CVE-2018-19007

The CVE-2018-19007 vulnerability affects Geutebrück GmbH E2 Camera Series before firmware 1.12.0.25. The issue is an OS command injection in the DDNS configuration (Network Configuration panel), allowing an attacker to execute commands as root. Impact is high (confidentiality, integrity, availabi...

Sql injection

A Server-Side Template Injection issue was discovered in Crafter CMS 3.0.18. Attackers with developer privileges may execute OS commands by Creating/Editing a template file .ftl filetype that triggers a call to freemarker.template.utility.Execute in the FreeMarker library during rendering of a we...

CVE-2018-12312

OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "secretkey" URL parameter...

CVE-2018-12307

OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "name" POST parameter...

Command injection

OS command injection in group.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root by modifying the "name" POST parameter...

Command injection

OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "name" POST parameter...

CVE-2018-12317

OS command injection in group.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root by modifying the "name" POST parameter...

CVE-2018-12312

ASUSTOR ADM 3.1.1 contains an OS command injection in user.cgi that allows an attacker to run commands as root via the secret_key URL parameter. Vulnerability is triggered through network exposure to ASUSTOR ADM's web interface, enabling arbitrary command execution with root privileges if the par...

CVE-2018-12316

ASUSTOR ADM is affected by OS Command Injection in upload.cgi in version 3.1.1, where an attacker can modify the filename POST parameter to execute system commands. This is documented across multiple sources (NVD CVE-2018-12316, CNVD-2018-25181, OpenVAS entry) with a CVSS base score high (3.0: 8....

CVE-2018-12313

CVE-2018-12313 affects ASUSTOR ADM 3.1.1: OS command injection in snmp.cgi exploitable without authentication via the rocommunity parameter. Impact: remote code execution with high integrity/availability risk (CVSSv3/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H = 9.8). Affected component: snmp.cgi in ADM;...

CVE-2018-12317

CVE-2018-12317 relates to an OS command injection in ASUSTOR ADM 3.1.1 (group.cgi) that allows an attacker to run arbitrary commands as root by altering the name POST parameter. The vulnerability is described across NVD/CNVD entries as affecting ASUSTOR ADM on the affected NAS devices, with root-...

Moxa NPort W2x50A 2.1 OS Command Injection Vulnerability

Moxa NPort W2x50A products with firmware version 2.1 Build17112017 or lower are vulnerable to several authenticated OS command injection vulnerabilities. Moxa NPort W2x50A products with firmware version 2.1 Build17112017 or lower are vulnerable to several authenticated OS Command Injection...

Moxa NPort W2x50A 2.1 OS Command Injection

Moxa NPort W2x50A products with firmware version 2.1 Build17112017 or lower are vulnerable to several authenticated OS Command Injection vulnerabilities: 1 Authenticated OS Command Injection in web server ping functionality Reserverd CVE ID: CVE-2018-19659 A specially crafted HTTP POST request to...

CVE-2018-19370

A Race condition vulnerability in unzipfile in admin/import/class-import-settings.php in the Yoast SEO wordpress-seo plugin before 9.2.0 for WordPress allows an SEO Manager to perform command execution on the Operating System via a ZIP import...

CVE-2018-19646

The Python CGI scripts in PWS in Imperva SecureSphere 13.0.10, 13.1.10, and 13.2.10 allow remote attackers to execute arbitrary OS commands because command-line arguments are mishandled...

Cisco WebEx Meetings Privilege Escalation

SecureAuth - SecureAuth Labs Advisory http://www.secureauth.com/ Cisco WebEx Meetings Elevation of Privilege Vulnerability 1. Advisory Information Title: Cisco WebEx Meetings Elevation of Privilege Vulnerability Advisory ID: CORE-2018-0011 Advisory URL:...

Command injection

'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance IDPA versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially...

CVE-2018-11077

'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance IDPA versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially...

CVE-2018-11077

CVE-2018-11077 is the information-exposure aspect of the Dell EMC Avamar/IDPA command-injection issue tracked in VDP advisories. The connected VMware VMSA-2018-0029 confirms a separate command-injection flaw in the getlogs utility that can lead to root-level command execution when an authenticate...

CVE-2018-19518

CVE-2018-19518 affects University of Washington IMAP Toolkit (uw-imap) 2007f on UNIX, used by imap_open() in PHP and other apps. The vulnerability arises when imap_rimap (c-client/imap4r1.c) and tcp_aopen (osdep/unix/tcp_unix.c) invoke rsh/ssh with untrusted server input, enabling remote command ...