CVE-2018-19518

University of Washington IMAP Toolkit 2007f on UNIX, as used in imapopen in PHP and other products, launches an rsh command by means of the imaprimap function in c-client/imap4r1.c and the tcpaopen function in osdep/unix/tcpunix.c without preventing argument injection, which might allow remote...

CVE-2018-18772

CentOS-WebPanel.com aka CWP CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=sendssh, as demonstrated by executing an arbitrary OS command...

Command injection

CentOS-WebPanel.com aka CWP CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=sendssh, as demonstrated by executing an arbitrary OS command...

CVE-2018-18772

CentOS-WebPanel.com aka CWP CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=sendssh, as demonstrated by executing an arbitrary OS command...

JVN#65082538: Multiple vulnerabilities in Panasonic BN-SDWBP3

BN-SDWBP3 provided by Panasonic Corporation is a Wi-Fi Reader/Writer for SD Memory Cards. BN-SDWBP3 contains multiple vulnerabilities listed below. Improper Authentication CWE-287 - CVE-2018-0676 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H| Base Score:...

CVE-2018-19073

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. They allow attackers to execute arbitrary OS commands via shell metacharacters in the modelName,...

CVE-2018-19070

The CVE refers to CVE-2018-19070 affecting Foscam C2 devices (System Firmware 1.11.1.8; Application Firmware 2.72.1.32) and Opticam i5 devices (System Firmware 1.5.2.11; Application Firmware 2.21.1.128). The vulnerability allows remote attackers to execute arbitrary OS commands via shell metachar...

Linksys E1200 and E2500 OS Command Injection Vulnerability (CNVD-2019-22779)

The Belkin Linksys E1200 and E2500 are both wireless router products in the E-Series from Belkin USA. An operating system command injection vulnerability exists in the Belkin Linksys E1200 with firmware version 2.0.09 and the Linksys E2500 with firmware version 3.0.04, which can be exploited to...

Roche Diagnostics Point of Care Handheld Medical Devices (Update A)

1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Exploitable with adjacent access/low skill level to exploit --------- Begin Update A Part 1 of 3 -------- Vendor: Roche Diagnostics Equipment: Accu-Chek Inform II, CoaguChek Pro II/XS Plus/XS Pro, cobas h 232 POC handheld medical devices --------- End...

Polycom Command Shell Authorization Bypass

The login component of the Polycom Command Shell on Polycom HDX video endpoints, running software versions 3.0.5 and earlier, is vulnerable to an authorization bypass when simultaneous connections are made to the service, allowing remote network attackers to gain access to a sandboxed telnet prom...

NetGain Enterprise Manager OS Command Injection Vulnerability

NetGain Enterprise Manager EM is a plug-and-play hardware IT infrastructure monitoring and management appliance developed by NetGain Systems. NetGain Enterprise Manager EM before 10.0.57 suffers from an OS command injection vulnerability that can be exploited by a remote authenticated attacker to...

CVE-2018-10587

NetGain Enterprise Manager EM is affected by OS Command Injection vulnerabilities in versions before 10.0.57. These vulnerabilities could allow remote authenticated attackers to inject arbitrary code, resulting in remote code execution...

Command injection

NetGain Enterprise Manager EM is affected by OS Command Injection vulnerabilities in versions before 10.0.57. These vulnerabilities could allow remote authenticated attackers to inject arbitrary code, resulting in remote code execution...

CVE-2018-10587

NetGain Enterprise Manager EM is affected by OS Command Injection vulnerabilities in versions before 10.0.57. These vulnerabilities could allow remote authenticated attackers to inject arbitrary code, resulting in remote code execution...

CVE-2018-10587

NetGain Enterprise Manager EM is affected by OS Command Injection vulnerabilities in versions before 10.0.57. These vulnerabilities could allow remote authenticated attackers to inject arbitrary code, resulting in remote code execution...

Yi Technology Home Camera 27US Firmware Update Code Execution Vulnerability

Summary An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted file can cause a logic flaw and command injection, resulting in code execution. An attacker can insert an SD card to trigger this vulnerability...

CVE-2018-14558

CVE-2018-14558 affects Tenda AC7/AC9/AC10 routers (firmware: AC7 ≤ V15.03.06.44_CN, AC9 ≤ V15.03.05.19(6318)_CN, AC10 ≤ V15.03.06.23_CN). The flaw arises in the formsetUsbUnload function, which calls dosystemCmd with untrusted input via a crafted goform/setUsbUnload request, leading to arbitrary ...

Command injection

SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B devices allow OS Command Injection...

CVE-2018-12670

SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B devices allow OS Command Injection...

CVE-2018-12670

SV3C L-SERIES HD CAMERA OS Command Injection (CVE-2018-12670) affects firmware V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B. The vulnerability stems from the program failing to properly detect/validate user input, allowing an attacker to execute arbitrary OS commands on the d...