CVE-2018-12670

SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B devices allow OS Command Injection...

CVE-2018-3953

Devices in the Linksys ESeries line of routers Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04 are susceptible to OS command injection vulnerabilities due to improper filtering of data passed to and retrieved from NVRAM. Data entered into the 'Router Name' input...

Command injection

Devices in the Linksys ESeries line of routers Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04 are susceptible to OS command injection vulnerabilities due to improper filtering of data passed to and retrieved from NVRAM. Data entered into the 'Router Name' input...

Command injection

Devices in the Linksys ESeries line of routers Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04 are susceptible to OS command injection vulnerabilities due to improper filtering of data passed to and retrieved from NVRAMData entered into the 'Router Name' input fiel...

CVE-2018-3954

CVE-2018-3954 affects Linksys E-Series routers (E1200 with firmware 2.0.09 and E2500 with firmware 3.0.04). The vulnerability arises from OS command injection via data stored in NVRAM and referenced from the Router Name input, processed through apply.cgi into the machine_name parameter. The prein...

CVE-2018-3953

CVE-2018-3953/3954/3955 affects Linksys E-Series (E1200 v2.0.09; E2500 v3.0.04). Root cause: OS command injection via nvram_get/nvram_set path triggered after data from the web portal’s Router Name, written to NVRAM and then executed in preinit/start_lltd, affecting hostname and related domain na...

CVE-2018-3953

Devices in the Linksys ESeries line of routers Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04 are susceptible to OS command injection vulnerabilities due to improper filtering of data passed to and retrieved from NVRAM. Data entered into the 'Router Name' input...

Linksys ESeries multiple OS command injection vulnerabilities

Summary Multiple exploitable operating system command injections exist in the Linksys ESeries line of routers. Specially crafted entries to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An attacker can send an...

CVE-2018-17532

Teltonika RUT9XX routers with firmware before 00.04.233 are prone to multiple unauthenticated OS command injection vulnerabilities in autologin.cgi and hotspotlogin.cgi due to insufficient user input sanitization. This allows remote attackers to execute arbitrary commands with root privileges...

JVN#95355683: Multiple vulnerabilities in FileZen

FileZen provided by Soliton Systems K.K. is an appliance for secure file transfer and sharing by mail or an web interface. FileZen contains multiple vulnerabilities listed below. Directory traversal CWE-22 - CVE-2018-0693 Version| Vector| Score ---|---|--- CVSS v3|...

Teltonika RUT9XX Unauthenticated OS Command Injection

Teltonika RUT9XX Unauthenticated OS Command Injection Link: https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180319-01TeltonikaOSCommandInjection Vulnerability Overview Teltonika RUT9XX routers with firmware before 00.04.233 are prone to multiple unauthenticated OS command...

Teltonika RUT9XX Unauthenticated OS Command Injection Exploit

Teltonika RUT9XX routers with firmware before 00.04.233 are prone to multiple unauthenticated OS command injection vulnerabilities in autologin.cgi and hotspotlogin.cgi due to insufficient user input sanitization. This allows remote attackers to execute arbitrary commands with root privileges...

Security Bulletin: IBM QRadar SIEM is vulnerable to OS Command Injection (CVE-2018-1571) (Updated 9/12/2018)

Summary User-supplied data may be passed to a system shell. Attackers could execute arbitrary commands on the system. Vulnerability Details CVEID: CVE-2018-1571 Description: IBM QRadar could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a...

GHSA-CFHG-9X44-78H2 ps Enables OS Command Injection

Versions of ps before 1.0.0 are vulnerable to command injection. Proof of concept: js var ps = require'ps'; ps.lookup pid: "$touch success.txt" , functionerr, proc // this method is vulnerable to command injection if err throw err; if proc console.logproc; // Process name, something like "node" o...

IBM: Reflected XSS and Blind out of band command injection at subdomain dstuid-ww.dst.ibm.com

I found an XSS and Blind OS based injection issue due to the incorrect handling of the characters in THE EMAIL get& post parameters. A injected and a sleep command succesfully executed, the following link works as a PoC that alerts the string in the script: I reproduced the same on Firefox and IE...

CVE-2018-0643

Ubuntu14.04 ORCA Online Receipt Computer Advantage 4.8.0 panda-server 1:1.4.9+p41-u4jma1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via unspecified vectors...

CVE-2018-0643

Ubuntu14.04 ORCA Online Receipt Computer Advantage 4.8.0 panda-server 1:1.4.9+p41-u4jma1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via unspecified vectors...

CVE-2018-0661

Multiple I-O DATA network camera products TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier allow an attacker on the same network segment to bypass access restriction to add files on a specific directory that may result ...

CVE-2018-1000666

GIG Technology NV JumpScale Portal 7 version before commit 15443122ed2b1cbfd7bdefc048bf106f075becdb contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in method: notifySpaceModification; that can result in Improper validation ...

CVE-2018-1000666

GIG Technology NV JumpScale Portal 7 version before commit 15443122ed2b1cbfd7bdefc048bf106f075becdb contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in method: notifySpaceModification; that can result in Improper validation ...