3860 matches found
CVE-2016-20017
CVE-2016-20017 affects D-Link DSL-2750B devices prior to firmware version 1.05. The vulnerability allows remote unauthenticated command injection via the login.cgi cli parameter, enabling total compromise of affected routers as described in multiple sources. Exploitation was observed in the wild ...
PT-2022-5275 · D Link · D-Link Dir-878
Name of the Vulnerable Software and Affected Versions: D-Link DIR878 version 1.30B08 Hotfix 04 Description: The issue is related to a command injection vulnerability via the component /bin/proc.cgi. This vulnerability may allow a remote attacker to execute arbitrary code. The /bin/proc.cgi...
MiniDVBLinux 5.4 Remote Root Command Injection Exploit
!/usr/bin/env python3 MiniDVBLinux 5.4 Remote Root Command Injection Vulnerability Vendor: MiniDVBLinux Product web page: https://www.minidvblinux.de Affected version: =5.4 Summary: MiniDVBLinuxTM Distribution MLD. MLD offers a simple way to convert a standard PC into a Multi Media Centre based o...
CVE-2022-3492
A vulnerability classified as critical was found in SourceCodester Human Resource Management System 1.0. This vulnerability affects unknown code of the component Profile Photo Handler. The manipulation of the argument parameter leads to os command injection. The attack can be initiated remotely...
CVE-2022-3492
A vulnerability classified as critical was found in SourceCodester Human Resource Management System 1.0. This vulnerability affects unknown code of the component Profile Photo Handler. The manipulation of the argument parameter leads to os command injection. The attack can be initiated remotely...
CVE-2022-3492
CVE-2022-3492 concerns SourceCodester Human Resource Management System 1.0, specifically the Profile Photo Handler component. The core issue is the manipulation of an argument parameter that enables an OS command injection, with a remote attack surface. Several connected sources reiterate the vul...
Apache Spark < 3.0.3 / 3.1.1 < 3.1.2 Remote Command Injection
Apache Spark UI versions 3.0.3, 3.1.1 3.1.2 with ACL's on the server instance perform insufficient sanitization of parameters subsequently used in a permissions check, which may allow an attacker to inject arbitrary shell commands with the permissions of the Spark user. No source data...
The vulnerability in the web interface of the commutable managed distribution power supply PDU (iBoot-PDU), which allows a hacker to inject operating system commands.
The vulnerability of the iBoot-PDU web interface of a commutable managed distribution power block is related to the possibility of commands being injected. Exploiting this vulnerability could allow an attacker to inject operating system commands remotely...
TOTOLINK A720R 操作系统命令注入漏洞
TOTOLINK A720R is a wireless router from China's Gion Electronics TOTOLINK with dual-band Wi-Fi capabilities, focusing on high-speed internet and signal coverage. The TOTOLINK A720R suffers from a code execution vulnerability that stems from the over setdiagnosicfg function found to contain a...
CVE-2022-37061
All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are vulnerable to Remote Command Injection. This can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST parameter in the res.php endpoint. A successful exploit could allow th...
CVE-2022-37061
All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are vulnerable to Remote Command Injection. This can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST parameter in the res.php endpoint. A successful exploit could allow th...
Command injection
All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are vulnerable to Remote Command Injection. This can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST parameter in the res.php endpoint. A successful exploit could allow th...
CVE-2022-37061
All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are vulnerable to Remote Command Injection. This can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST parameter in the res.php endpoint. A successful exploit could allow th...
PT-2022-23777 · Flir · Flir Ax8
Name of the Vulnerable Software and Affected Versions: FLIR AX8 thermal sensor cameras version up to and including 1.46.16 Description: The issue allows for Remote Command Injection, which can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST...
CVE-2022-37061
All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are vulnerable to Remote Command Injection. This can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST parameter in the res.php endpoint. A successful exploit could allow th...
CVE-2022-37061
CVE-2022-37061 – FLIR AX8 RCE vulnerability (up to firmware 1.46.16) : The issue is an unauthenticated remote command injection via the POST parameter id to res.php, allowing an attacker to execute arbitrary shell commands as root. Public reports indicate exploitation in the wild (e.g., Metasploi...
AirSpot 5410 0.3.4.1-4 Remote Command Injection Exploit
-- coding: utf-8 -- Exploit Title: AirSpot unauthenticated remote command injection Date: 7/26/2022 Exploit Author: Samy Younsi NSLABS https://samy.link Vendor Homepage: https://www.airspan.com/ Software Link: https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf Version: 0.3.4.1-4 and under. Tested...
CVE-2022-36267
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in one of the parameters allowing for remote code...
CVE-2022-36267
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in one of the parameters allowing for remote code...
CVE-2022-36267
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in one of the parameters allowing for remote code...