CVE-2018-0629

Aterm W300P (NEC) firmware Ver1.0.13 and earlier is affected by CVE-2018-0629. The vulnerability is an OS command injection (CWE-78) in the device’s HTTP handling that allows an administrator-level attacker to execute arbitrary commands on the OS via HTTP requests/responses. The impact is elevate...

CVE-2018-0626

The CVE-2018-0626 entry concerns NEC Aterm WG1200HP routers. Affected firmware: Version 1.0.31 and earlier. Vulnerability: an OS command injection via the sysCmd parameter in formWsc, exploitable by an attacker with administrator rights to execute arbitrary OS commands. Impact is demonstrated as ...

CVE-2018-0637

Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via export.cgi encKey parameter...

Medium: php56, php70, php71, php72

Issue Overview: ext/imap/phpimap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via an empty string in the message argument to the imapmail function.CVE-2018-19935 University of Washington IMAP Toolkit 2007f on...

CVE-2018-20114

On D-Link DIR-818LW Rev.A 2.05.B03 and DIR-860L Rev.B 2.03.B03 devices, unauthenticated remote OS command execution can occur in the soap.cgi service of the cgibin binary via an "&&" substring in the service parameter. NOTE: this issue exists because of an incomplete fix for CVE-2018-6530...

Command injection

On D-Link DIR-818LW Rev.A 2.05.B03 and DIR-860L Rev.B 2.03.B03 devices, unauthenticated remote OS command execution can occur in the soap.cgi service of the cgibin binary via an "&&" substring in the service parameter. NOTE: this issue exists because of an incomplete fix for CVE-2018-6530...

CVE-2018-20114

CVE-2018-20114 affects D-Link DIR-818LW Rev.A 2.05.B03 and DIR-860L Rev.B 2.03.B03. It is tied to an OS command injection in the cgibin soap.cgi service, exploitable via the service parameter containing an ? substring, reflecting an incomplete fix for CVE-2018-6530. Connected documents corrobora...

CVE-2018-20114

On D-Link DIR-818LW Rev.A 2.05.B03 and DIR-860L Rev.B 2.03.B03 devices, unauthenticated remote OS command execution can occur in the soap.cgi service of the cgibin binary via an “&&” substring in the service parameter. NOTE: this issue exists because of an incomplete fix for CVE-2018-6530. Recent...

TOSHIBA Home Gateway HEM-GW26A and TOSHIBA Home Gateway HEM-GW16A Operating System Command Injection Vulnerability

TOSHIBA Home Gateway HEM-GW26A and TOSHIBA Home Gateway HEM-GW16A are both home gateway products from Toshiba Japan. An operating system command injection vulnerability exists in TOSHIBA Home Gateway HEM-GW26A version 1.2.9 and earlier and TOSHIBA Home Gateway HEM-GW16A version 1.2.9 and earlier,...

CVE-2018-19239

TRENDnet TEW-673GRU v1.00b40 devices have an OS command injection vulnerability in the startarpping function of the timer binary, which allows remote attackers to execute arbitrary commands via three parameters dhcpdstart, dhcpdend, and lanipaddr passed to the apply.cgi binary through a POST...

CVE-2018-19239

TRENDnet TEW-673GRU v1.00b40 devices have an OS command injection vulnerability in the startarpping function of the timer binary, which allows remote attackers to execute arbitrary commands via three parameters dhcpdstart, dhcpdend, and lanipaddr passed to the apply.cgi binary through a POST...

CVE-2018-19239

TRENDnet TEW-673GRU router (firmware v1.00b40) contains an OS command injection in the start_arpping function of the timer binary. An attacker can remotely execute commands by crafting a POST to apply.cgi and passing the parameters dhcpd_start, dhcpd_end, and lan_ipaddr. CVE-2018-19239 documents ...

Command injection

The Logitech Harmony Hub before version 4.15.206 is vulnerable to OS command injection via the time update request. A remote server or man in the middle can inject OS commands with a properly formatted response...

CVE-2018-15722

The Logitech Harmony Hub before version 4.15.206 is vulnerable to OS command injection via the time update request. A remote server or man in the middle can inject OS commands with a properly formatted response...

CVE-2018-15722

The Logitech Harmony Hub before version 4.15.206 is vulnerable to OS command injection via the time update request. A remote server or man in the middle can inject OS commands with a properly formatted response...

CVE-2018-15722

CVE-2018-15722 affects the Logitech Harmony Hub prior to version 4.15.206, where an OS command injection vulnerability exists via the time update request. A remote attacker can inject shell commands by sending a crafted response to the time synchronization flow, enabling remote unauthenticated co...

GHSA-9FCP-VCQ9-9H2H OS Command Injection in craftercms:crafter-studio

A Server-Side Template Injection issue was discovered in Crafter CMS 3.0.18. Attackers with developer privileges may execute OS commands by Creating/Editing a template file .ftl filetype that triggers a call to freemarker.template.utility.Execute in the FreeMarker library during rendering of a we...

OS Command Injection in craftercms:crafter-studio

A Server-Side Template Injection issue was discovered in Crafter CMS 3.0.18. Attackers with developer privileges may execute OS commands by Creating/Editing a template file .ftl filetype that triggers a call to freemarker.template.utility.Execute in the FreeMarker library during rendering of a we...

JVN#99810718: Multiple vulnerabilities in Toshiba Lighting & Technology Corporation Home gateway

Home gateway provided by Toshiba Lighting & Technology Corporation contains multiple vulnerabilities listed below. Improper access control CWE-284 - CVE-2018-16197 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L| Base Score: 6.3 CVSS v2|...

CVE-2018-19007

In Geutebrueck GmbH E2 Camera Series versions prior to 1.12.0.25 the DDNS configuration in the Network Configuration panel is vulnerable to an OS system command injection as root...