CVE-2018-4924

CVE-2018-4924 affects Adobe Dreamweaver CC versions 18.0 and earlier. An OS command injection in the Dreamweaver URI handler could allow arbitrary code execution in the context of the current user. The issue is documented across multiple sources (NVD and Adobe APSB18-07). Remediation is available...

CVE-2018-4923

CVE-2018-4923 affects Adobe Connect versions 9.7 and earlier. The vulnerability is an OS command injection in the Adobe Connect URI handler, enabling exploitation that could lead to arbitrary file deletion. Published references confirm this issue and connect it with APSB18-06 updates, which addre...

Exploit for OS Command Injection in Dasannetworks Gpon_Router_Firmware

GPON-LOADER Exploit loader for Remote...

CVE-2018-10730

All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to OS command injection...

CVE-2018-10730

CVE-2018-10730 affects Phoenix Contact FL SWITCH 3xxx/4xxx/48xx series running firmware 1.0–1.33. The vulnerability is a command injection in the OS shell triggered when transferring configuration files or upgrading firmware. Risk is high (CVSS v3 base 9.1) with remote exploitation possible accor...

Node.js third-party modules: Insecure implementation of deserialization in cryo

I would like to report code injection in serialization package cryo It allows execute arbitrary code using custom prototype. Module module name: cryo version: 0.0.6 npm page: https://www.npmjs.com/package/cryo Module Description JSON on steroids. Built for node.js and browsers. Cryo is inspired b...

EMC RecoverPoint 4.3 - 'Admin CLI' Command Injection

Exploit Title: EMC RecoverPoint 4.3 - Admin CLI Command Injection Version: RecoverPoint prior to 5.1.1 RecoverPoint for VMs prior to 5.0.1.3 Date: 2018-05-11 Exploit Author: Paul Taylor Github: https://github.com/bao7uo Tested on: RecoverPoint for VMs 4.3, RecoverPoint 4.4.SP1.P1 CVE: CVE-2018-11...

CVE-2018-1239

Dell EMC Unity Operating Environment OE versions prior to 4.3.0.1522077968 are affected by multiple OS command injection vulnerabilities. A remote application admin user could potentially exploit the vulnerabilities to execute arbitrary OS commands as system root on the system where Dell EMC Unit...

Silex Technology SX-500/SD-320AN or GE Healthcare MobileLink (Update B)

1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION : Exploitable Remotely / Low skill level to exploit / Public exploits are available Vendors : Silex Technology, GE Healthcare Equipment : SX-500, SD-320AN, MobileLink Vulnerabilities : Improper Authentication, OS Command Injection 2. UPDATE INFORMATION...

CVE-2018-8735

Remote command execution RCE vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary commands on the target system, aka OS command injection...

Command injection

Remote command execution RCE vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary commands on the target system, aka OS command injection...

CVE-2018-8735

Remote command execution RCE vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary commands on the target system, aka OS command injection...

CVE-2018-8735

Remote command execution RCE vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary commands on the target system, aka OS command injection...

CVE-2018-8735

CVE-2018-8735 is an OS command injection vulnerability in Nagios XI 5.2.x through 5.4.x that allows remote command execution. Public details describe an attacker able to run arbitrary commands on the target system, with affected versions prior to 5.4.13. Connected documents document an associated...

Moxa EDR-810 Web Server ping Command Injection Vulnerability(CVE-2017-12120)

Summary An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation, resulting in a root shell. An attacker can inject OS commands into the ip= parm in the...

Moxa EDR-810 Web Server OpenVPN Config Multiple Command Injection Vulnerabilities(CVE-2017-14432 - CVE-2017-14434)

Summary An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into various paramaters in the...

Moxa EDR-810 Web RSA Key Generation Command Injection Vulnerability(CVE-2017-12121)

Summary An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the rsakeyname= parm in the...

Moxa EDR-810 Web RSA Key Generation Command Injection Vulnerability

Summary An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the rsakeyname= parm in the...

CVE-2017-14459

An exploitable OS Command Injection vulnerability exists in the Telnet, SSH, and console login functionality of Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client in firmware versions 1.4 to 1.7 current. An attacker can inject commands via the username parameter of several...

CVE-2017-14459

CVE-2017-14459 affects the Moxa AWK-3131A industrial Wi‑Fi AP/bridge/client. The vulnerability is an OS command injection via the username parameter in Telnet, SSH and the local console login, allowing remote, unauthenticated, root‑level command execution. Root cause is tied to BusyBox loginutils...