CVE-2020-21999

CVE-2020-21999 affects iWT FaceSentry Access Control System (Firmware 6.4.8, 5.7.x) where an authenticated OS command injection is possible via the strInIP POST parameter in pingTest.php. The vulnerability uses default credentials and executes sudo ping with user-supplied input, enabling arbitrar...

Command injection

Inim Electronics SmartLiving SmartLAN/G/SI =6.x suffers from an authenticated remote command injection vulnerability. The issue exist due to the 'par' POST parameter not being sanitized when called with the 'testemail' module through web.cgi binary. The vulnerable CGI binary ELF 32-bit LSB...

CVE-2020-21992

Inim Electronics SmartLiving SmartLAN/G/SI =6.x suffers from an authenticated remote command injection vulnerability. The issue exist due to the 'par' POST parameter not being sanitized when called with the 'testemail' module through web.cgi binary. The vulnerable CGI binary ELF 32-bit LSB...

Vivotek VIVOTEK IP Camera 操作系统命令注入漏洞

Vivotek VIVOTEK IP Camera is an IP camera from Vivotek, Taiwan, China. The IP camera device suffers from an operating system command injection vulnerability, which originates from the NTP Server configuration not being verified with special parameters. This vulnerability can be exploited by a...

CVE-2020-22000

HomeAutomation 3.3.2 suffers from an authenticated OS command execution vulnerability using custom command v0.1 plugin. This can be exploited with a CSRF vulnerability to execute arbitrary shell commands as the web user via the 'setcommandon' and 'setcommandoff' POST parameters in...

CVE-2020-22000

HomeAutomation 3.3.2 suffers from an authenticated OS command execution vulnerability using custom command v0.1 plugin. This can be exploited with a CSRF vulnerability to execute arbitrary shell commands as the web user via the 'setcommandon' and 'setcommandoff' POST parameters in...

Design/Logic Flaw

HomeAutomation 3.3.2 suffers from an authenticated OS command execution vulnerability using custom command v0.1 plugin. This can be exploited with a CSRF vulnerability to execute arbitrary shell commands as the web user via the 'setcommandon' and 'setcommandoff' POST parameters in...

CVE-2020-22000

CVE-2020-22000 affects HomeAutomation 3.3.2. An authenticated OS command execution vulnerability exists in the customcommand v0.1 plugin, exploitable via CSRF to run arbitrary shell commands as the web user through unsanitized PHP exec() calls in /system/systemplugins/customcommand/customcommand....

CVE-2021-20708

NEC Aterm devices Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm WG1200CR firmware Ver1.3.3 and earlier, and Aterm WG2600HS firmware Ver1.5.1 and earlier allow authenticated attackers to execute arbitrary OS commands by sending a specially crafted request to a specific URL...

CVE-2021-20709

Improper validation of integrity check value vulnerability in NEC Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm WG1200CR firmware Ver1.3.3 and earlier, and Aterm WG2600HS firmware Ver1.5.1 and earlier allows an attacker with an administrative privilege to execute arbitrary OS commands by...

Design/Logic Flaw

Aterm WG2600HS firmware Ver1.5.1 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors...

CVE-2021-20711

CVE-2021-20711 affects NEC Aterm WG2600HS firmware (versions 1.5.1 and earlier). The vulnerability enables an attacker to execute arbitrary OS commands via unspecified vectors, with the specific CVE recognized in multiple sources (including JVN and CVE entries). The JVN/CNNVD/CVE records and rela...

CVE-2021-20708

CVE-2021-20708 affects NEC Aterm devices (WF1200CR: v1.3.2 and earlier; WG1200CR: v1.3.3 and earlier; WG2600HS: v1.5.1 and earlier) and allows authenticated attackers to execute arbitrary OS commands by sending a crafted request to a specific URL. Connected sources also reference related CVEs in ...

CVE-2021-20709

Improper validation of integrity check value vulnerability in NEC Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm WG1200CR firmware Ver1.3.3 and earlier, and Aterm WG2600HS firmware Ver1.5.1 and earlier allows an attacker with an administrative privilege to execute arbitrary OS commands by...

Nagios XI 5.5.0-5.7.3 - Snmptrap Authenticated Remote Code Exection

This module exploits an OS command injection vulnerability in includes/components/nxti/index.php that enables an authenticated user with admin privileges to achieve remote code execution as the apache user. The module uploads a simple PHP shell via includes/components/nxti/index.php to...

Nagios XI 5.7.3 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nagios XI 5.5.0-5.7.3 - Snmptrap Authenticated Remote Code Exection', 'Description' = %q This module exploits an OS command injection vulnerabili...

OS Command Injection in Security Analytics

Summary The Symantec Security Analytics web UI is susceptible to an OS command injection vulnerability. A remote unauthenticated attacker, who has access to the Security Analytics web UI, can execute arbitrary OS commands on the target with elevated privileges. Affected Products The following...

OS Command Injection and Improper Input Validation in ansible

A flaw was found in the solariszone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the na...

OS Command Injection

onion-oled-js is vulnerable to OS command injection. An attacker is able to inject and execute arbitrary OS command via the scroll function due to the usage of exec with untrusted user input...

Nagios XI 5.7.3 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nagios XI 5.6.0-5.7.3 - Mibs.php Authenticated Remote Code Exection', 'Description' = %q This module exploits CVE-2020-5791, an OS command...