9786 matches found
CVE-2017-6334
dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the hostname field of an HTTP POST request, a different vulnerability than CVE-2017-6077. Recent assessments: Assessed Attacker...
Cambium Networks ePMP 1000 Multiple Vulnerabilities
Cambium Networks ePMP1000 is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Cambium ePMP 1000 'ping' Password Hash Extractor (up to v2.5)
This module exploits an OS Command Injection vulnerability in Cambium ePMP 1000 Authors Karn Ganeshen This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Cambium ePMP 1000 'ping' Password Hash...
JVN#46830433: Multiple I-O DATA network camera products multiple vulnerabilities
Multiple network camera products provided by I-O DATA DEVICE, INC. contain multiple vulnerabilities listed below. HTTP header injection CWE-113 - CVE-2017-2111 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N| Base Score: 4.7 CVSS v2|...
CVE-2017-6077
ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the pingIPAddr field of an HTTP POST request...
CVE-2017-6077
CVE-2017-6077 affects NETGEAR DGN2200 routers (firmware up to 10.0.0.50). The vulnerability is a remote code execution via ping.cgi: an authenticated attacker can inject shell metacharacters in the ping_IPAddr field of an HTTP POST, enabling arbitrary OS command execution. The issue is tied to th...
CVE-2017-6077
ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the pingIPAddr field of an HTTP POST request. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attack...
Design/Logic Flaw
An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-RTG Series, AWK-3131-M12-RCC Series, AWK-5232-M12-RCC Series, TAP-6226 Series, AWK-3121/4121 Series...
CVE-2016-8363
An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-RTG Series, AWK-3131-M12-RCC Series, AWK-5232-M12-RCC Series, TAP-6226 Series, AWK-3121/4121 Series...
CVE-2016-8363
CVE-2016-8363 affects Moxa OnCell gateways (OnCellG3470A-LTE, AWK-1131A/3131A/4131A, AWK-3191, AWK-5232/6232, AWK-1121/1127, WAC-1001 V2, WAC-2004, AWK-3121-M12-RTG, AWK-3131-M12-RCC, AWK-5232-M12-RCC, TAP-6226, AWK-3121/4121, AWK-3131/4131, AWK-5222/6222). The root cause is an improper auth/perm...
Command injection
An issue was discovered in Radisys MRF Web Panel SWMS 9.0.1. The MSMMACRONAME POST parameter in /swms/ms.cgi was discovered to be vulnerable to OS command injection attacks. It is possible to use the pipe character | to inject arbitrary OS commands and retrieve the output in the application's...
CVE-2016-10043
An issue was discovered in Radisys MRF Web Panel SWMS 9.0.1. The MSMMACRONAME POST parameter in /swms/ms.cgi was discovered to be vulnerable to OS command injection attacks. It is possible to use the pipe character | to inject arbitrary OS commands and retrieve the output in the application's...
CVE-2016-10043
An issue was discovered in Radisys MRF Web Panel SWMS 9.0.1. The MSMMACRONAME POST parameter in /swms/ms.cgi was discovered to be vulnerable to OS command injection attacks. It is possible to use the pipe character | to inject arbitrary OS commands and retrieve the output in the application's...
CVE-2016-10043
Radisys MRF Web Panel (SWMS) 9.0.1 is vulnerable to OS command injection via the MSM_MACRO_NAME POST parameter in /swms/ms.cgi. An attacker can use the pipe character (|) to inject arbitrary commands and retrieve output from responses, enabling possible unauthorized command execution, with risks ...
Radisys MRF - Command Injection
Radisys MRF - Command Injection Title: MRF Web Panel OS Command Injection Vendor: Radisys Vendor Homepage: http://www.radisys.com Product: MRF Web Panel SWMS Version: 9.0.1 CVE: CVE-2016-10043 CWE: CWE-78 Risk Level: High Discovery: Filippos Mastrogiannis, Loukas Alkis & Dimitrios Maragkos COSMOT...
Radisys MRF - Command Injection Vulnerability
Exploit for cgi platform in category web applications Title: MRF Web Panel OS Command Injection Vendor: Radisys Vendor Homepage: http://www.radisys.com Product: MRF Web Panel SWMS Version: 9.0.1 CVE: CVE-2016-10043 CWE: CWE-78 Risk Level: High Discovery: Filippos Mastrogiannis, Loukas Alkis &...
Radisys MRF - Command Injection
Title: MRF Web Panel OS Command Injection Vendor: Radisys Vendor Homepage: http://www.radisys.com Product: MRF Web Panel SWMS Version: 9.0.1 CVE: CVE-2016-10043 CWE: CWE-78 Risk Level: High Discovery: Filippos Mastrogiannis, Loukas Alkis & Dimitrios Maragkos COSMOTE OTE Group Information & Networ...
smalruby-editor vulnerable to OS command injection
Overview smalruby-editor provided by Ruby Programming Shounendan is web-based editor to create Ruby programs. smalruby-editor containts an OS command injection vulnerability CWE-78. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...
JVN#50197114: smalruby-editor vulnerable to OS command injection
smalruby-editor provided by Ruby Programming Shounendan is web-based editor to create Ruby programs. smalruby-editor containts an OS command injection vulnerability CWE-78. Impact A remote attacker may execute arbitrary OS command on the server where smalruby-editor resides. Solution Update the...
Exploit for OS Command Injection in Gnu Bash
ActiveScan++ ================== ActiveScan++ extends Burp Suite...