CVE-2019-11224

HARMAN AMX MVP5150 v2.87.13 devices allow remote OS Command Injection...

CVE-2019-11224

Summary: CVE-2019-11224 affects Harman AMX MVP5150 devices (v2.87.13). The connected exploit repository documents a remote OS command injection vulnerability through the device’s command handling (notably a Telnet/console context and a vulnerable ping function). Proof-of-concept steps show comman...

CVE-2019-3727

Dell EMC RecoverPoint and RecoverPoint for VMs prior to 5.1.3 and 5.2.0.2, respectively, contain an OS command injection vulnerability in the Boxmgmt CLI installation feature. A local boxmgmt user can potentially execute arbitrary commands as root due to this input handling flaw. The issue is doc...

CVE-2019-3727 OS command injection vulnerability

Dell EMC RecoverPoint versions prior to 5.1.3 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an OS command injection vulnerability in the installation feature of Boxmgmt CLI. A malicious boxmgmt user may potentially be able to execute arbitrary commands as root...

DLink DWL-2600AP - Multiple OS Command Injection Vulnerability

Exploit for hardware platform in category web applications Document Title: =============== D-Link DWL-2600AP - Authenticated OS Command Injection Restore Configuration Product & Service Introduction: =============================== The D-Link DWL-2600AP has a web interface for configuration. You...

Schneider Electric U.Motion Builder 1.3.4 Command Injection

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Schneider Electric U.Motion Builder Vendor URL: www.schneider-electric.com Type: OS Command Injection CWE-78 Date found: 2018-11-15 Date published: 2019-05-13 CVSSv3 Score: 9.8...

D-Link DWL-2600AP - Multiple OS Command Injection

D-Link DWL-2600AP - Multiple OS Command Injection Document Title: =============== D-Link DWL-2600AP - Authenticated OS Command Injection Restore Configuration Product & Service Introduction: =============================== The D-Link DWL-2600AP has a web interface for configuration. You can use a...

D-Link DWL-2600AP - Multiple OS Command Injection

Document Title: =============== D-Link DWL-2600AP - Authenticated OS Command Injection Restore Configuration Product & Service Introduction: =============================== The D-Link DWL-2600AP has a web interface for configuration. You can use any web browser you like to login to the D-Link...

D-Link DWL-2600AP Save Configuration Command Injection Vulnerability

D-Link DWL-2600AP suffers from an authentication OS command injection vulnerability via the save configuration functionality. Document Title: =============== D-Link DWL-2600AP - Authenticated OS Command Injection Save Configuration Product & Service Introduction: =============================== T...

D-Link DWL-2600AP Upgrade Firmware Command Injection

Document Title: =============== D-Link DWL-2600AP - Authenticated OS Command Injection Upgrade Firmware Product & Service Introduction: =============================== The D-Link DWL-2600AP has a web interface for configuration. You can use any web browser you like to login to the D-Link...

OS Command Injection

mailx is vulnerable to OS command injection. A syntactically valid email address could allow a local attacker to execute arbitrary shell commands through shell meta-characters and the direct command execution functionality...

Sierra Wireless AirLink ALEOS (Update B)

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendor: Sierra Wireless Equipment: AirLink ALEOS Vulnerabilities: OS Command Injection, Use of Hard-coded Credentials, Unrestricted Upload of File with Dangerous Type,...

Arbitrary OS Command Execution

librenms is vulnerable to arbitrary OS command execution. The vulnerability exists due to the lack of validation of user's input to gensnmpwalkcmd in capture.inc.php, allowing an attacker to control the output passed to popen command to inject and execute arbitrary OS commands...

Sierra Wireless AirLink ES450 ACEManager iplogging.cgi command injection vulnerability

Summary An exploitable command injection vulnerability exists in the ACEManager iplogging.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can inject arbitrary commands, resulting in arbitrary command execution. An attacker can send an authenticated HT...

Design/Logic Flaw

LibreNMS 1.46 allows remote attackers to execute arbitrary OS commands by using the $POST'community' parameter to html/pages/addhost.inc.php during creation of a new device, and then making a /ajaxoutput.php?id=capture&format=text&type=snmpwalk&hostname=localhost request that triggers...

CVE-2018-20434

LibreNMS 1.46 allows remote attackers to execute arbitrary OS commands by using the $POST'community' parameter to html/pages/addhost.inc.php during creation of a new device, and then making a /ajaxoutput.php?id=capture&format=text&type=snmpwalk&hostname=localhost request that triggers...

CVE-2018-20434

LibreNMS 1.46 allows remote attackers to execute arbitrary OS commands by using the $POST'community' parameter to html/pages/addhost.inc.php during creation of a new device, and then making a /ajaxoutput.php?id=capture&format=text&type=snmpwalk&hostname=localhost request that triggers...

CVE-2019-11444

An issue was discovered in Liferay Portal CE 7.1.2 GA3. An attacker can use Liferay's Groovy script console to execute OS commands. Commands can be executed via a command.execute call, as demonstrated by "def cmd =" in the ServerAdminPortletscript value to group/controlpanel/manage. Valid...

Input validation

DISPUTED An issue was discovered in Liferay Portal CE 7.1.2 GA3. An attacker can use Liferay's Groovy script console to execute OS commands. Commands can be executed via a command.execute call, as demonstrated by "def cmd =" in the ServerAdminPortletscript value to group/controlpanel/manage. Vali...

CVE-2019-11444

An issue was discovered in Liferay Portal CE 7.1.2 GA3. An attacker can use Liferay's Groovy script console to execute OS commands. Commands can be executed via a command.execute call, as demonstrated by "def cmd =" in the ServerAdminPortletscript value to group/controlpanel/manage. Valid...