3914 matches found
Hongdian H8922 3.0.5 - Remote Command Injection
Hongdian H8922 3.0.5 devices are susceptible to remote command injection via shell metacharacters into the ip-address a/k/a Destination field to the tools.cgi ping command, which is accessible with the username guest and password guest. An attacker can execute malware, obtain sensitive informatio...
Yachtcontrol Webapplication 1.0 - Remote Command Injection
Yachtcontrol Webapplication 1.0 makes it possible to perform direct operating system commands as an unauthenticated user via the "/pages/systemcall.php?command=COMMAND" page and parameter, where COMMAND will be executed and returning the results to the client. Affects Yachtcontrol webservers...
Pandora FMS 7.0NG - Remote Command Injection
Pandora FMS 7.0NG allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ipsrc parameter in an index.php?operation/netflow/nfliveview request. id: CVE-2019-20224 info: name: Pandora FMS 7.0NG - Remote Command Injection author: ritikchaddha severity: hig...
Citrix SD-WAN Center - Remote Command Injection
Citrix SD-WAN Center is susceptible to remote command injection via the addModifyZTDProxy function in NmsController. The function does not sufficiently validate or sanitize HTTP request parameter values that are used to construct a shell command. An attacker can trigger this vulnerability by...
Citrix SD-WAN Center - Remote Command Injection
Citrix SD-WAN Center is susceptible to remote command injection via the apply action in StorageMgmtController. The callStoragePerl function does not sufficiently validate or sanitize HTTP request parameter values that are used to construct a shell command. An attacker can trigger this vulnerabili...
RaspAP <=2.6.5 - Remote Command Injection
RaspAP 2.6 to 2.6.5 allows unauthenticated attackers to execute arbitrary OS commands via the "iface" GET parameter in /ajax/networking/getnetcfg.php, when the "iface" parameter value contains special characters such as ";". id: CVE-2021-33357 info: name: RaspAP =2.6.5 - Remote Command Injection...
EUVD-2026-43314
A security flaw has been discovered in Shibby Tomato up to 1.28.0000. Affected by this issue is the function sub2D568 of the component startjffs2. Performing a manipulation of the argument jffs2exec results in os command injection. Remote exploitation of the attack is possible. The exploit has be...
CVE-2026-15547
A weakness has been identified in Shibby Tomato up to 1.28.0000. This affects the function sub2D048 of the component CIFS Mount Handler. Executing a manipulation of the argument cifs1/cifs2 can lead to os command injection. The attack can be executed remotely. The exploit has been made available ...
CVE-2026-15547 Shibby Tomato CIFS Mount sub_2D048 os command injection
A weakness has been identified in Shibby Tomato up to 1.28.0000. This affects the function sub2D048 of the component CIFS Mount Handler. Executing a manipulation of the argument cifs1/cifs2 can lead to os command injection. The attack can be executed remotely. The exploit has been made available ...
CVE-2026-15547
Shibby Tomato (up to 1.28.0000) contains a vulnerability in the CIFS Mount Handler sub_2D048 that allows remote OS command injection by manipulating the cifs1/cifs2 arguments. A public exploit exists; impact is described with network access and low privileges. The project is superseded by FreshTo...
CVE-2026-15546
The CVE-2026-15546 entry describes a remote OS command injection in Shibby Tomato up to 1.28.0000. Affected component: start_jffs2, function sub_2D568. Exploitation involves manipulating the argument jffs2_exec; exploit is public and may be used for attacks. CVSS data indicate network access with...
Nagios XI 5.5.6-5.7.5 - Authenticated Remote Command Injection
Nagios XI 5.5.6 through 5.7.5 is susceptible to authenticated remote command injection. There is improper sanitization of authenticated user-controlled input by a single HTTP request via the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php. This in turn can lead ...
YeaLink DM 3.6.0.20 - Remote Command Injection
Yealink Device Management DM 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication. id: CVE-2021-27561 info: name: YeaLink DM 3.6.0.20 - Remote Command Injection author: shifacyclewala,hackergautam severity: critical description: Yealink...
Nagios XI 5.5.6-5.7.5 - Authenticated Remote Command Injection
Nagios XI 5.5.6 through 5.7.5 is susceptible to authenticated remote command injection. There is improper sanitization of authenticated user-controlled input by a single HTTP request via the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php. This in turn can lead to...
Citrix SD-WAN Center - Remote Command Injection
Citrix SD-WAN Center is susceptible to remote command injection via the ping function in DiagnosticsController, which does not sufficiently validate or sanitize HTTP request parameter values used to construct a shell command. An attacker can trigger this vulnerability by routing traffic through t...
D-Link Routers - Remote Command Injection
D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 device may allow an authenticated attacker to execute arbitrary code by injecting the shell command into the chkisg.htm page Sip parameter. This allows for...
Altenergy Power Control Software C1.2.5 - Remote Command Injection
Altenergy Power Control Software C1.2.5 is susceptible to remote command injection via shell metacharacters in the index.php/management/settimezone parameter, because of settimezone in models/managementmodel.php. An attacker can potentially obtain sensitive information, modify data, and/or execut...
Jenkins - Remote Command Injection
Jenkins 2.153 and earlier and LTS 2.138.3 and earlier are susceptible to a remote command injection via stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not intended to be invoked this wa...
EUVD-2026-43254
A security flaw has been discovered in Wavlink WL-NU516U1 260515. This affects the function wlinkucisetvalue of the file /cgi-bin/adm.cgi. Performing a manipulation of the argument lanip results in os command injection. The attack can be initiated remotely. The exploit has been released to the...
CVE-2026-15513 Wavlink WL-NU516U1 adm.cgi wlink_uci_set_value os command injection
A security flaw has been discovered in Wavlink WL-NU516U1 260515. This affects the function wlinkucisetvalue of the file /cgi-bin/adm.cgi. Performing a manipulation of the argument lanip results in os command injection. The attack can be initiated remotely. The exploit has been released to the...