the client. Affects Yachtcontrol webservers...

Remote Code Execution (RCE)

node-df is vulnerable to remote code execution RCE. The attack exists because it does not sanitize the user input before it was concatenated inside the command parameter for execution, allowing an attacker to inject malicious code through it...

CVE-2018-7852

A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when an invalid private command parameter is sent to the controller over Modbus...

PT-2019-11106

Name of the Vulnerable Software and Affected Versions: Modicon M580 affected versions not specified Modicon M340 affected versions not specified Modicon Quantum affected versions not specified Modicon Premium affected versions not specified Description: A denial of service issue exists due to an...

NEC Aterm W300P OS Command Injection Vulnerability (CNVD-2019-01103)

The NEC Aterm W300P is a wireless router from Nippon Electric NEC. An operating system command injection vulnerability exists in the NEC Aterm W300P using firmware version 1.0.13 and earlier. The vulnerability can be exploited to execute arbitrary operating system commands with the help of the...

CVE-2018-0630

Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via sysCmd parameter...

Path traversal Vulnerability in the review attachment resource - CVE-2017-16859

The review attachment resource in Atlassian Fisheye and Crucible before version 4.3.2, from version 4.4.0 before 4.4.3 and before version 4.5.0 allows remote attackers to read files contained within context path of the running application through a path traversal vulnerability in the command...

Moxa EDR-810 Command Injection Vulnerability

The Moxa EDR-810 is an industrial security router with firewall/NAT/VPN and managed Layer 2 switch functionality. It is designed for Ethernet-based security applications in remote control or monitoring networks. A command injection vulnerability exists in the web server functionality of the Moxa...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...

CVE-2017-16602

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...

ILIAS 5.2.4 - Cross-Site Scripting

ILIAS 5.2.4 - Cross-Site Scripting Exploit Title: Cross Site Scripting in ILIAS CMS 5.2.3 Date: Apr 24, 2017 Software Link: https://www.ilias.de Exploit Author: Florian Kunushevci Contact: https://facebook.com/florianx00 CVE: CVE-2018-5688 Category: webapps 1. Description ILIAS before 5.2.4 has X...

The vulnerability of the Jakarta Multipart parser on the Apache Struts software platform allows attackers to execute arbitrary commands.

Vulnerability of the Jakarta Multipart parser on the Apache Struts software platform. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using an altered value of cmd=string in the specially crafted HTTP header Content-Type...

CVE-2016-8277

Huawei USG9520, USG9560, and USG9580 unified security gateways with software before V300R001C01SPCa00 allow remote authenticated users to cause a denial of service device restart via an unspecified command parameter...

CVE-2016-5640

Directory traversal vulnerability in cgi-bin/rftest.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to execute arbitrary commands via a .. dot dot in the ATECOMMAND parameter...

MeshCMS Command Injection Vulnerability

MeshCMS is an online editing system developed by JAVA. The parameter "exportCommand" in the MeshCMS staticexport2.jsp file has command injection. The attacker is able to execute malicious commands...