9789 matches found
CVE-2020-21883
Unibox U-50 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a OS command injection vulnerability in /tools/ping, which can leads to complete device takeover...
Command injection
Unibox U-50 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a OS command injection vulnerability in /tools/ping, which can leads to complete device takeover...
CVE-2020-21883
Affected devices: Unibox U-50 2.4; UniBox Enterprise Series 2.4; UniBox Campus Series 2.4. Vulnerability: OS command injection in /tools/ping. Root cause/impact: The injection allows complete device takeover. Exploit details: Not provided in the supplied documents. Remediation: Not specified in t...
CVE-2020-21883
Unibox U-50 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a OS command injection vulnerability in /tools/ping, which can leads to complete device takeover...
Multiple vulnerabilities in multiple Aterm products
Overview Multiple Aterm products provided by NEC Corporation contain multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2021-20680 OS command injection via UPnP CWE-78 - CVE-2014-8361 CVE-2021-20680 Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this...
Exploit for OS Command Injection in Klogserver Klog_Server
Information Exploit Title: Klog Server 2.4.1 - Command Inject...
JVN#67456944: Multiple vulnerabilities in multiple Aterm products
Multiple Aterm products provided by NEC Corporation contain multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2021-20680 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:M/Au:N/C:N/I:P/A:N| Base Score...
Rockwell Automation FactoryTalk AssetCentre OS Command Injection Vulnerability
Rockwell Automation FactoryTalk AssetCentre is an asset management software tool from Rockwell Automation that allows manufacturers and industrial companies to centrally manage controllers and other automation-related assets. An OS command injection vulnerability exists in Rockwell Automation...
CVE-2021-29083
Improper neutralization of special elements used in an OS command in SYNO.Core.Network.PPPoE in Synology DiskStation Manager DSM before 6.2.3-25426-3 allows remote authenticated users to execute arbitrary code via realname parameter...
Rockwell Automation FactoryTalk AssetCentre
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk AssetCentre Vulnerabilities: OS Command Injection, Deserialization of Untrusted Data, SQL Injection, Improperly Restricted Functions 2. RISK EVALUATION...
OS Command Injection
kill-by-port is vulnerable to OS command injection. An attacker is able to inject and execute arbitrary OS commands due to the passing of untrusted user input to the childprocess.exec function...
BaserCMS OS Command Injection Vulnerability
BaserCMS is an open source enterprise-level content management system cms. An OS command injection vulnerability exists in BaserCMS versions prior to 4.4.5. A remote attacker with administrator privileges can exploit this vulnerability to execute arbitrary OS commands...
CVE-2021-20682
CVE-2021-20682 affects baserCMS versions prior to 4.4.5. The vulnerability is an OS command injection that allows a remote attacker with administrative privileges to execute arbitrary commands. Exploitation details are not explicitly provided in the initial documents; however, multiple CVE record...
JVN#64869876: Multiple vulnerabilities in baserCMS
baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below. Improper Neutralization of JavaScript input in the page editing function CWE-79 - CVE-2021-20681 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4...
Invigo Automatic Device Management Arbitrary OS Command Injection Vulnerability
Invigo Automatic Device Management ADM is a native management tool for cellular operators that enables them to detect, maintain and manage millions of devices cost-effectively and with a high degree of reliability. An arbitrary OS command injection vulnerability exists in /admin/admapi.php in...
Exploit for OS Command Injection in Apache Tomcat
CVE-2019-0232 Vulnerability analysis and PoC for the Apache To...
CVE-2020-10583
CVE-2020-10583 affects Invigo Automatic Device Management (ADM) up to version 5.0. The vulnerability is an arbitrary OS command injection in the /admin/admapi.php script, exploitable by remote authenticated attackers who execute commands on the server as the application user. This is documented a...
CVE-2020-1946 Apache SpamAssassin has an OS Command Injection vulnerability
In Apache SpamAssassin before 3.4.5, malicious rule configuration .cf files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use update channels or 3...
Cisco IOS XE OS Command Injection Vulnerability
Cisco IOS XE is a set of modular operating system based on Linux kernel developed by Cisco for its network equipment. An OS command injection vulnerability exists in ROMMON of Cisco IOS XE. The vulnerability stems from incorrect validation of specific function parameters passed to the startup...
Design/Logic Flaw
APKLeaks is an open-source project for scanning APK file for URIs, endpoints & secrets. APKLeaks prior to v2.0.3 allows remote attackers to execute arbitrary OS commands via package name inside application manifest. An attacker could include arguments that allow unintended commands or code to be...