CVE-2019-3412

CVE-2019-3412 affects ZTE MF920 devices (BD_R218V2.4 and earlier). The root cause is that certain interfaces do not adequately validate parameters, enabling arbitrary command execution via those interfaces. Public documents consistently describe a pre-existing command-execution vulnerability in M...

Command Execution Vulnerability in DM Enterprise Website System

DM enterprise building system is developed by php + mysql a set of specialized in small and medium-sized enterprise website construction of open source cms. DM enterprise website building system has a command execution vulnerability , attackers can use the vulnerability to obtain server privilege...

HARMAN AMX MVP5150 Command Execution Vulnerability

The Harman AMX MVP5150 is an audio and video system device. A command injection vulnerability exists in the Harman AMX MVP5150 v2.87.13 device, which allows an attacker to perform remote operating system command injection...

PHP-Fusion 9.03.00 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "PHP-Fusion %q This module exploits command execution vulnerability in PHP-Fusion 9.03.00 and prior versions. It is possible to execute commands i...

Kingsoft pdf pc client software has a command execution vulnerability

Kingsoft PDF is by Kingsoft Office Software Limited out of a PDF file format for reading and processing tools. Kingsoft pdf pc client software there are command execution vulnerabilities, the software PC client can allow an attacker to inject executable DLL files in the client process, the...

SUSE-SU-2019:0838-1 Security update for bash

This update for bash fixes the following issues: Security issue fixed: - CVE-2019-9924: Fixed a vulnerability in which shell did not prevent user BASHCMDS allowing the user to execute any command with the permissions of the shell bsc1130324...

Command execution vulnerability in Philips Smart Wireless Speaker web service formUpgradeURL web interface

The Philips Smart Wireless Speaker is an AI-based music player that can be connected to the internet. A command execution vulnerability exists in the Philips Smart Wireless Speaker web service formUpgradeURL web interface, which can be exploited by an attacker to execute commands...

Command Execution Vulnerability in NetShow Sino-British Enterprise Website System v5.6

WebShow Sino-British Enterprise Website System is a simple and easy-to-use website management system developed by WebTech. A command execution vulnerability exists in Nethub Sino-British Enterprise Website System v5.6, which can be exploited by attackers to execute system commands...

Command Execution Vulnerability in YFCMF

YFCMF is a backend content management framework using ThinkPHP 5.1. + foreign ACE 1.40 UI template. YFCMF has a command execution vulnerability that can be exploited by attackers to gain control of the web server...

Router vulnerability-prone, Mirai new variant of the struck-vulnerability warning-the black bar safety net

One, Foreword Recently, Tencent Security Cloud Ding lab to listen to the wind threat perception platform monitoring the discovery A to attack router worm, after analysis, found that this worm is mirai virus new variants, and before mirai viruses, the worms not only by the early generation of mira...

Command Execution Vulnerability in ThinkLC Backend

ThinkLC is a classified information system developed by SaxueCMS. A command execution vulnerability exists in the backend of ThinkLC, which can be exploited by an attacker to upload a Trojan horse file at the upload template in the backend and gain control of the web server...

Opsview Monitor Command Execution Vulnerability (CNVD-2018-17452)

Opsview Monitor is a virtual appliance designed to be deployed in an organization's network infrastructure. It is bundled with a Web management console for monitoring and managing hosts and their services. Opsview Monitor has a command execution vulnerability that allows an attacker to gain acces...

Command execution vulnerability in Fusion K2 router at lanset settings page

The Fusion K2 PSG1218 router is a must-have new generation wireless router for entry-level users. The Fusion K2 router suffers from a command execution vulnerability at the lanset settings page. The vulnerability is due to the backend code failing to properly filter user input ipaddr, which can b...

Command Execution Vulnerability in HP LaserJet Professional P1600 Series Printers

HP LaserJet Professional P1600 is a printer series developed by Hewlett-Packard. A command execution vulnerability exists in the HP LaserJet Professional P1600 series of printers. An attacker could exploit the vulnerability to execute commands and gain server privileges...

s2-016 Command Execution Vulnerability in Skywalker Secure One-Way Import System

Tianxing Security One-way Import System is a network security product of Beijing Tianxing Net Security Information Technology Co., Ltd. for one-way data transmission across security domains. The product consists of importing preamplifier PAS and importing server IAS, which can provide a...

Arbitrary Command Execution

topydo is vulnerable to arbitrary command execution attacks. The library does not sanitize any of the TODO texts that are passed to the command line, allowing a malicious user to pass arbitrary bytes to the command line by prepending the bytes with the \ character...

Command Execution Vulnerability in Panelized Wireless Router OOK-AP121 at Wenzhou Dongkun Technology Co.

Wenzhou Dongkun Technology Co., Ltd. is a set of design, research and development, production, the Internet of things, home LAN wireless communication products and technology as the core of the high-tech enterprises, is committed to the Internet of things home intelligence, information technology...

Command Execution Vulnerabilities in Cicada Knowledge Enterprise Portal System V7.0.1 Backend Templates

Cicada Knowledge Enterprise Portal System is an open source and free enterprise portal system. Cicada Knowledge Enterprise Portal System V7.0.1 command execution vulnerability exists in the background template. An attacker can exploit the vulnerability to gain server privileges...

SUSE-SU-2018:1130-1 Security update for corosync

This update for corosync provides the following fixes: - CVE-2018-1084: Integer overflow in totemcrypto:authenticatenss23 could lead to command execution bsc1089346 - Providing an empty uid or gid results in coroparse adding uid 0. bsc1066585 - Fix a problem that was causing corosync memory to...

Exodus Wallet (ElectronJS Framework) - Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/powershell' class MetasploitModule 'Exodus Wallet ElectronJS Framework remote Code Execution', 'Description' = %q This module exploits a Remote...