CVE-2021-20739

CVE-2021-20739 affects ELECOM WRC-300FEBK, WRC-F300NF, WRC-733FEBK, WRH-300RD, WRH-300BK, WRH-300SV, WRH-300WH, WRH-H300WH, WRH-H300BK, WRH-300BK-S, and WRH-300WH-S. Description: unauthenticated, network-adjacent attacker can execute arbitrary OS commands via unspecified vectors. No exploit detai...

CVE-2021-20739

WRC-300FEBK, WRC-F300NF, WRC-733FEBK, WRH-300RD, WRH-300BK, WRH-300SV, WRH-300WH, WRH-H300WH, WRH-H300BK, WRH-300BK-S, and WRH-300WH-S all versions allows an unauthenticated network-adjacent attacker to execute an arbitrary OS command via unspecified vectors...

FortiMail - OS Command injection

An improper neutralization of special elementsused in an OS Command vulnerability CWE-78 in FortiMail's administrative interface may allow an authenticated attacker to execute unauthorized commands via specifically crafted HTTP requests...

FortiAP - OS command Injection through kdbg CLI command

An instance of improper neutralization of special elements used in an OS Command found in FortiAP's console may allow an authenticated attacker to execute unauthorized commands by running the kdbg CLI command with specifically crafted arguments...

EulerOS Virtualization 3.0.2.2 : ruby (EulerOS-SA-2021-2167)

According to the versions of the ruby packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Onigmo through 6.2.0 has a NULL pointer dereference in onigerrorcodetostr because of fetchtoken in regparse.c.CVE-2019-16161 - Onig...

Visual Tools DVR VX16 4.2.28.0 - OS Command Injection (Unauthenticated)

Exploit Title: Visual Tools DVR VX16 4.2.28.0 - OS Command Injection Unauthenticated Date: 2021-07-05 Exploit Author: Andrea D'Ubaldo Vendor Homepage: https://visual-tools.com/ Version: Visual Tools VX16 v4.2.28.0 Tested on: VX16 Embedded Linux 2.6.35.4. CVE: CVE-2021-42071 Reference:...

Ricon Industrial Cellular Router S9922XL - Remote Command Execution Exploit

Exploit Title: Ricon Industrial Cellular Router S9922XL - Remote Command Execution RCE Exploit Author: LiquidWorm Vendor Homepage: https://www.riconmobile.com !/usr/bin/env python3 -- coding: utf-8 -- Ricon Industrial Cellular Router S9922XL Remote Command Execution Vendor: Ricon Mobile Inc...

Ricon Industrial Cellular Router S9922XL - Remote Command Execution (RCE)

Exploit Title: Ricon Industrial Cellular Router S9922XL - Remote Command Execution RCE Date: 02.07.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.riconmobile.com !/usr/bin/env python3 -- coding: utf-8 -- Ricon Industrial Cellular Router S9922XL Remote Command Execution Vendor: Ricon...

Ricon Industrial Cellular Router S9922XL Remote Command Execution

Summary S9922L series LTE router is designed and manufactured by Ricon Mobile Inc., it based on 3G/LTE cellular network technology with industrial class quality. With its embedded cellular module, it widely used in multiple case like ATM connection, remote office security connection, data...

Design/Logic Flaw

Inkdrop versions prior to v5.3.1 allows an attacker to execute arbitrary OS commands on the system where it runs by loading a file or code snippet containing an invalid iframe into Inkdrop...

CVE-2021-20745

Inkdrop (Markdown editor) is affected by CVE-2021-20745. Prior to v5.3.1, loading a file or code snippet containing an invalid iframe can lead to OS command injection, allowing arbitrary commands on the host. The vulnerability is tied to input handling of iframes. According to sources, affected v...

CVE-2021-20740

CVE-2021-20740 affects Hitachi Virtual File Platform and NEC Storage M Series NAS Gateway NH4x/NH8x. Impact: remote authenticated attacker can execute arbitrary OS commands with root privileges via unspecified vectors. Affected versions: Hitachi VFP < 5.5.3-09 and < 6.4.3-09; NEC M Series N...

CVE-2021-33533 WEIDMUELLER: WLAN devices affected by OS Command Injection vulnerability

In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the iwwebs functionality. A specially crafted iwserverip parameter can cause user input to be reflected in a subsequent iwsystem call, resulting in remote control over the device. ...

OS Command Injection

rssh is vulnerable to OS command injection. Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands...

OS Command Injection

CSV is vulnerable to OS command injection. The vulnerability allows an attacker to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report...

JVN#29949691: Inkdrop vulnerable to OS command injection

Inkdrop provided by Takuya Matsuyama is a Markdown editor. Inkdrop contains an OS command injection vulnerability CWE-78. Impact If a file or code snippet containing an invalid iframe is loaded into Inkdrop, an arbitrary OS command may be executed on the system where it runs. Solution Update the...

CODESYS Control V2 Linux SysFile library

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: CODESYS, GmbH Equipment: CODESYS V2 Runtime Toolkit Vulnerability: OS Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability may allow the control programmer to call...

Moodle spellchecker plugin command execution vulnerability

Summary A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted series of HTTP requests can lead to command execution. An attacker must have administrator privileges to exploit this vulnerabilities. Tested Versions Moodle 3.10 Product...

Hitachi Virtual File Platform vulnerable to OS command injection

Overview Hitachi Virtual File Platform provided by Hitachi contains an OS command injection vulnerability CWE-78 due to a flaw in processing parameters of the HTTP requests. Hiroki MATSUKUMA of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

JVN#21298724: Hitachi Virtual File Platform vulnerable to OS command injection

Hitachi Virtual File Platform provided by Hitachi contains an OS command injection vulnerability CWE-78 due to a flaw in processing parameters of the HTTP requests. Impact A remote attacker who can log in to the product may execute an arbitrary OS command with root privilege. Solution Update the...