Lucene search
K

457 matches found

CVE
CVE
added 2021/07/20 6:45 p.m.52 views

CVE-2020-25206

CVE-2020-25206 affects Mimosa B5/B5c/C5x firmware up to 2.8.0.2. The web console exposes authenticated command injection in Throughput.php, WANStats.php, PhyStats.php, and QosStats.php endpoints, enabling an attacker with web-console access to execute OS commands and take full control of the devi...

9CVSS7.3AI score0.05312EPSS
Exploits1References3Affected Software1
Metasploit
Metasploit
added 2021/05/04 5:41 p.m.84 views

GravCMS Remote Command Execution

This module exploits arbitrary config write/update vulnerability to achieve remote code execution. Unauthenticated users can execute a terminal command under the context of the web server user. Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify...

9.8CVSS9.4AI score0.80467EPSS
Exploits12
0day.today
0day.today
added 2021/05/04 12:0 a.m.79 views

GravCMS 1.10.7 Remote Command Execution Exploit

This Metasploit module exploits an arbitrary config write/update vulnerability to achieve remote code execution. Unauthenticated users can execute a terminal command under the context of the web server user. Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and...

9.8CVSS0.3AI score0.80467EPSS
Exploits12
CNNVD
CNNVD
added 2021/04/29 12:0 a.m.6 views

China Mobile An Lianbao WF-1 router 操作系统命令注入漏洞

China Mobile An Lianbao WF-1 router is a router from China Mobile China. China Mobile An Lianbao WF-1 router 1.0.1 suffers from an operating system command injection vulnerability, which originates in the api/ZRFirmware/settimezone set time zone interface, that can be exploited by remote attacker...

9.8CVSS8.9AI score0.0327EPSS
Exploits1References4
Packet Storm
Packet Storm
added 2021/04/21 12:0 a.m.321 views

GravCMS 1.10.7 Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GravCMS Remote Command Execution', 'Description' = %q This module exploits arbitrary config write/update vulnerability to achieve remote code...

0.4AI score0.80467EPSS
Exploits12
Cvelist
Cvelist
added 2021/04/07 6:20 p.m.40 views

CVE-2021-21425 Unauthenticated Arbitrary YAML Write/Update leads to Code Execution

Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. In versions 1.10.7 and earlier, an unauthenticated user can execute some methods of administrator controller without needing any credentials. Particular method execution will result in...

9.3CVSS9.7AI score0.80467EPSS
Exploits12References4
OSV
OSV
added 2021/02/16 9:15 p.m.4 views

CVE-2021-27102

Accellion FTA 912411 and earlier is affected by OS command execution via a local web service call. The fixed version is FTA912416 and later...

7.8CVSS7.5AI score0.03654EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/02/16 12:0 a.m.5 views

Accellion FTA 操作系统命令注入漏洞

Accellion File Transfer Appliance FTA is a secure file transfer service that allows users to share and synchronize files online, all encrypted with AES 128/256. An OS command injection vulnerability exists in Accellion FTA 912411 and earlier versions. The vulnerability can be exploited to execute...

7.8CVSS7.5AI score0.03654EPSS
Exploits0References3
OSV
OSV
added 2021/02/15 1:15 p.m.3 views

CVE-2021-25297

Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command...

8.8CVSS7.3AI score0.71737EPSS
Exploits8References7
CNNVD
CNNVD
added 2021/02/15 12:0 a.m.3 views

Nagios XI 安全漏洞

Nagios XI is a commercial monitoring solution built on Nagios Core, including dashboards, web-based configuration, advanced reporting and rich data visualization. An OS command injection vulnerability exists in /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php in Nagio...

9CVSS7.3AI score0.71737EPSS
Exploits7References8
CNNVD
CNNVD
added 2021/02/09 12:0 a.m.9 views

DELL EMC PowerScale 操作系统命令注入漏洞

Dell EMC PowerScale OneFS is an API-powered file system. An OS command injection vulnerability exists in Dell EMC PowerScale OneFS 8.1.0 - 9.1.0. An attacker with the ISIPRIVCLUSTER privilege could exploit this vulnerability to execute arbitrary OS commands on the underlying OS of an application...

7.8CVSS6AI score0.0048EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/02/03 12:0 a.m.5 views

Multiple Cisco Products OS Command Injection Vulnerabilities

The Cisco Small Business RV Series Routers is an RV series router from Cisco. An operating system command injection vulnerability exists in the Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers, which can be exploited by an authenticated, remote attacker to inject arbitra...

9CVSS6AI score0.02975EPSS
Exploits0References2
CNVD
CNVD
added 2021/02/01 12:0 a.m.17 views

LOGITEC CORPORATION LAN-W300N/PGRB Operating System Command Injection Vulnerability

LOGITEC CORPORATION LAN-W300N/PGRB is a wireless router device. LOGITEC CORPORATION LAN-W300N/PGRB is vulnerable to OS command injection, which can be exploited by attackers to execute arbitrary OS commands via unspecified vectors...

7.7CVSS7.1AI score0.00445EPSS
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/01/27 9:31 a.m.3 views

OS command injection vulnerability in multiple Infoscience Corporation log management tools

Overview Infoscience Corporation's multiple log management tools provide an FTP upload function as one of the log collection methods, and is able to set to allow the adminitrators to accept FTP uploads. In a situation where the FTP upload function is enabled and there is a flaw of input value...

9CVSS7.1AI score0.02156EPSS
Exploits0References5
CNNVD
CNNVD
added 2020/12/27 12:0 a.m.8 views

KLog Server OS Command Injection Vulnerability

KLog is ZhaoKaiQiang KLog individual developers of a logging tool for Android development . The tool's main functions are to print line numbers, function calls, Json parsing, XML parsing, click to jump, Log information saved and other functions. KLog Server 2.4.1 suffers from an OS command...

10CVSS7.3AI score0.87987EPSS
Exploits8References10
BDU FSTEC
BDU FSTEC
added 2020/12/22 12:0 a.m.7 views

The vulnerability of the Ansible configuration management system lies in its lack of mechanisms to neutralize special elements used in operating system commands. This allows attackers to escalate their privileges and execute arbitrary code.

The vulnerability of the Ansible configuration management system is related to the lack of measures to neutralize special elements used in the OS command. Exploiting this vulnerability can allow an attacker to enhance their privileges and execute arbitrary code...

7.4CVSS6.9AI score0.00444EPSS
Exploits0References3Affected Software3
NVD
NVD
added 2020/08/06 4:15 p.m.22 views

CVE-2020-7352

The GalaxyClientService component of GOG Galaxy runs with elevated SYSTEM privileges in a Windows environment. Due to the software shipping with embedded, static RSA private key, an attacker with this key material and local user permissions can effectively send any operating system command to the...

8.8CVSS8.6AI score0.03778EPSS
Exploits5References2
Cvelist
Cvelist
added 2020/08/06 3:45 p.m.28 views

CVE-2020-7352 GOG Galaxy GalaxyClientService Privilege Escalation

The GalaxyClientService component of GOG Galaxy runs with elevated SYSTEM privileges in a Windows environment. Due to the software shipping with embedded, static RSA private key, an attacker with this key material and local user permissions can effectively send any operating system command to the...

8.4CVSS8.8AI score0.03778EPSS
Exploits5References2
CNVD
CNVD
added 2020/06/04 12:0 a.m.3 views

IBM Security Guardium OS Command Injection Vulnerability (CNVD-2020-32648)

IBM Security Guardium is a suite of platforms from IBM in the United States that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. IBM Security Guardium suffers from an operating system command injecti...

9CVSS8AI score0.03013EPSS
Exploits0References1
CNVD
CNVD
added 2020/03/12 12:0 a.m.3 views

WAGO PFC200 OS Command Injection Vulnerability (CNVD-2020-19519)

The WAGO PFC200 is a programmable logic controller PLC from WAGO Germany. The WAGO PFC200 suffers from an operating system command injection vulnerability that can be exploited by an attacker to inject operating system commands into the value of the TimeoutPrepared parameter contained in the...

7.2CVSS7.8AI score0.04179EPSS
Exploits1References1
Rows per page
Query Builder