Open-AudIT Multiple Vulnerabilities

Advisory ID Internal CORE-2020-0009 1. Advisory Information Title: Open-AudIT Multiple Vulnerabilities Advisory ID: CORE-2020-0009 Advisory URL: https://www.coresecurity.com/advisories/open-audit-multiple-vulnerabilities Date published: 2020-04-27 Date of last update: 2020-04-24 Vendors...

OS Command Injection

npm-programmatic is vulnerable to OS command injection. The packages and option properties are concatenated and directly passed to an exec function...

CVE-2020-7350

CVE-2020-7350 affects Rapid7 Metasploit Framework libnotify plugin. Versions before 5.0.85 allow OS command injection via untrusted data in a remote hostname/service name; an attacker must supply a crafted file processed by db_import to trigger code execution on the operator’s terminal. A fix was...

NETGEAR D3600, D6000 and XR500 OS Command Injection Vulnerability (CNVD-2020-27257)

NETGEAR D3600 and others are products of NETGEAR Corporation.NETGEAR D3600 is a wireless modem.NETGEAR D6000 is a wireless modem.NETGEAR XR500 is a wireless router.NETGEAR XR500 is a wireless router. An operating system command injection vulnerability exists in the NETGEAR D3600 prior to version...

NETGEAR R7800 and XR500 OS Command Injection Vulnerability (CNVD-2020-27261)

The NETGEAR XR500 and NETGEAR R7800 are both wireless routers from NETGEAR. An operating system command injection vulnerability exists in the NETGEAR R7800 prior to version 1.0.2.60 and the XR500 prior to version 2.3.2.32, which can be exploited by an attacker to execute illegal operating system...

CVE-2020-7350

Rapid7 Metasploit Framework versions before 5.0.85 suffers from an instance of CWE-78: OS Command Injection, wherein the libnotify plugin accepts untrusted user-supplied data via a remote computer’s hostname or service name. An attacker can create a specially-crafted hostname or service name to b...

CVE-2020-9004

CVE-2020-9004 describes a remote authenticated authorization-bypass in Wowza Streaming Engine (versions 4.8.0 and earlier) where a read-only user could issue requests to the admin panel to change functionality, including activating the Java JMX port in unauthenticated mode and executing OS comman...

CVE-2020-9478

An issue was discovered in Rubrik 5.0.3-2296. An OS command injection vulnerability allows an authenticated attacker to remotely execute arbitrary code on Rubrik-managed systems...

Command injection

An issue was discovered in Rubrik 5.0.3-2296. An OS command injection vulnerability allows an authenticated attacker to remotely execute arbitrary code on Rubrik-managed systems...

CVE-2020-9478

An issue was discovered in Rubrik 5.0.3-2296. An OS command injection vulnerability allows an authenticated attacker to remotely execute arbitrary code on Rubrik-managed systems...

CVE-2020-9478

CVE-2020-9478 affects Rubrik 5.0.3-2296. The vulnerability is an OS command injection that permits an authenticated attacker to remotely execute arbitrary code on Rubrik-managed systems. Exploitation details, affected components beyond the product/version, and concrete remediation steps are not p...

OS Command Injection

clamscan is vulnerable to OS command injection. An attacker is able to inject and execute arbitrary OS commands on the system via the isclamavbinary function in index.js...

CVE-2020-6765

D-Link DSL-GS225 J1 AU1.0.4 devices allow an admin to execute OS commands by placing shell metacharacters after a supported CLI command, as demonstrated by ping -c1 127.0.0.1; cat/etc/passwd. The CLI is reachable by TELNET...

CVE-2020-6765

D-Link DSL-GS225 J1 AU1.0.4 devices allow an admin to execute OS commands by placing shell metacharacters after a supported CLI command, as demonstrated by ping -c1 127.0.0.1; cat/etc/passwd. The CLI is reachable by TELNET...

CVE-2020-6765

CVE-2020-6765 affects D-Link DSL-GS225 J1 AU_1.0.4 where an admin can execute OS commands by placing shell metacharacters after a supported CLI command; the CLI is reachable via TELNET. The issue is a command-injection vulnerability in the device’s CLI parsing. The provided documents do not speci...

OS Command Injection

cacti is vulnerable to OS command injection. Multiple command injection flaws were discovered in Cacti. An authenticated user with certain administrative privileges could use these flaws to execute arbitrary commands on the Cacti server with the privileges of the web server user...

OS Command Injection

clamscan is vulnerable to OS Command Injection. The vulnerability exists through the isclamavbinary function in index.js...

OS Command Injection

apiconnect-cli-plugins is vulnerable to OS command injection. The vulnerability exists the values of pluginUri is not sanitized and can be controlled by users...

CVE-2020-11581

An issue was discovered in Pulse Secure Pulse Connect Secure PCS through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, allows a man-in-the-middle attacker to perform OS command injection attacks against a client via shell...

Command injection

An issue was discovered in Pulse Secure Pulse Connect Secure PCS through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, allows a man-in-the-middle attacker to perform OS command injection attacks against a client via shell...