CVE-2018-15877

The Plainview Activity Monitor plugin before 20180826 for WordPress is vulnerable to OS command injection via shell metacharacters in the ip parameter of a wp-admin/admin.php?page=plainviewactivitymonitor&tab=activitytools request. Recent assessments: cdelafuente-r7 at November 27, 2019 2:59pm UT...

CVE-2018-3856

CVE-2018-3856 affects Samsung SmartThings Hub STH-ETH-250 (firmware 0.20.17). Cisco Talos reports an OS command-injection in the video-core RTSP handling: if the camera-password contains spaces, the hub builds an ffmpeg command with attacker-controlled options, leading to arbitrary code execution...

Command injection

fileshare.cmd on Telus Actiontec T2200H T2200H-31.128L.03 devices allows OS Command Injection via shell metacharacters in the smbdUserid or smbdPasswd field...

CVE-2018-15553

fileshare.cmd on Telus Actiontec T2200H T2200H-31.128L.03 devices allows OS Command Injection via shell metacharacters in the smbdUserid or smbdPasswd field...

CVE-2018-15553

fileshare.cmd on Telus Actiontec T2200H T2200H-31.128L.03 devices allows OS Command Injection via shell metacharacters in the smbdUserid or smbdPasswd field...

CVE-2018-15553

The CVE-2018-15553 entry concerns Telus Actiontec T2200H/T2200H-31.128L.03 devices where the fileshare.cmd component allows OS command injection via shell metacharacters in the smbdUserid or smbdPasswd fields. Affected product/firmware: Telus Actiontec T2200H with firmware 31.128L.03. Root cause ...

ADM 3.1.2RHG1 - Remote Code Execution

ADM 3.1.2RHG1 - Remote Code Execution Title: Asustor ADM 3.1.2RHG1 - Remote Code Execution Author: Matthew Fulton & Kyle Lovett Date: 2018-07-01 Vendor Homepage: https://www.asustor.com/ Software Link: http://download.asustor.com/download/adm/X64G33.1.2.RHG1.img Version: = ADM 3.1.2RHG1 Tested on...

CVE-2018-15155

OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/fax/faxdispatch.php after modifying the "hylafaxenscript" global variable in interface/super/editglobals.php...

CVE-2018-15156

OpenEMR prior to 5.0.1.4 is affected by an OS command injection in interface/fax/faxq.php. An authenticated remote attacker can modify the hylafax_server global in interface/super/edit_globals.php and craft a request to execute arbitrary commands. Exploitation details are documented across multip...

OpenEMR < 5.0.1.4 Multiple Vulnerabilities

OpenEMR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:open-emr:openemr"; ifdescription...

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

active-support ruby gem could allow a remote attacker to execute arbitrary code on the system, caused by containing a malicious backdoor. An attacker could exploit this vulnerability to execute arbitrary code on the system...

Crestron TSW-X60 and MC3

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Crestron Equipment: TSW-X60 and MC3 Vulnerabilities: OS Command Injections, Improper Access Control, Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of these...

SoftNAS Cloud OS Command Injection Vulnerability

Exploit for php platform in category web applications SoftNAS Cloud OS Command Injection 1. Advisory Information Title: SoftNAS Cloud OS Command Injection Advisory ID: CORE-2018-0009 Advisory URL: http://www.coresecurity.com/advisories/softnas-cloud-OS-command-injection Date published: 2018-07-26...

JVN#37376131: Multiple vulnerabilities in ORCA(Online Receipt Computer Advantage)

ORCAOnline Receipt Computer Advantage provided by ORCA Management Organization Co., Ltd contains vulnerabilities listed below. OS command injectionCWE-78 - CVE-2018-0643 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L| Base Score: 4.1 CVSS v2|...

CVE-2018-14010

OS command injection in the guest Wi-Fi settings feature in /cgi-bin/luci on Xiaomi R3P before 2.14.5, R3C before 2.12.15, R3 before 2.22.15, and R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data...

Command injection

OS command injection in the AP mode settings feature in /cgi-bin/luci /api/misystem/setrouterwifiap on Xiaomi R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data...

CVE-2018-14010

OS command injection in the guest Wi-Fi settings feature in /cgi-bin/luci on Xiaomi R3P before 2.14.5, R3C before 2.12.15, R3 before 2.22.15, and R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data...

CVE-2018-14060

CVE-2018-14060 describes an OS command-injection in the AP mode settings feature of Xiaomi R3D devices (pre-2.26.4) via /cgi-bin/luci/api/misystem/set_router_wifiap, allowing an attacker to execute arbitrary commands through crafted JSON data. The affected component is the router firmware’s AP mo...

CVE-2018-14010

The CVE-2018-14010 issue affects Xiaomi routers (R3P, R3C, R3, R3D) via the guest Wi‑Fi settings feature in /cgi-bin/luci. Affected firmware versions are R3P &lt; 2.14.5, R3C &lt; 2.12.15, R3 &lt; 2.22.15, and R3D

Multiple vulnerabilities in Aterm W300P

Overview Aterm W300P provided by NEC Corporation contains multiple vulnerabilities listed below. OS Command Injection CWE-78 - CVE-2018-0629, CVE-2018-0630, CVE-2018-0631 Buffer Overflow CWE-119 - CVE-2018-0632, CVE-2018-0633 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this...