CVE-2019-20501

D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Upgrade Firmware functionality in the Web interface, using shell metacharacters in the admin.cgi?action=upgrade firmwareRestore or firmwareServerip parameter...

CVE-2019-20499

D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Restore Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=configrestore configRestore or configServerip parameter...

Command injection

D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Upgrade Firmware functionality in the Web interface, using shell metacharacters in the admin.cgi?action=upgrade firmwareRestore or firmwareServerip parameter...

Command injection

D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Save Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=configsave configBackup or downloadServerip parameter...

CVE-2019-20500

CVE-2019-20500 affects D-Link DWL-2600AP devices with firmware 4.2.0.15 Rev A. An authenticated OS command injection exists via the Web interface Save Configuration functionality, exploiting shell metacharacters in admin.cgi?action=config_save and related parameters (configBackup or downloadServe...

CVE-2019-20500

D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Save Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=configsave configBackup or downloadServerip parameter...

CVE-2019-20501

D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Upgrade Firmware functionality in the Web interface, using shell metacharacters in the admin.cgi?action=upgrade firmwareRestore or firmwareServerip parameter...

CVE-2020-9380

IPTV Smarters WEB TV PLAYER through 2020-02-22 allows attackers to execute OS commands by uploading a script...

CVE-2020-9380

The CVE-2020-9380 entry concerns IPTV Smarters WEB TV PLAYER prior to 2020-02-22, where uploading a script enables an attacker to execute OS commands. The Red Hat entry and related advisories corroborate the issue description but do not provide product-specific version ranges or remediation steps...

CVE-2020-9380

IPTV Smarters WEB TV PLAYER through 2020-02-22 allows attackers to execute OS commands by uploading a script...

PT-2020-10481 · D Link · D-Link Dwl-2600Ap

Name of the Vulnerable Software and Affected Versions: D-Link DWL-2600AP version 4.2.0.15 Rev A Description: The issue is an authenticated OS command injection vulnerability via the Restore Configuration functionality in the Web interface. This can be exploited by using shell metacharacters in th...

MTN Group: Remote OS Command Execution on Oracle Weblogic server via [CVE-2017-3506]

Summary Hello. I was able to identify RCE vulnerability due to the outdated Oracle Weblogic instance on https://raebilling.mtn.co.za. Steps To Reproduce To reproduce, try this request with BurpSuite This request to the https://raebilling.mtn.co.za/wls-wsat/RegistrationRequesterPortType will trigg...

MTN Group: Remote OS Command Execution on Oracle Weblogic server via [CVE-2017-10271]

Summary Hello. I was able to identify RCE vulnerability due to the outdated Oracle Weblogic instance on https://raebilling.mtn.co.za. Steps To Reproduce To reproduce, launch this request with BurpSuite This request to the https://raebilling.mtn.co.za/wls-wsat/CoordinatorPortType will trigger slee...

Exchange Control Panel Viewstate Deserialization

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'bindata' class MetasploitModule 'Exchange Control Panel Viewstate Deserialization', 'Description' = %q This module exploits a .NET serialization vulnerability i...

JVN#19666251: Multiple vulnerabilities in OpenBlocks IoT VX2

OpenBlocks IoT VX2 provided by Plat'Home Co., Ltd. contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2020-5535 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H| Base Score: 8.8 CVSS v2| AV:A/AC:L/Au:N/C:P/I:P/A:P| Base Score:...

Moxa AWK-3131A Series Industrial AP/Bridge/Client

1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low skill level is needed to exploit/public exploits are available Vendor: Moxa Equipment: Moxa AWK-3131A Vulnerabilities: Improper Access Control, Use of Hard-coded Cryptographic Key, OS Command Injection, Use of Hard-coded...

OS Command Injection

serial-number is vulnerable to OS command injection. The vulnerability exists as the values of cmdPrefix is improperly handled, allowing it to be passed into the exec function unsanitized...

OS Command Injection in Rake

There is an OS command injection vulnerability in Ruby Rake before 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character |...

GHSA-JPPV-GW3R-W3Q8 OS Command Injection in Rake

There is an OS command injection vulnerability in Ruby Rake before 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character |...

CVE-2020-9463

Centreon 19.10 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the serverip field in JSON data in an api/internal.php?object=centreonconfigurationremote request. Recent assessments: kevthehermit at February 28, 2020 7:40pm UTC reported: Centreon is a...