CVE-2018-0556

CVE-2018-0556 affects Buffalo WZR-1750DHP2 firmware versions 2.30 and earlier. The vulnerability is an OS Command Injection (CWE-78) in the device’s firmware that allows an attacker with network access to execute arbitrary commands on the router. Root cause involves inadequate input handling enab...

McAfee ePolicy Orchestrator OS Command Injection Vulnerability

McAfee ePolicy Orchestrator ePO is a suite of scalable security management software from McAfee. The software enables centralized, streamlined management of endpoint, network, content security and compliance solutions. An operating system injection vulnerability exists in McAfee ePolicy...

Command injection

MainAnalysisContent.asp in /apply.cgi on ASUS RT-AC66U, RT-AC68U, RT-AC86U, RT-AC88U, RT-AC1900, RT-AC2900, and RT-AC3100 devices before 3.0.0.4.38410007; RT-N18U devices before 3.0.0.4.382.39935; RT-AC87U and RT-AC3200 devices before 3.0.0.4.382.50010; and RT-AC5300 devices before...

CVE-2018-9285

MainAnalysisContent.asp in /apply.cgi on ASUS RT-AC66U, RT-AC68U, RT-AC86U, RT-AC88U, RT-AC1900, RT-AC2900, and RT-AC3100 devices before 3.0.0.4.38410007; RT-N18U devices before 3.0.0.4.382.39935; RT-AC87U and RT-AC3200 devices before 3.0.0.4.382.50010; and RT-AC5300 devices before...

CVE-2018-9285

CVE-2018-9285 describes an OS command injection in Main_Analysis_Content.asp via /apply.cgi on ASUS routers (RT-AC66U/RT-AC68U/RT-AC86U/RT-AC88U/RT-AC1900/RT-AC2900/RT-AC3100; RT-N18U; RT-AC87U/RT-AC3200; RT-AC5300). The vulnerability occurs before firmware versions 3.0.0.4.384_10007, 3.0.0.4.382...

Moxa AWK-3131A Multiple Features Login Username Parameter OS Command Injection Vulnerability

Summary An exploitable OS Command Injection vulnerability exists in the Telnet, SSH, and console login functionality of Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client in firmware versions 1.4 to 1.7 current. An attacker can inject commands via the username parameter of...

JVN#72589538: LXR vulnerable to OS command injection

LXR provided by LXR Project contains an OS command injection vulnerability CWE-78. Impact On a server where the product is running, a remote attacker may execute an arbitrary OS command. Solution Update the Software Update to the latest version according to the information provided by the...

JVN#93397125: Multiple vulnerabilities in WZR-1750DHP2

WZR-1750DHP2 provided by BUFFALO INC. is a wireless LAN router. WXR-1900DHP2 contains multiple vulnerabilities listed below. Missing Authentication for Critical Function CWE-306 - CVE-2018-0554 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H| Base Score:...

ClipBucket beats_uploader Unauthenticated Arbitrary File Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ClipBucket beatsuploader Unauthenticated Arbitrary File Upload", 'Description' = %q This module exploits a vulnerability found in ClipBucket...

D-Link DIR Routers OS Command Injection Vulnerability (Mar 2018)

D-Link Routers DIR-860L, DIR-865L, DIR-868L and DIR-880L are prone to an OS command injection vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Adobe Connect Multiple Vulnerabilities (APSB18-06)

Adobe Connect is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adobe:connect"; ifdescription...

Adobe Dreamweaver 18.0 < 18.1 Arbitrary Code Execution (APSB18-07)

The version of Adobe Dreamweaver installed on the remote Windows host is prior to 18.1. It is, therefore, affected by a vulnerability as referenced in the APSB18-07 advisory. - Adobe Dreamweaver CC versions 18.0 and earlier have an OS Command Injection vulnerability. Successful exploitation could...

JVN#22536871: QQQ SYSTEMS vulnerable to arbitrary command injection

QQQ SYSTEMS provided by Gundam Cult QQQ is a perl CGI script to create quiz pages. QQQ SYSTEMS contains an OS command injection vulnerability CWE-78. Impact An attacker may execute an arbitrary OS command with the web server's execution privilege. Solution Consider stop using QQQ SYTEMS 2.24 Sinc...

APSB18-06 Security update available for Adobe Connect

Adobe has released a security update for Adobe Connect. This update resolves an unrestricted SWF file upload vulnerability CVE-2018-4921, which could be exploited to conduct cross-site scripting attacks. This update also resolves an OS command injection vulnerability in the Adobe Connect URI...

CVE-2018-0523

CVE-2018-0523 affects Buffalo WXR-1900DHP2 firmware 2.48 and earlier. The OS Command Injection vulnerability (CWE-78) can allow an attacker on a device-connected network to execute arbitrary OS commands via unspecified vectors. Public sources (JVN/NVD) list this CVE with associated CVSS metrics (...

CVE-2017-7640

CVE-2017-7640 affects the QNAP NAS Media Streaming add-on for the firmware versions 421.1.0.2, 430.1.2.0, and earlier. The vulnerability allows remote attackers to execute arbitrary operating system commands with root privileges on the affected NAS devices. The connected documents confirm the aff...

CVE-2018-6530

OS command injection vulnerability in soap.cgi soapcgimain in cgibin in D-Link DIR-880L DIR-880LREVAFIRMWAREPATCH1.08B04 and previous versions, DIR-868L DIR868LA1FW112b04 and previous versions, DIR-65L DIR-865LREVAFIRMWAREPATCH1.08.B01 and previous versions, and DIR-860L DIR860LA1FW110b04 and...

CVE-2018-6530

OS command injection vulnerability in soap.cgi soapcgimain in cgibin in D-Link DIR-880L DIR-880LREVAFIRMWAREPATCH1.08B04 and previous versions, DIR-868L DIR868LA1FW112b04 and previous versions, DIR-65L DIR-865LREVAFIRMWAREPATCH1.08.B01 and previous versions, and DIR-860L DIR860LA1FW110b04 and...

CVE-2018-6530

The CVE-2018-6530 entry describes an OS command injection in the D‑Link DIR series through soap.cgi (soapcgi_main in cgibin), allowing remote execution of arbitrary OS commands via the service parameter. Affected devices include DIR-880L (REVA firmware patches 1.08B04 and earlier), DIR-868L (DIR8...

CVE-2018-7664

An issue was discovered in ClipBucket before 4.0.0 Release 4902. Any OS commands can be injected via shell metacharacters in the filename parameter to /api/fileuploader.php or /actions/filedownloader.php...