OpenDreambox 2.0.0 - Remote Code Execution

OpenDreambox 2.0.0 is susceptible to remote code execution via the webadmin plugin. Remote attackers can execute arbitrary OS commands via shell metacharacters in the command parameter to the /script URI in enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py. id: CVE-2017-14135 info: nam...

EUVD-2006-6847

Malware in sbrugna...

EUVD-2012-1063

Malware in sbrugna...

EUVD-2018-12890

Malware in sbrugna...

EUVD-2012-1062

Malware in sbrugna...

CVE-2012-1025

Absolute path traversal vulnerability in file in Enigma2 Webinterface 1.6.0 through 1.6.8, 1.6rc3, and 1.7.0 allows remote attackers to read arbitrary files via a full pathname in the file parameter...

CVE-2021-21266 XXE vulnerability in OpenHAB

openHAB is a vendor and technology agnostic open source automation software for your home. In openHAB before versions 2.5.12 and 3.0.1 the XML external entity XXE attack allows attackers in the same network as the openHAB instance to retrieve internal information like the content of files from th...

Code injection

An issue has been discovered in the OpenWebif plugin through 1.2.4 for Enigma2 based devices. Reading of arbitrary files is possible with /file?action=download&file= followed by a full pathname, and listing of arbitrary directories is possible with /file?action=download&dir= followed by a full...

CVE-2018-20332

An issue has been discovered in the OpenWebif plugin through 1.2.4 for Enigma2 based devices. Reading of arbitrary files is possible with /file?action=download&file= followed by a full pathname, and listing of arbitrary directories is possible with /file?action=download&dir= followed by a full...

CVE-2018-20332

An issue has been discovered in the OpenWebif plugin through 1.2.4 for Enigma2 based devices. Reading of arbitrary files is possible with /file?action=download&file= followed by a full pathname, and listing of arbitrary directories is possible with /file?action=download&dir= followed by a full...

CVE-2018-20332

CVE-2018-20332 affects the OpenWebif plugin (versions up to 1.2.4) on Enigma2-based devices. The issue enables reading of arbitrary files and listing of arbitrary directories via /file?action=download&file=... and /file?action=download&dir=..., related to plugin/controllers/file.py in the e2openp...

CVE-2018-20332

An issue has been discovered in the OpenWebif plugin through 1.2.4 for Enigma2 based devices. Reading of arbitrary files is possible with /file?action=download&file= followed by a full pathname, and listing of arbitrary directories is possible with /file?action=download&dir= followed by a full...

CVE-2017-14135

enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py in the webadmin plugin for opendreambox 2.0.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the command parameter to the /script URI...

CVE-2017-14135

enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py in the webadmin plugin for opendreambox 2.0.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the command parameter to the /script URI...

CVE-2017-14135

Summary: CVE-2017-14135 affects OpenDreambox 2.0.0, specifically the webadmin plugin’s Script.py in enigma2-plugins. The vulnerability allows remote code execution via shell metacharacters in the command parameter to the /script URI, enabling an attacker to run arbitrary OS commands on the target...

Enigma2 Webinterface 1.7.x 1.6.x 1.5.x (linux) Remote File Disclosure

No description provided by source. !/usr/bin/perl Enigma2 Webinterface 1.7.x 1.6.x 1.5.x remote root file disclosure exploit Author: Todor Donev Email me: todor.donev@@gmail.com Platform: Linux Type: remote Gewgle Dork: Enigma2 movielist filetype:rss Enigma2 is a framebuffer-based zapping...

CVE-2012-1025

Absolute path traversal vulnerability in file in Enigma2 Webinterface 1.6.0 through 1.6.8, 1.6rc3, and 1.7.0 allows remote attackers to read arbitrary files via a full pathname in the file parameter...

CVE-2012-1024

Directory traversal vulnerability in file in Enigma2 Webinterface 1.5rc1 and 1.5beta4 allows remote attackers to read arbitrary files via a .. dot dot in the file parameter...

Path traversal

Absolute path traversal vulnerability in file in Enigma2 Webinterface 1.6.0 through 1.6.8, 1.6rc3, and 1.7.0 allows remote attackers to read arbitrary files via a full pathname in the file parameter...

Directory traversal

Directory traversal vulnerability in file in Enigma2 Webinterface 1.5rc1 and 1.5beta4 allows remote attackers to read arbitrary files via a .. dot dot in the file parameter...