9787 matches found
OS Command Injection
foreman-proxy is vulnerable to OS command injection. The path parameter to tftp/fetchbootfile in the TFTP module is not validated and verified, which would allow a remote attacker to inject arbitrary OS commands on the system to be executed in the context of the foreman-proxy process worker...
CVE-2019-6250
A pointer overflow, with code execution, was discovered in ZeroMQ libzmq aka 0MQ 4.2.x and 4.3.x before 4.3.1. A v2decoder.cpp zmq::v2decodert::sizeready integer overflow allows an authenticated attacker to overwrite an arbitrary amount of bytes beyond the bounds of a buffer, which can be leverag...
CVE-2018-0638
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via import.cgi encKey parameter...
CVE-2018-0639
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via toolsfirmware.cgi date parameter, time parameter, and offset parameter...
Design/Logic Flaw
Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via targetAPSsid parameter...
Design/Logic Flaw
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via export.cgi encKey parameter...
Sql injection
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via toolsfirmware.cgi date parameter, time parameter, and offset parameter...
CVE-2018-0636
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via FactoryPassword parameter of a certain URL, different URL from CVE-2018-0634...
CVE-2018-0637
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via export.cgi encKey parameter...
CVE-2018-0634
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via FactoryPassword parameter or bootmode parameter of a certain URL...
CVE-2018-0636
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via FactoryPassword parameter of a certain URL, different URL from CVE-2018-0634...
CVE-2018-0638
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via import.cgi encKey parameter...
CVE-2018-0639
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via toolsfirmware.cgi date parameter, time parameter, and offset parameter...
CVE-2018-0677
CVE-2018-0677 affects Panasonic BN-SDWBP3 firmware versions 1.0.9 and earlier. The JVN entry confirms an OS Command Injection vulnerability exploitable by a user on the same LAN who can access the product with administrative privileges; the exposure is via unspecified vectors, with impact limited...
CVE-2018-0631
CVE-2018-0631 affects the NEC Aterm W300P router (firmware version: Ver1.0.13 and earlier). The vulnerability allows an attacker with administrative privileges to execute arbitrary operating system commands via the targetAPSsid parameter. Underlying issue is a command injection flaw in the device...
CVE-2018-16200
CVE-2018-16200 affects Toshiba Home gateway HEM-GW16A and HEM-GW26A with firmware versions 1.2.9 and earlier. The provided documents indicate an OS command injection vulnerability that allows an attacker on the same network segment to execute arbitrary OS commands on the affected device. The root...
CVE-2018-0638
The CVE-2018-0638 issue affects NEC/Aterm HC100RC devices (firmware Ver1.0.1 and earlier). A local-administrator level attacker can exploit an OS command injection via the import.cgi encKey parameter to execute arbitrary commands on the underlying OS. The vulnerability arises in the product’s web...
CVE-2018-0634
NEC Aterm HC100RC router (Firmware v1.0.1 and earlier) is affected by CVE-2018-0634 and related CVEs. A local attacker with administrator rights can execute arbitrary OS commands by supplying crafted values to the FactoryPassword or bootmode URL parameters. The issue is documented across multiple...
CVE-2018-0637
Aterm HC100RC (NEC) firmware Ver1.0.1 and earlier is affected by CVE-2018-0637 (OS command injection). The vulnerability allows an attacker with administrator privileges to execute arbitrary OS commands via the export.cgi encKey parameter. Impact is execution of commands with high integrity on de...
CVE-2018-0629
Aterm W300P (NEC) firmware Ver1.0.13 and earlier is affected by CVE-2018-0629. The vulnerability is an OS command injection (CWE-78) in the device’s HTTP handling that allows an administrator-level attacker to execute arbitrary commands on the OS via HTTP requests/responses. The impact is elevate...