Command injection

Improper Neutralization of Special Elements used in an OS Command in the podcast playback function of Podbeuter in Newsbeuter 0.3 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item with a media enclosure i.e., a podcast file that includes shell...

CVE-2017-14500

Improper Neutralization of Special Elements used in an OS Command in the podcast playback function of Podbeuter in Newsbeuter 0.3 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item with a media enclosure i.e., a podcast file that includes shell...

CVE-2017-14500

Removed by vendor...

Design/Logic Flaw

CG-WLR300NM Firmware version 1.90 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors...

CVE-2017-10813

CG-WLR300NM Firmware version 1.90 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors...

CVE-2017-10813

CVE-2017-10813 affects Corega CG-WLR300NM firmware 1.90 and earlier. The vulnerability is an OS command injection (OS Command Injection, CWE-78) that can be exploited via an attack vector available to users who can access the device’s administrative console, allowing arbitrary OS commands to be e...

Foscam IP Video Camera CGIProxy.fcgi Account Password Command Injection Vulnerability(CVE-2017-2828)

Summary An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during a password change resultin...

Foscam IP Video Camera CGIProxy.fcgi DNS2 Address Configuration Command Injection Vulnerability(CVE-2017-2848)

Summary An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configurati...

JVN#00719891: Multiple vulnerabilities in CG-WLR300NM

CG-WLR300NM provided by Corega Inc. is a wireless LAN router. CG-WLR300NM contains multiple vulnerabilities listed below. OS Command Injection CWE-78 - CVE-2017-10813 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H| Base Score: 6.8 CVSS v2|...

CVE-2017-14135

enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py in the webadmin plugin for opendreambox 2.0.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the command parameter to the /script URI...

CVE-2017-12904

Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL...

CVE-2017-12904

Newsbeuter is affected by CVE-2017-12904 in the bookmarking function (versions 0.7–2.9). A remote attacker could cause user‑assisted code execution by crafting an RSS item containing shell code in the title/URL. Remediation across advisories involves upgrading Newsbeuter to a newer release (e.g.,...

CVE-2017-12904

Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL...

CVE-2017-12904

Removed by vendor...

JVN#87410770: Multiple vulnerabilities in "Dokodemo eye Smart HD" SCR02HD

Wireless monitor "Dokodemo eye Smart HD" SCR02HD provided by NIPPON ANTENNA Co., Ltd contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2017-10832 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H| Base Score: 9.8 CVSS v2|...

Design/Logic Flaw

Buffalo WCR-1166DS devices with firmware 1.30 and earlier allow an attacker to execute arbitrary OS commands via unspecified vectors...

CVE-2017-10811

The CVE-2017-10811 entry affects Buffalo WCR-1166DS devices. Firmware versions 1.30 and earlier are vulnerable to an OS command injection (CWE-78) when an attacker with access to the device’s administrative console can trigger arbitrary OS commands. Root cause is an OS command injection flaw. Imp...

Malicious Git HTTP Server For CVE-2017-1000117

This module exploits CVE-2017-1000117, which affects Git version 2.7.5 and lower. A submodule of the form 'ssh://' can be passed parameters from the username incorrectly. This can be used to inject commands to the operating system when the submodule is cloned. This module creates a fake git...

JVN#05340005: WCR-1166DS vulnerable to OS command injection

WCR-1166DS provided by BUFFALO INC.is a wireless LAN router. WCR-1166DS contains an OS command injection vulnerability CWE-78. Impact A user who can access the administrative console of the device may execute an arbitrary OS command. Solution Update the Firmware Apply the firmware update accordin...

Design/Logic Flaw

GigaCC OFFICE ver.2.3 and earlier allows remote attackers to execute arbitrary OS commands via specially crafted mail template...