Acronis: SQL injection in https://www.acronis.cz/ via the log parameter

I have discovered a SQL injection in https://www.acronis.cz/ using the POST request via the log parameter. Using sqlmap, I have retrieved the current user: 'uacronis@localhost'' The command used: sqlmap -p log -r request-cz.txt --current-user --level=2 --risk=2 I did not perform any other actions...

CVE-2021-26724

OS Command Injection vulnerability when changing date settings or hostname using web GUI of Nozomi Networks Guardian and CMC allows authenticated administrators to perform remote code execution. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. Nozomi...

CVE-2021-26724

The CVE-2021-26724 issue is an OS Command Injection in Nozomi Networks Guardian and CMC web GUI that allows authenticated administrators to run arbitrary OS commands, enabling remote code execution. Affected: Guardian and CMC up to version 20.0.7.3. Root cause: improper handling of date/hostname ...

CVE-2021-26724 Authenticated command injection when changing date settings or hostname in Guardian/CMC before 20.0.7.4

OS Command Injection vulnerability when changing date settings or hostname using web GUI of Nozomi Networks Guardian and CMC allows authenticated administrators to perform remote code execution. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. Nozomi...

OS Command Injection

Overview Affected versions of the async-git package allow OS Command Injection via shell metacharacters, as demonstrated by git.reset and git.tag. Recommendation Upgrade to version 1.13.2 or later. References - CVE - GitHub Advisory...

CVE-2021-3149

On Netshield NANO 25 10.2.18 devices, /usr/local/webmin/System/manualping.cgi allows OS command injection after authentication by the attacker because the system C library function is used unsafely...

CVE-2021-3149

On Netshield NANO 25 10.2.18 devices, /usr/local/webmin/System/manualping.cgi allows OS command injection after authentication by the attacker because the system C library function is used unsafely...

Command injection

On Netshield NANO 25 10.2.18 devices, /usr/local/webmin/System/manualping.cgi allows OS command injection after authentication by the attacker because the system C library function is used unsafely...

CVE-2021-3149

On Netshield NANO 25 10.2.18 devices, /usr/local/webmin/System/manualping.cgi allows OS command injection after authentication by the attacker because the system C library function is used unsafely...

CVE-2021-3149

CVE-2021-3149 affects Netshield NANO 25 devices running 10.2.18. The issue is an OS command injection via /usr/local/webmin/System/manual_ping.cgi after authentication, caused by unsafe use of a C library function. Public documents in the set confirm affected product, vulnerable component/file, a...

Cyber Criminals Exploit Accellion FTA for Data Theft and Extortion

Starting in mid-December 2020, malicious actors that Mandiant tracks as UNC2546 exploited multiple zero-day vulnerabilities in Accellion’s legacy File Transfer Appliance FTA to install a newly discovered web shell named DEWMODE. The motivation of UNC2546 was not immediately apparent, but starting...

PT-2021-17115 · Nozomi Networks · Nozomi Networks Cmc +1

Name of the Vulnerable Software and Affected Versions: Nozomi Networks Guardian versions 20.0.7.3 and prior versions Nozomi Networks CMC versions 20.0.7.3 and prior versions Description: The issue is an OS Command Injection vulnerability that occurs when changing date settings or hostname using t...

NeDi OS Command Injection Vulnerability

NeDi is an open source software tool that discovers, maps and inventories network devices and tracks connected end nodes. NeDi 1.9C suffers from an OS command injection vulnerability. The vulnerability can be exploited to execute OS commands in the Nodes Traffic function of endpoint...

Exploit for OS Command Injection in Alleghenycreative Openrepeater

CVE-2019-25024 OpenRepeater ORP / Unauthenticated Command...

Command Injection

async-git is vulnerable to command injection. An attacker is able to inject malicious OS command to the system shell via the getter function in the index.js file...

Nagios XI OS Command Injection Vulnerability

Nagios XI is a commercial monitoring solution built on Nagios Core, including dashboards, web-based configuration, advanced reporting and rich data visualization. An OS command injection vulnerability exists in /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php in Nagios XI...

Nagios XI OS Command Injection Vulnerability (CNVD-2021-11072)

Nagios XI is a commercial monitoring solution built on Nagios Core, including dashboards, web-based configuration, advanced reporting and rich data visualization. An OS command injection vulnerability exists in /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php in Nagios XI...

JVN#37417423: Multiple vulnerabilities in SolarView Compact

SolarView Compact provided by Contec Co., Ltd. contains multiple vulnerabilities listed below. Exposure of information through directory listing CWE-548 - CVE-2021-20656 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N| Base Score: 3.5 CVSS v2|...

FileZen OS Command Injection Vulnerability

FileZen is a device for secure file transfer and sharing via email or web interface. An OS command injection vulnerability exists in FileZen 3.0.0 - 4.2.7, 5.0.0 - 5.0.2. A remote attacker with administrator privileges can exploit this vulnerability to execute arbitrary OS commands...

Accellion FTA OS Command Injection Vulnerability

Accellion File Transfer Appliance FTA is a secure file transfer service that allows users to share and synchronize files online, all encrypted with AES 128/256. An OS command injection vulnerability exists in Accellion FTA 912370 and earlier versions. An attacker can exploit this vulnerability by...