1033 matches found
Netgear DGN1000 Setup.cgi Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Netgear DGN1000 Setup.cgi Unauthenticated RCE', 'Description' = %q This module exploits an unauthenticated OS command execution vulneralbility in...
Netgear DGN1000 1.1.00.48 - 'Setup.cgi' Remote Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Netgear DGN1000 Setup.cgi Unauthenticated RCE', 'Description' = %q This module exploits an unauthenticated OS command execution vulneralbility in...
Netgear DGN1000 Setup.cgi Unauthenticated RCE
This module exploits an unauthenticated OS command execution vulneralbility in the setup.cgi file in Netgear DGN1000 firmware versions up to 1.1.00.48, and DGN2000v1 models. This module requires Metasploit: https://metasploit.com/download Current source:...
CVE-2017-10813
CG-WLR300NM Firmware version 1.90 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors...
CVE-2017-10813
CVE-2017-10813 affects Corega CG-WLR300NM firmware 1.90 and earlier. The vulnerability is an OS command injection (OS Command Injection, CWE-78) that can be exploited via an attack vector available to users who can access the device’s administrative console, allowing arbitrary OS commands to be e...
CVE-2017-14135
enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py in the webadmin plugin for opendreambox 2.0.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the command parameter to the /script URI...
Design/Logic Flaw
Buffalo WCR-1166DS devices with firmware 1.30 and earlier allow an attacker to execute arbitrary OS commands via unspecified vectors...
CVE-2017-10811
The CVE-2017-10811 entry affects Buffalo WCR-1166DS devices. Firmware versions 1.30 and earlier are vulnerable to an OS command injection (CWE-78) when an attacker with access to the device’s administrative console can trigger arbitrary OS commands. Root cause is an OS command injection flaw. Imp...
CVE-2017-2281
The CVE-2017-2281 entry affects the I-O DATA WN-AX1167GR wireless router. Firmware version 3.00 and earlier contains an OS command injection vulnerability that could allow an attacker with network access to execute arbitrary OS commands on the device via unspecified vectors. Affected product/vari...
CVE-2017-2281
WN-AX1167GR firmware version 3.00 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors...
CVE-2017-2275
WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors...
CVE-2017-2275
WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors...
CVE-2017-2237
The CVE-2017-2237 issue affects Toshiba Home gateway models HEM-GW16A and HEM-GW26A with firmware
CVE-2017-2185
HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via WebUI...
CVE-2017-2185
CVE-2017-2185 affects HOME SPOT CUBE2 firmware v101 and earlier. The vulnerability is an OS command injection in the WebUI that allows an authenticated attacker to execute arbitrary OS commands. Root cause: improper handling of commands in the WebUI, enabling arbitrary command execution when mana...
CVE-2016-7819
CVE-2016-7819 affects I-O DATA TS-WRLP/TS-WRLA devices running firmware 1.01.02 or earlier. An attacker with administrator rights can execute arbitrary OS commands via unspecified vectors, with impact on confidentiality, integrity, and availability. The issue is mitigated by applying the vendor-p...
Command injection
Atlassian SourceTree v2.5c and prior are affected by a command injection in the handling of the sourcetree:// scheme. It will lead to arbitrary OS command execution with a URL substring of sourcetree://cloneRepo/ext:: or sourcetree://checkoutRef/ext:: followed by the command. The Atlassian ID...
CVE-2017-8768
Atlassian SourceTree v2.5c and prior are affected by a command injection in the handling of the sourcetree:// scheme. It will lead to arbitrary OS command execution with a URL substring of sourcetree://cloneRepo/ext:: or sourcetree://checkoutRef/ext:: followed by the command. The Atlassian ID...
Design/Logic Flaw
WNC01WH firmware 1.0.0.9 and earlier allows authenticated attackers to execute arbitrary OS commands via unspecified vectors...
CVE-2017-2128
The CVE-2017-2128 entry relates to the IPA’s Security guide for website operators, where loading specially crafted saved data can cause arbitrary OS command execution (CWE-78). Root cause is an issue in loading saved data that enables command execution; the affected component is the Security guid...