Inim Electronics SmartLiving SmartLAN/G/SI <=6.x Root Remote Command Execution

Summary SmartLiving anti-intrusion control panel and security system provides important features rarely found in residential, commercial or industrial application systems of its kind. This optimized-performance control panel provides first-rate features such as: graphic display, text-to-speech,...

CVE-2019-19642

CVE-2019-19642 affects SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68. The vulnerability in the Virtual Media feature allows OS command injection by authenticated attackers who can send HTTP POST requests to the IPMI interface at /rpc/setvmdrive.asp, including shell metach...

OS Command Injection

strapi is vulnerable to OS Command Injection. The vulnerability exists as it does not sanitize nor validate plugin names in installPlugin and uninstallPlugin...

OS Command Injection

ansible is vulnerable to OS command injection. The boot function in solariszone.py accepts an unsanitized zone name into an os.system call which would potentially allow an attacker to inject and execute arbitrary OS commands...

WordPress Plainview Activity Monitor 20161228 Remote Command Execution Exploit

WordPress Plainview Activity Monitor plugin is vulnerable to OS command injection which allows an attacker to remotely execute commands on the underlying system. Application passes unsafe user supplied data to ip parameter into activitiesoverview.php. Privileges are required in order to exploit...

OS Command Injection

Ansible is vulnerable to OS command injection. The attack is possible because the module nxosfilecopy does not validate the remotefile parameter and directly uses the filenames from the parameter to copy files to a flash or bootflash on NXOS devices, allowing an attacker to inject malicious comma...

Mersive Solstice 2.8.0 - Remote Code Execution Exploit

Exploit for hardware platform in category web applications Exploit Title: Mersive Solstice 2.8.0 - Remote Code Execution Exploit Author: Alexandre Teyar Vendor Homepage: https://www2.mersive.com/ Firmware Link: http://www.mersive.com/Support/Releases/SolsticeServer/SGE/Android/2.8.0/Solstice.apk...

Mersive Solstice 2.8.0 - Remote Code Execution

Mersive Solstice 2.8.0 - Remote Code Execution Exploit Title: Mersive Solstice 2.8.0 - Remote Code Execution Google Dork: N/A Date: 2016-12-23 Exploit Author: Alexandre Teyar Vendor Homepage: https://www2.mersive.com/ Firmware Link:...

Mersive Solstice 2.8.0 - Remote Code Execution

Exploit Title: Mersive Solstice 2.8.0 - Remote Code Execution Google Dork: N/A Date: 2016-12-23 Exploit Author: Alexandre Teyar Vendor Homepage: https://www2.mersive.com/ Firmware Link: http://www.mersive.com/Support/Releases/SolsticeServer/SGE/Android/2.8.0/Solstice.apk Versions: 2.8.0 Tested On...

Mersive Solstice 2.8.0 Remote Code Execution

Exploit Title: Mersive Solstice 2.8.0 - Remote Code Execution Google Dork: N/A Date: 2016-12-23 Exploit Author: Alexandre Teyar Vendor Homepage: https://www2.mersive.com/ Firmware Link: http://www.mersive.com/Support/Releases/SolsticeServer/SGE/Android/2.8.0/Solstice.apk Versions: 2.8.0 Tested On...

CVE-2019-14905

A vulnerability in Ansible's nxosfilecopy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues. Mitigation There...

CVE-2019-16242

On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an engineering application named omamock that is vulnerable to OS command injection. An attacker with physical access to the device can abuse this vulnerability to execute arbitrary OS commands as the root user via the application's UI...

CVE-2019-16242

On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an engineering application named omamock that is vulnerable to OS command injection. An attacker with physical access to the device can abuse this vulnerability to execute arbitrary OS commands as the root user via the application's UI...

Command injection

On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an engineering application named omamock that is vulnerable to OS command injection. An attacker with physical access to the device can abuse this vulnerability to execute arbitrary OS commands as the root user via the application's UI...

CVE-2019-16242

CVE-2019-16242 affects the OC engineering app omamock on TCL Alcatel Cingular Flip 2 B9HUAH1. The vulnerability is OS command injection arising from inadequate input handling when constructing OS commands, enabling an attacker with physical access to execute arbitrary commands as root via the app...

CVE-2019-16242

On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an engineering application named omamock that is vulnerable to OS command injection. An attacker with physical access to the device can abuse this vulnerability to execute arbitrary OS commands as the root user via the application's UI...

Security Bulletin: XStream as used by IBM QRadar SIEM is vulnerable to OS command injection (CVE-2019-10173)

Summary XStream as used by IBM QRadar SIEM is vulnerable to OS command injection Vulnerability Details CVEID: CVE-2019-10173 DESCRIPTION: It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been...

Security Bulletin: IBM Security Guardium Database Activity Monitor is affected by OS Command Injection vulnerability (CVE-2016-0236)

Summary IBM Security Guardium Database Activity Monitor could allow an authenticated attacker to injection commands into the search field that will be executed as root. Vulnerability Details CVEID: CVE-2016-0236 DESCRIPTION: IBM Security Guardium Database Activity Monitor could allow an...

Wordpress Plainview Activity Monitor RCE

Plainview Activity Monitor Wordpress plugin is vulnerable to OS command injection which allows an attacker to remotely execute commands on underlying system. Application passes unsafe user supplied data to ip parameter into activitiesoverview.php. Privileges are required in order to exploit this...

CVE-2019-8159

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with system data manipulation privileges can execute aribitrary code through arbitrary file deletion and OS command injection...