Command injection

The post-authentication command injection vulnerability in the CLI command of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50W firmware versions 4.16 through 5.35, USG20W-VPN firmware versions 4.16 through 5.35, and VPN series...

Authentication flaw

The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 and 80.103.2.5045 devices allows remote OS command execution by placing &telnetd in the JSON host field to the ping feature of the goform/sysTools component. Authentication is required...

Design/Logic Flaw

openITCOCKPIT before 3.7.3 has a web-based terminal that allows attackers to execute arbitrary OS commands via shell metacharacters that are mishandled on an su command line in app/Lib/SudoMessageInterface.php...

MTN Group: Remote OS Command Execution on Oracle Weblogic server via [CVE-2017-3506]

Summary Hello. I was able to identify RCE vulnerability due to the outdated Oracle Weblogic instance on https://raebilling.mtn.co.za. Steps To Reproduce To reproduce, try this request with BurpSuite This request to the https://raebilling.mtn.co.za/wls-wsat/RegistrationRequesterPortType will trigg...

MTN Group: Remote OS Command Execution on Oracle Weblogic server via [CVE-2017-10271]

Summary Hello. I was able to identify RCE vulnerability due to the outdated Oracle Weblogic instance on https://raebilling.mtn.co.za. Steps To Reproduce To reproduce, launch this request with BurpSuite This request to the https://raebilling.mtn.co.za/wls-wsat/CoordinatorPortType will trigger slee...

CVE-2018-20114

CVE-2018-20114 affects D-Link DIR-818LW Rev.A 2.05.B03 and DIR-860L Rev.B 2.03.B03. It is tied to an OS command injection in the cgibin soap.cgi service, exploitable via the service parameter containing an ? substring, reflecting an incomplete fix for CVE-2018-6530. Connected documents corrobora...

CVE-2018-20114

On D-Link DIR-818LW Rev.A 2.05.B03 and DIR-860L Rev.B 2.03.B03 devices, unauthenticated remote OS command execution can occur in the soap.cgi service of the cgibin binary via an “&&” substring in the service parameter. NOTE: this issue exists because of an incomplete fix for CVE-2018-6530. Recent...

CVE-2017-17888

The CVE-2017-17888 entry concerns Anti-Web (up to version 3.8.7) used in multiple industrial/OT devices (NetBiter/HMS, Ouman EH-net, Alliance WS100 → AWU 500, Sauter ERW100F001, Carlo Gavazzi SIU-DLG, AEDILIS SMART-1, SYXTHSENSE WebBiter, ABB SREA, ASCON DY WebServer). Vulnerability: remote authe...

Input validation

Cisco Prime Network Analysis Module NAM before 6.11 patch.6.1-2-final and 6.2.x before 6.22 and Prime Virtual Network Analysis Module vNAM before 6.11 patch.6.1-2-final and 6.2.x before 6.22 allow remote authenticated users to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID...

Symantec Endpoint Protection Multiple Vulnerabilities (Nov 2015)

Symantec Endpoint Protection is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

ArcSight Logger - Arbitrary File Upload Code Execution

ArcSight Logger - Arbitrary File Upload Code Execution Exploit Title: ArcSight Logger - Arbitrary File Upload Code Execution Date: 13.03.2015 Exploit Author: Julian Horoszkiewicz Vendor Homepage: www.hp.com Software Link:...

ArcSight Logger - Arbitrary File Upload / Code Execution

Exploit Title: ArcSight Logger - Arbitrary File Upload Code Execution Date: 13.03.2015 Exploit Author: Julian Horoszkiewicz Vendor Homepage: www.hp.com Software Link: http://www8.hp.com/us/en/software-solutions/arcsight-logger-log-management/try-now.html Version: ArcSight Logger 5.3.1.6838.0 and...

PT-2013-08: Remote OS Command Execution in Oracle Siebel CRM

The specialists of the Positive Research center have detected a Remote OS Command Execution vulnerability in Oracle Siebel CRM. An attacker is able to execute arbitrary commands on the target system with current user's privileges and also access its file system using eScript embedded tools. How t...