CVE-2020-8438

Ruckus ZoneFlex R500 104.0.0.0.1347 devices allow an authenticated attacker to execute arbitrary OS commands via the hidden /forms/nslookupHandler form, as demonstrated by the nslookuptarget=|cat$IFS substring...

CVE-2020-8438

Ruckus ZoneFlex R500 104.0.0.0.1347 devices allow an authenticated attacker to execute arbitrary OS commands via the hidden /forms/nslookupHandler form, as demonstrated by the nslookuptarget=|cat$IFS substring...

CVE-2020-8438

The CVE-2020-8438 entry concerns Ruckus ZoneFlex R500 devices (reported as version 104.0.0.0.1347) where an authenticated attacker can execute arbitrary OS commands through the hidden /forms/nslookupHandler form, demonstrated by the nslookuptarget=|cat${IFS} payload. The connected documents provi...

CVE-2019-20215

D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via a urn: to the M-SEARCH method in ssdpcgi in /htdocs/cgibin, because HTTPST is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an attacker t...

Design/Logic Flaw

D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi in /htdocs/cgibin, because REMOTEPORT is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an...

CVE-2019-20217

Affected product: D-Link DIR-859 router (firmware 1.05 and 1.06B01 Beta01). Vulnerabilities concern the ssdpcgi() M-SEARCH handling in /htdocs/cgibin, where the urn: service/device value is parsed with strstr, enabling an attacker to append shell metacharacters and execute arbitrary OS commands. ...

CVE-2019-20215

CVE-2019-20215 affects D-Link DIR-859 firmware 1.05 and 1.06B01 Beta01. It is a remote code execution vulnerability in the ssdpcgi() M-SEARCH handling, where the urn: service/device string is checked via strstr, enabling an attacker to append arbitrary shell commands. Related entries note additio...

CVE-2019-17096

CVE-2019-17096 is a Bitdefender BOX 2 bootstrap command-injection vulnerability. In the bootstrap flow, the device fetches firmware/image data via /api/download_image, which uses get_image_url() to obtain a URL from the Nimbus server and then executes a curl command to download the image. The cod...

MGASA-2020-0060 Updated ansible package fixes security vulnerabilities

A flaw was found in the solariszone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the na...

OS Command Injection

codecov is vulnerable to OS command injection. Lack of validation and sanitization of the gcov-args allows an attacker to inject and execute arbitrary OS commands on the system...

CVE-2019-19824

On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI syscmd.htm is not available. This allows for full control over the device's internals. This affects A3002RU through...

CVE-2019-17096

A OS Command Injection vulnerability in the bootstrap stage of Bitdefender BOX 2 allows the manipulation of the getimageurl function in special circumstances to inject a system command...

CVE-2020-7980

Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI. NOTE: a valid sid cookie for a login to the intellian default account might be needed...

CVE-2019-19838

emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=get-platform-depends to admin/cmdstat.jsp via the uploadFile attribute...

CVE-2019-19839

CVE-2019-19839 affects Ruckus Wireless Unleashed emfd; a remote attacker can execute OS commands by sending a POST to admin/_cmdstat.jsp with xcmd=import-category via the uploadFile attribute. Root cause is improper handling of the xcmd=import-category parameter in emfd, enabling command executio...

CVE-2019-19839

emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=import-category to admin/cmdstat.jsp via the uploadFile attribute...

CVE-2019-19838

CVE-2019-19838 affects Ruckus Wireless Unleashed firmware (emfd) up to and including 200.7.10.102.64. The issue allows remote command execution when an attacker crafts a POST to admin/_cmdstat.jsp with the uploadFile attribute and the xcmd=get-platform-depends parameter, triggering OS commands on...

CVE-2019-19838

emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=get-platform-depends to admin/cmdstat.jsp via the uploadFile attribute...

OS Command Injection

bibtex-ruby is vulnerable to OS command injection. During opening and parsing of the .bib file at a given path, unescaped user data is passed to an unsafe built-in Kernel.open method through BibTeX.open, allowing the execution of arbitrary OS commands...

D-Link DIR-859 Unauthenticated Remote Command Execution Exploit

D-Link DIR-859 Routers are vulnerable to OS command injection via the UPnP interface. The vulnerability exists in /gena.cgi function genacgimain in /htdocs/cgibin, which is accessible without credentials. This module requires Metasploit: https://metasploit.com/download Current source:...