9 matches found
CVE-2019-5170
An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.0214. A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially...
Command injection
An exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file can cause arbitrary busybox commands to be executed, resulting in remote control over the device. An attacker...
CVE-2018-3963
An exploitable command injection vulnerability exists in the DHCP daemon configuration of the CUJO Smart Firewall. When adding a new static DHCP address, its corresponding hostname is inserted into the dhcpd.conf file without prior sanitization, allowing for arbitrary execution of system commands...
CVE-2018-4020
An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to send authenticated...
CVE-2017-12121
An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the rsakey\name= parm in the...
Command injection
An exploitable command injection vulnerability exists in the gplotMakeOutput function of Leptonica 1.74.4. A specially crafted gplot rootname argument can cause a command injection resulting in arbitrary code execution. An attacker can provide a malicious path as input to an application that pass...
CVE-2018-3836
An exploitable command injection vulnerability exists in the gplotMakeOutput function of Leptonica 1.74.4. A specially crafted gplot rootname argument can cause a command injection resulting in arbitrary code execution. An attacker can provide a malicious path as input to an application that pass...
HomeFtp 1.1 (NLST) Denial of Service Vulnerability
Exploit for unknown platform in category dos / poc ================================================== HomeFtp 1.1 NLST Denial of Service Vulnerability ================================================== / HomeFtp v1.1 Denial of Service original advisory: http://kapda.ir/advisory-202.html...
Denial of Service vulnerability in GoodTech SMTP Server for Windows NT/2000/XP version 5.14
Summary: Denial of Service vulnerability in GoodTech SMTP Server for Windows NT/2000/XP version 5.14 http://www.goodtechsys.com/ Details: Input to the RCPT TO command is not properly checked and/or filtered. Issuing a single character 'A' as an argument to the RCTP TO command will cause the smtpd...