CVE-2018-1000666

GIG Technology NV JumpScale Portal 7 version before commit 15443122ed2b1cbfd7bdefc048bf106f075becdb contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in method: notifySpaceModification; that can result in Improper validation ...

CVE-2018-1000666

CVE-2018-1000666 affects GIG Technology NV JumpScale Portal 7. The vulnerability is an OS Command Injection (CWE-78) in the notifySpaceModification method, arising from improper neutralization/validation of input parameters, allowing command execution. According to sources, the issue is exploitab...

Opsview Monitor 5.x Command Execution Vulnerability

Exploit for multiple platform in category web applications Opsview Monitor Multiple Vulnerabilities 1. Advisory Information Title: Opsview Monitor Multiple Vulnerabilities Advisory ID: CORE-2018-0008 Advisory URL: http://www.coresecurity.com/advisories/opsview-monitor-multiple-vulnerabilities Dat...

Command injection

An issue was discovered on Tenda AC9 V15.03.05.196318CN and AC10 V15.03.06.23CN devices. The mac parameter in a POST request is used directly in a doSystemCmd call, causing OS command injection...

CVE-2018-16334

An issue was discovered on Tenda AC9 V15.03.05.196318CN and AC10 V15.03.06.23CN devices. The mac parameter in a POST request is used directly in a doSystemCmd call, causing OS command injection...

CVE-2018-16334

An issue was discovered on Tenda AC9 V15.03.05.196318CN and AC10 V15.03.06.23CN devices. The mac parameter in a POST request is used directly in a doSystemCmd call, causing OS command injection...

CVE-2018-16334

CVE-2018-16334 affects Tenda AC9 (V15.03.05.19(6318)_CN) and AC10 (V15.03.06.23_CN). The vulnerability arises when the mac parameter in a POST request is directly used in a doSystemCmd call, causing an OS command injection. Impact is indicated as high with network attack vector, requiring low pri...

CVE-2018-15477

myStrom WiFi Switch V1 devices before 2.66 did not sanitize a parameter received from the cloud that was used in an OS command. Malicious servers were able to run operating system commands on the device...

Design/Logic Flaw

myStrom WiFi Switch V1 devices before 2.66 did not sanitize a parameter received from the cloud that was used in an OS command. Malicious servers were able to run operating system commands on the device...

CVE-2018-15477

myStrom WiFi Switch V1 devices before 2.66 did not sanitize a parameter received from the cloud that was used in an OS command. Malicious servers were able to run operating system commands on the device...

CVE-2018-15477

The CVE set concerns myStrom WiFi Switch family with multiple issues in 2018. CVE-2018-15477 (and related CVEs 15476–15480) describe: a command-injection and OS-command execution risk in MyStrom devices where an unsanitized cloud parameter could be used to run commands on the device; affected: my...

Idera Up.time Monitoring Station Arbitrary File Upload Vulnerability

Idera Up.time Monitoring Station is a cross-platform server monitoring software from Idera. The software provides the server performance, availability and other indicators to collect, summarize and generate reports and other functions. An arbitrary file upload vulnerability exists in the...

Design/Logic Flaw

An issue was discovered in post2file.php in Up.Time Monitoring Station 7.5.0 build 16 and 7.4.0 build 13. It allows an attacker to upload an arbitrary file, such as a .php file that can execute arbitrary OS commands...

CVE-2015-9263

The CVE-2015-9263 entry concerns Idera Up.Time Monitoring Station (versions up to 7.5.0 build 16 and 7.4.0 build 13) where the post2file.php upload mechanism allows uploading arbitrary files (e.g., PHP) to the webroot. The underlying issue is an unauthenticated arbitrary file upload that can lead...

WordPress Plugin Plainview Activity Monitor 20161228 - (Authenticated) Command Injection

WordPress Plugin Plainview Activity Monitor 20161228 - Authenticated Command Injection !-- Wordpress Plainview Activity Monitor RCE + Version: 20161228 and possibly prior + Description: Combine OS Commanding and CSRF to get reverse shell + Author: LydAcric LEFEBVRE + CVE-ID: CVE-2018-15877 +...

Command injection

The Plainview Activity Monitor plugin before 20180826 for WordPress is vulnerable to OS command injection via shell metacharacters in the ip parameter of a wp-admin/admin.php?page=plainviewactivitymonitor&tab=activitytools request...

CVE-2018-15877

The Plainview Activity Monitor plugin before 20180826 for WordPress is vulnerable to OS command injection via shell metacharacters in the ip parameter of a wp-admin/admin.php?page=plainviewactivitymonitor&tab=activitytools request...

CVE-2018-15877

The Plainview Activity Monitor plugin before 20180826 for WordPress is vulnerable to OS command injection via shell metacharacters in the ip parameter of a wp-admin/admin.php?page=plainviewactivitymonitor&tab=activitytools request...

CVE-2018-15877

WordPress Plainview Activity Monitor plugin is vulnerable to OS command injection via the ip parameter in the activities_overview.php flow (and via the wp-admin/admin.php?action path noted in sources). Root cause: unsafe handling of user-supplied data leading to remote command execution. Affected...

CVE-2018-15877

The Plainview Activity Monitor plugin before 20180826 for WordPress is vulnerable to OS command injection via shell metacharacters in the ip parameter of a wp-admin/admin.php?page=plainviewactivitymonitor&tab=activitytools request. Recent assessments: cdelafuente-r7 at November 27, 2019 2:59pm UT...