rConfig Remote Code Execution Vulnerability

rConfig is an open source network configuration management utility . A security vulnerability exists in rConfig version 3.9.3, which originates from the program failing to filter before passing the 'path' parameter directly to the 'exec' function. The vulnerability can be exploited by a remote...

Command injection

An issue was discovered in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a GET request to ajaxArchiveFiles.php because the path parameter is passed to the exec function without filtering, which can lead to command execution...

CVE-2019-19509

An issue was discovered in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a GET request to ajaxArchiveFiles.php because the path parameter is passed to the exec function without filtering, which can lead to command execution...

CVE-2019-16663

An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to search.crud.php because the catCommand parameter is passed to the exec function without filtering, which can lead to command execution...

Command injection

An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution...

Command Injection

entitlements is vulnerable to command injection attacks. The application does not properly sanitize user input, allowing a malicious user to pass an arbitrary shell commands through the exec function...

UBUNTU-CVE-2018-13797

The macaddress module before 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec rather than execFile call...

GitStack 2.3.10 Remote Code Execution

Exploit: GitStack 2.3.10 Unauthenticated Remote Code Execution Date: 18.01.2018 Software Link: https://gitstack.com/ Exploit Author: Kacper Szurek Contact: https://twitter.com/KacperSzurek Website: https://security.szurek.pl/ Category: remote 1. Description $SERVER'PHPAUTHPW' is directly passed t...

ownCloud: OS Command Injection via tainted PATH environment variable in findBinaryPath

The PATH environment variable is passed to the find command in owncloud/core/blob/master/lib/private/legacy/helper.php on line 543 is not sanitized for input. If an adversary is able to taint the PATH environment variable, OS command execution is possible utilizing the find command's execute -exe...

CVE-2017-17533

default.tcl in Tkabber 1.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a third party has indicated that the attack cannot occur because of th...

ExpressionEngine: Image lib - unescaped file path

Under ./system/ee/legacy/libraries/Imagelib.php There are function from CodeIgniter to manipulate images. The issue is that the PHP function exec is used two times in two different functions: imageprocessimagemagick and imageprocessnetpbm In both cases the fullsrcpath and fulldstpath are given...

Nextcloud: Nextcloud Server Remote Command Execution

Hy NextCloud Security Team i found a critical vulnerability RCE : Nextcloud Server 11.0.2 is affected by a critical vulnerability, which gives to the attacker complete permission to run a system command. The root cause is insufficient validation of arguments to the exec function. Vulnerable Code...

Remote Code Execution (RCE)

growl is vulnerable to remote code execution RCE. A malicious user can inject and execute arbitrary code due to the lack of sanitization of user input before executing the exec function...

PfSense命令注入漏洞

漏洞简介 该漏洞的编号为CVE-2014-4688，存在于PfSense的2.1.3以及更低版本中。该漏洞源于php程序中没有对用户的输入值进行严格的校验，导致用户恶意输入达到命令执行函数时会产生严重后果。其中，diagdns.php， diagsmart.php， statusrrdgraphimg.php三个脚本文件受到该漏洞的影响。 漏洞分析 在diagdns.php中，用户提交的host值经过处理后将传到dig变量中执行。攻击者通过构造host值执行任意命令。...

HP System Management Homepage JustGetSNMPQueue Command Injection

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "HP System...

HP System Management Homepage JustGetSNMPQueue Command Injection

This Metasploit module exploits a vulnerability found in HP System Management Homepage. By supplying a specially crafted HTTP request, it is possible to control the 'tempfilename' variable in function JustGetSNMPQueue found in ginkgosnmp.inc, which will be used in a exec function. This results in...

PT-2012-1236 · Microsoft · Internet Explorer

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer versions 6 through 9 Description: A use-after-free issue in the CMshtmlEd::Exec function in mshtml.dll allows remote attackers to execute arbitrary code via a crafted web site. This issue has been exploited in the...

Symantec Web Gateway 5.0.2.8 ipchange.php Command Injection

Exploit for php platform in category web applications This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...

Symantec Web Gateway 5.0.2.8 ipchange.php Command Injection

This module exploits a command injection vulnerability found in Symantec Web Gateway's HTTP service due to the insecure usage of the exec function. This module abuses the spywall/ipchange.php file to execute arbitrary OS commands without authentication. This module requires Metasploit:...

PHP code execution vulnerability references summary-vulnerability warning-the black bar safety net

A code execution function In PHP you can execute the Code of the function. Such as eval , assert , theand system and exec and shellexec and passthru and escapeshellcmd and pcntlexec , etc. demo code 1.1: The second file contains the code injection The file containing the function in the specific...