9786 matches found
LogicalDOC Enterprise 7.7.4 Post-Auth Command Execution Via Binary Path Manipulation
Summary LogicalDOC is a free document management system that is designed to handle and share documents within an organization. LogicalDOC is a content repository, with Lucene indexing, Activiti workflow, and a set of automatic import procedures. Description LogicalDOC suffers from multiple...
CVE-2018-1000042
Security Onion Solutions Squert version 1.3.0 through 1.6.7 contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command OS Command Injection vulnerability in .inc/callback.php that can result in execution of OS Commands. This attack appear to be exploitable via Web reques...
CVE-2018-1000043
Security Onion Solutions Squert version 1.0.1 through 1.6.7 contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command OS Command Injection vulnerability in .inc/callback.php that can result in execution of OS Commands. This attack appear to be exploitable via Web reques...
CVE-2018-1000042
Security Onion Solutions Squert version 1.3.0 through 1.6.7 contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command OS Command Injection vulnerability in .inc/callback.php that can result in execution of OS Commands. This attack appear to be exploitable via Web reques...
CVE-2018-1000043
Security Onion Solutions Squert version 1.0.1 through 1.6.7 contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command OS Command Injection vulnerability in .inc/callback.php that can result in execution of OS Commands. This attack appear to be exploitable via Web reques...
Command injection
OpenEMR version 5.0.0 contains a OS Command Injection vulnerability in faxdispatch.php that can result in OS command injection by an authenticated attacker with any role. This vulnerability appears to have been fixed in 5.0.0 Patch 2 or higher...
Command injection
Security Onion Solutions Squert version 1.0.1 through 1.6.7 contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command OS Command Injection vulnerability in .inc/callback.php that can result in execution of OS Commands. This attack appear to be exploitable via Web reques...
CVE-2018-1000019
OpenEMR version 5.0.0 contains a OS Command Injection vulnerability in faxdispatch.php that can result in OS command injection by an authenticated attacker with any role. This vulnerability appears to have been fixed in 5.0.0 Patch 2 or higher...
CVE-2018-1000019
CVE-2018-1000019 affects OpenEMR 5.0.0 via OS command injection in fax_dispatch.php. The authenticated attacker with any role could exploit this vulnerability. The issue has been fixed in OpenEMR 5.0.0 Patch 2 or higher (per connected advisories and the CVE description). Remediation is to upgrade...
CVE-2018-1000019
OpenEMR version 5.0.0 contains a OS Command Injection vulnerability in faxdispatch.php that can result in OS command injection by an authenticated attacker with any role. This vulnerability appears to have been fixed in 5.0.0 Patch 2 or higher...
CVE-2018-1000042
CVE-2018-1000042 affects Security Onion Solutions Squert versions 1.3.0 through 1.6.7. The vulnerability is CWE-78 (OS Command Injection) in the .inc/callback.php file, allowing execution of OS commands when a web request with payloads in the data or obj parameters is processed by autocat(). The ...
CVE-2018-1000043
Security Onion Solutions Squert versions 1.0.1–1.6.7 are affected by CVE-2018-1000043, a CWE-78 OS Command Injection in .inc/callback.php. An attacker can exploit this via an HTTP request containing a payload in the txdata parameter (used in tx()/transcript()) or the catdata parameter (used in ca...
CVE-2018-1000042
Security Onion Solutions Squert version 1.3.0 through 1.6.7 contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command OS Command Injection vulnerability in .inc/callback.php that can result in execution of OS Commands. This attack appear to be exploitable via Web reques...
CVE-2018-0514
MP Form Mail CGI eCommerce Edition Ver 2.0.13 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors...
JVN#15462187: MP Form Mail CGI eCommerce Edition vulnerable to OS command injection
MP Form Mail CGI eCommerce Edition provided by futomi Co., Ltd. is a CGI used to send mail from a web form. MP Form Mail CGI eCommerce Edition contains an OS command injection vulnerability CWE-78. Impact A remote attacker may execute an arbitrary OS command. Solution Update the Software Update t...
JVN#36048131: Multiple I-O DATA network devices incorporating "MagicalFinder" vulnerable to OS command injection
"MagicalFinder" provided by I-O DATA DEVICE, INC. is a IP address setting tool to for I-O DATA network devices such as routers, network cameras, strages, etc. Multiple I-O DATA network devices that incorporate "MagicalFinder" contain an OS command injection vulnerability CWE-78. Impact An attacke...
CVE-2018-6388
iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices allow remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ping test arguments on the Diagnostics page...
CVE-2018-6388
The CVE-2018-6388 entry concerns iBall iB-WRA150N devices (firmware version 1.2.6, build 110401 Rel.47776n). Affected component is the Diagnostics page’s ping test argument handling, where remote authenticated users can inject shell metacharacters to execute arbitrary OS commands. This is a remot...
Leptonica gplotMakeOutput Command Injection Vulnerability
Summary An exploitable command injection vulnerability exists in the gplotMakeOutput function of Leptonica 1.74.4. A specially crafted gplot rootname argument can cause a command injection resulting in arbitrary code execution. An attacker can provide a malicious path as input to an application...
JVN#10103841: Nootka App for Android vulnerable to OS command injection
Nootka App for Android provided by SeeLook contains an OS command injection vulnerability CWE-78. Impact A remote attacker may execute an arbitrary OS command. Solution Update the Application Update to the latest version according to the information provided by the developer. Products Affected...