CVE-2018-6211

On D-Link DIR-620 devices with a certain customized by ISP variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, OS command injection is possible as a result of incorrect processing of the resbuf parameter to index.cgi...

CVE-2018-6211

CVE-2018-6211 affects D-Link DIR-620 routers (firmware variants 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, 2.0.22). Root cause: OS command injection due to incorrect processing of the res_buf parameter in index.cgi. Impact: remote attacker could execute OS commands on the device. Public advisorie...

CVE-2018-12591

Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an improperly neutralized element in an OS command due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker with access to an admi...

Nikto CSV Injection Remote Code Execution (CVE-2018-11652)

A CSV Injection Vulnerability exists in Nikto 2.1.6. A successful attacker could inject arbitrary OS command directly into a CSV report. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Security Bulletin: OS Command Injection vulnerability affects IBM Security Guardium (CVE-2017-1253 )

Summary IBM Security Guardium could allow a remote authenticated attacker to execute arbitrary commands on the system. IBM Security Guardium has fixed this vulnerability Vulnerability Details CVEID: CVE-2017-1253 DESCRIPTION: IBM Security Guardium could allow a remote authenticated attacker to...

Security Bulletin: IBM QRadar SIEM and QRadar Incident Forensics are vulnerable to OS command injection (CVE-2016-9726, CVE-2016-9727)

Summary IBM QRadar SIEM, and Incident Forensics may pass unsafe user supplied data forms, cookies, HTTP headers etc. to a system shell. This could allow attackers to execute arbitrary commands on the system. IBM has addressed this issue. Vulnerability Details CVEID: CVE-2016-9726 DESCRIPTION: IBM...

Security Bulletin: IBM Security Guardium Database Activity Monitor is affected by OS Command Injection (CVE-2016-6065)

Summary IBM Security Guardium Database Activity Monitor appliance could allow a local user to inject commands that would be executed as root. IBM Security Guardium Database Activity Monitor fixed this vulnerability Vulnerability Details CVEID: CVE-2016-6065 DESCRIPTION: IBM Security Guardium...

Security Bulletin: IBM QRadar SIEM is vulnerable to OS command injection. (CVE-2016-2875)

Summary It is possible to inject a payload with OS Commands in QRadar which are run as root on the host OS. Vulnerability Details CVE-ID: CVE-2016-2875 Description: IBM QRadar could allow an authenticated user to inject operating system commands that would be executed with root privileges. CVSS...

Security Bulletin: IBM Tealeaf CX Passive Capture Application is vulnerable to a remotely exploitable OS command injection and local file inclusion (CVE-2013-6719 and CVE-2013-6720)

Summary IBM Tealeaf CX Passive Capture Application is vulnerable to a remotely exploitable OS command injection and local file inclusion. These vulnerabilities may be exploited to compromise the host system. Vulnerability Details Two areas of vulnerability are found in the IBM Tealeaf CX Passive...

Command injection

OS Command Injection vulnerability in McAfee ePolicy Orchestrator ePO 5.9.0, 5.3.2, 5.3.1, 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows attackers to run arbitrary OS commands with limited privileges via not sanitizing the user input data before exporting it into a CSV format output...

CVE-2017-3936

CVE-2017-3936 affects McAfee ePolicy Orchestrator (ePO) versions 5.9.0, 5.3.2, 5.3.1, 5.1.3, 5.1.2, 5.1.1, and 5.1.0. The vulnerability is an OS command injection caused by not sanitizing user input before exporting it into a CSV output, enabling an attacker to run arbitrary OS commands with limi...

CVE-2017-3936 McAfee ePolicy Orchestrator (ePO) - OS Command Injection vulnerability

OS Command Injection vulnerability in McAfee ePolicy Orchestrator ePO 5.9.0, 5.3.2, 5.3.1, 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows attackers to run arbitrary OS commands with limited privileges via not sanitizing the user input data before exporting it into a CSV format output...

Quest DR Series Disk Backup Software 4.0.3 Code Execution

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Quest DR Series Disk Backup Multiple Vulnerabilities 1. Advisory Information Title: Quest DR Series Disk Backup Multiple Vulnerabilities Advisory ID: CORE-2018-0002 Advisory URL:...

Cambium ePMP 1000 (up to v2.5) Arbitrary Command Execution

This module exploits an OS Command Injection vulnerability in Cambium ePMP 1000 Authors Karn Ganeshen...

DLink #DSL2750B OS Command Injection Exploit

This Metasploit module exploits a remote command injection vulnerability in D-Link DSL-2750B devices. Vulnerability can be exploited through "cli" parameter that is directly used to invoke "ayecli" binary. Vulnerable firmwares are from 1.01 up to 1.03. This module requires Metasploit:...

D-Link DSL-2750B - OS Command Injection (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'D-Link DSL-2750B OS Command Injection', 'Description' = %q This module exploits a remote command injection vulnerability in D-Link DSL-2750B...

Open-Xchange: command Injection in rawlog binary

Quick Overview I have found a Command Injection vulnerability in the code where a method calls an OS Shell command using an untrusted string to execute. Introduction Command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable...

Command injection

Adobe Connect versions 9.7 and earlier have an exploitable OS Command Injection. Successful exploitation could lead to arbitrary file deletion...

CVE-2018-4923

Adobe Connect versions 9.7 and earlier have an exploitable OS Command Injection. Successful exploitation could lead to arbitrary file deletion...

CVE-2018-4924

Adobe Dreamweaver CC versions 18.0 and earlier have an OS Command Injection vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user...