CVE-2021-3029

EVOLUCARE ECSIMAGING aka ECS Imaging through 6.21.5 has an OS Command Injection vulnerability via shell metacharacters and an IFS manipulation. The parameter "file" on the webpage /showfile.php can be exploited to gain root access. NOTE: This vulnerability only affects products that are no longer...

CVE-2021-3029

EVOLUCARE ECSIMAGING aka ECS Imaging through 6.21.5 has an OS Command Injection vulnerability via shell metacharacters and an IFS manipulation. The parameter "file" on the webpage /showfile.php can be exploited to gain root access. NOTE: This vulnerability only affects products that are no longer...

CVE-2021-3029

EVOLUCARE ECSIMAGING (aka ECS Imaging)

CVE-2021-3029

EVOLUCARE ECSIMAGING aka ECS Imaging through 6.21.5 has an OS Command Injection vulnerability via shell metacharacters and an IFS manipulation. The parameter "file" on the webpage /showfile.php can be exploited to gain root access. NOTE: This vulnerability only affects products that are no longer...

PT-2021-18698 · Evolucare · Evolucare Ecsimaging

Name of the Vulnerable Software and Affected Versions: EVOLUCARE ECSIMAGING aka ECS Imaging versions 6.21.5 and earlier Description: The issue is related to an OS Command Injection vulnerability via shell metacharacters and an IFS manipulation. The file parameter on the webpage "/showfile.php" ca...

CVE-2020-36178

Summary of CVE-2020-36178 : The vulnerability affects TP-Link TL-WR840N devices running 6_EU_0.9.1_4.16 firmware. The issue is caused by the function oal_ipt_addBridgeIsolationRules, where a raw string entered via the web interface (an IP address field) is used directly as input to a system call ...

Klog Server 2.4.1 - Command Injection (Unauthenticated)

Exploit Title: Klog Server 2.4.1 - Command Injection Unauthenticated Date: 22.12.2020 Exploit Author: b3kc4t Mustafa GUNDOGDU Vendor Homepage: https://www.klogserver.com/ Version: 2.4.1 Tested On: Ubuntu 18.04 CVE: 2020-35729 Description:...

JVN#38784555: Multiple vulnerabilities in UNIVERGE SV9500/SV8500 series

Remote system maintenance feature of UNIVERGE SV9500/SV8500 series' Web based remote maintenance console contains multiple vulnerabilities listed below. OS Command Injection CWE-78 - CVE-2020-5685 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H| Base Score...

MTN Group: Blind SQL Injection

hello dear support I have found Blind SQL Injection on https://futexpert.mtngbissau.com/signin/ parameters injectable phonenumber=0&pin=1&submit=Continuar via post URL:https://futexpert.mtngbissau.com/signin/ Post: email=0 my payload :...

CVE-2020-35729

Klog Server 2.4.1 and earlier versions are affected by an unauthenticated command injection in authenticate.php. The vulnerability uses the user parameter, passed to shell_exec(), allowing arbitrary commands as the apache user; the sudoers setup can grant root privileges, enabling full system com...

CVE-2020-35729

KLog Server 2.4.1 allows OS command injection via shell metacharacters in the actions/authenticate.php user parameter...

Updated erlang-rebar3 package fixes security vulnerability

Rebar3 versions 3.0.0-beta.3 to 3.13.2 are vulnerable to OS command injection via URL parameter of dependency specification CVE-2020-13802...

MGASA-2020-0470 Updated erlang-rebar3 package fixes security vulnerability

Rebar3 versions 3.0.0-beta.3 to 3.13.2 are vulnerable to OS command injection via URL parameter of dependency specification CVE-2020-13802...

CVE-2020-35657

Jaws through 1.8.0 allows remote authenticated administrators to execute arbitrary code via crafted use of UploadTheme to upload a theme ZIP archive containing a .php file that is able to execute OS commands. NOTE: this is unrelated to the JAWS aka Job Access With Speech product...

CVE-2020-24581

CVE-2020-24581 affects D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. The issue stems from an execute_cmd.cgi feature (not reachable via the web UI) that allows an authenticated user to execute Operating System commands, enabling potential arbitrary command execution on the ...

SCO Openserver 5.0.7 Command Injection

Exploit Title: SCO Openserver 5.0.7 - 'outputform' Command Injection Google Dork: inurl:/cgi-bin/manlist?section Discovered Date: 04/09/2020 Author: Ramikan Vendor Homepage: https://www.xinuos.com/products/ Software Link: https://www.sco.com/products/openserver507/-overview Affected Version: Test...

CVE-2020-25617

SolarWinds N-Central 12.3.0.670 contains a relative path traversal flaw in the AdvancedScripts HTTP endpoint . An authenticated user can exploit this to execute OS commands as root via the NAC interface, as described across multiple sources (NVD/Red Hat/CNVD listings). The root cause is path trav...

CVE-2020-5639

Directory traversal vulnerability in FileZen versions from V3.0.0 to V4.2.2 allows remote attackers to upload an arbitrary file in a specific directory via unspecified vectors. As a result, an arbitrary OS command may be executed...

Directory traversal

Directory traversal vulnerability in FileZen versions from V3.0.0 to V4.2.2 allows remote attackers to upload an arbitrary file in a specific directory via unspecified vectors. As a result, an arbitrary OS command may be executed...

CVE-2020-5639

FileZen vulnerable to a directory traversal (CWE-22) in versions V3.0.0–V4.2.2, enabling a remote attacker to upload an arbitrary file to a specific directory and potentially execute arbitrary OS commands. Root cause is a directory traversal flaw in the affected FileZen appliances. Remediation pr...