1885 matches found
Vesta Control Panel 0.9.8-26 - Authenticated Remote Code Execution Exploit
Exploit for multiple platform in category web applications This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Vesta Control Panel Authenticated Remote Code Execution", 'Description' = %q This modu...
jscover Command Injection Vulnerability
jscover is a JavaScript code test coverage tool. An injection vulnerability exists in jscover 1.0.0 and earlier versions, which stems from a lack of proper validation of user input data. A remote attacker can exploit the vulnerability to execute arbitrary commands with the help of the 'source'...
CVE-2020-7627
node-key-sender through 1.0.11 is vulnerable to Command Injection. It allows execution of arbitrary commands via the 'arrParams' argument in the 'execute' function...
CVE-2020-10826
/cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve command injection via a remote HTTP request in DEBUG mode...
Cisco SD-WAN Solution vManage Command Injection Vulnerability
Cisco SD-WAN Solution is a set of network extension solutions from Cisco. vManage is a network management system. A command injection vulnerability exists in the Web UI in Cisco SD-WAN Solution vManage Release prior to 19.2.2, which stems from the Web UI failing to properly validate SQL values. A...
Phoenix Contact TC Router / TC Cloud Client Command Injection Vulnerability
Phoenix Contact TC Router and TC Cloud Client versions 2.05.3 and below, 2.03.17 and below, and 1.03.17 and below suffer from authenticated command injection and various other vulnerabilities. ======================================================================= title: Authenticated Command...
CVE-2019-5170
An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.0214. A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially...
MGASA-2020-0082 Updated vim and neovim packages fix security vulnerability
Updated vim and neovim package fixes security vulnerability: It was discovered that Vim before 8.1.1365 and Neovim before 0.3.6 did not restrict the :source! command when executed in a sandbox. This allows remote attackers to take advantage of the modeline feature to inject arbitrary commands whe...
Command injection
An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths...
Cisco FXOS Software Command Injection (cisco-sa-20190306-nxos-cmdinj-1611)
According to its self-reported version, Cisco FXOS Software is affected by a command injection vulnerability due to insufficient validation of arguments passed to certain CLI commands. An authenticated, local attacker with valid administrator credentials can exploit this by including malicious...
Cisco FXOS Software Command Injection Vulnerability (CVE-2019-1779)
According to its self-reported version, Cisco FXOS Software is affected by the vulnerability that allows an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device with elevated privileges. The vulnerability is due to insufficient...
CVE-2019-12690 Cisco Firepower Management Center Command Injection Vulnerability
A vulnerability in the web UI of the Cisco Firepower Management Center FMC could allow an authenticated, remote attacker to inject arbitrary commands that are executed with the privileges of the root user of the underlying operating system. The vulnerability is due to insufficient validation of...
Docker Command Injection Vulnerability
Docker is an open source application container engine from the American company Docker. It supports creating a container lightweight virtual machine and deploying and running applications on Linux systems, as well as automating the installation, deployment and upgrade of applications through...
Command injection
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code...
ZTE ZXHN F670 Command Injection Vulnerability
The ZTE ZXHN F670 is a modem from China's ZTE Corporation ZTE. A command injection vulnerability exists in the ZTE ZXHN F670. An attacker can exploit this vulnerability to execute illegal commands...
Security Bulletin: IBM MQ Appliance is affected by a command injection vulnerability (CVE-2019-4294)
Summary IBM MQ Appliance has addressed the following command injection vulnerability. Vulnerability Details CVEID: CVE-2019-4294 DESCRIPTION: IBM DataPower and IBM MQ Appliance could allow a local attacker to execute arbitrary commands on the system, caused by a command injection vulnerability...
PT-2025-26462
Name of the Vulnerable Software and Affected Versions sar2html versions 3.2.2 and prior Description An OS command injection vulnerability exists due to insufficient input validation when processing the plot parameter in the index.php file. Remote, unauthenticated attackers can inject shell comman...
Xymon useradm Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Xymon useradm Command Execution', 'Description' = %q This module exploits a command injection vulnerability in Xymon versions before 4.3.25 which...
TRENDnet TEW-827DRU Command Injection Vulnerability (CNVD-2019-21269)
The TRENDnet TEW-827DRU is a wireless router from TRENDnet. A command injection vulnerability exists in the apply.cgi file in the TRENDnet TEW-827DRU using firmware prior to version 2.05B11. The vulnerability stems from a network system or product not properly filtering specific elements of...
FaceSentry Access Control System 6.4.8 - Remote Root Exploit
Exploit for hardware platform in category web applications !/usr/bin/env python -- coding: utf-8 -- FaceSentry Access Control System 6.4.8 Remote Root Exploit Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7.2 build 568...