Robustel R1510 web_server ajax endpoints OS command injection vulnerabilities

Summary Multiple command injection vulnerabilities exist in the webserver ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities. Tested...

JVN#41017328: HOME SPOT CUBE2 vulnerable to OS command injection

HOME SPOT CUBE2 provided by KDDI CORPORATION contains an OS command injection vulnerability CWE-78 due to improper processing of data received from DHCP server. Impact An arbitrary OS command may be executed on the product if a malicious DHCP server is placed on the WAN side of the product...

Command injection

Marval MSM v14.19.0.12476 is vulnerable to OS Command Injection due to the insecure handling of VBScripts...

CVE-2022-31885

Marval MSM v14.19.0.12476 is vulnerable to OS Command Injection due to the insecure handling of VBScripts...

CVE-2022-31885

Marval MSM v14.19.0.12476 is affected by an OS command injection due to insecure handling of VBScript. CVE-2022-31885 details this vulnerability (NVD/Red Hat/PRION entries). Advisory CPAI-2022-0881 explicitly notes remote code execution could result from exploitation, enabling arbitrary code exec...

CVE-2022-26147

The Quectel RG502Q-EA modem before 2022-02-23 allow OS Command Injection...

Command injection

The Quectel RG502Q-EA modem before 2022-02-23 allow OS Command Injection...

CVE-2022-26147

The Quectel RG502Q-EA modem before 2022-02-23 allow OS Command Injection...

CVE-2022-26147

CVE-2022-26147 affects the Quectel RG502Q-EA modem. The issue is OS command injection arising from the OTA download process, allowing an attacker to execute arbitrary commands with root privileges on the device. The public descriptions consistently note the vulnerability exists before 2022-02-23....

Exploit for OS Command Injection in Tenda Hg9_Firmware

CVE-2022-30023 Authenticated Command Injection on Tenda HG9 R...

CVE-2022-30310 FESTO: CECC-X-M1 and Servo Press Kit YJKP OS Command Injection vulnerability

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-acknerr-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection...

CVE-2022-30308 FESTO: CECC-X-M1 and Servo Press Kit YJKP OS Command Injection vulnerability

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-on" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection...

OS Command Injection in git-promise

All versions of package git-promise is vulnerable to Command Injection due to an inappropriate fix of a prior vulnerability in this package. Note: Please note that the vulnerability will not be fixed. The README file was updated with a warning regarding this issue. Credits @lirantal for discoveri...

OS Command Injection

gogs.io/gogs is vulnerable to OS command injection. The vulnerability exists in isRepositoryGitPath function in repoeditor.go because the styles of os.PathSeparator are not checked properly which allows an attacker to inject and execute os commands...

CVE-2022-1986

CVE-2022-1986 concerns the Go-Gogs Git service (gogs/gogs) prior to 0.12.9. Multiple sources report an OS command injection vulnerability in the file editor component of Gogs, enabling an attacker to inject and execute commands through the editor facility. The issue is described across multiple f...

CVE-2022-1986 OS Command Injection in gogs/gogs

OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9...

CVE-2022-1986 OS Command Injection in gogs/gogs

OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9...

Atlassian Confluence Namespace OGNL Injection Exploit

This Metasploit module exploits an OGNL injection in Atlassian Confluence servers. A specially crafted URI can be used to evaluate an OGNL expression resulting in OS command execution. This module requires Metasploit: https://metasploit.com/download Current source:...

Razer Sila Gaming Router 操作系统命令注入漏洞

The Razer Sila Gaming Router is a router for gaming from Razer USA. The Razer Sila Gaming Router version 2.0.441api-2.0.418 suffers from an operating system command injection vulnerability that stems from the presence of a command injection issue. An attacker could execute arbitrary commands via ...

Atlassian Confluence Namespace OGNL Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Atlassian Confluence Namespace OGNL Injection', 'Description' = %q This module exploits an OGNL injection in Atlassian Confluence servers. A...