IBM Spectrum Protect Plus OpenSSH Remote Command Injection

The IBM Spectrum Protect Plus running on the remote host is affected by a remote command injection vulnerability due to improper input validation in the remote function in scp.c. An unauthenticated, remote attacker can exploit this, by using backtick characters in the destination argument, to...

YzmCMS Cross-Site Scripting Vulnerability (CNVD-2021-47391)

Yzmcms is an open source CMS Content Management System for Yzmcms individual developers. A cross-site scripting vulnerability exists in yzmcms v5.2, which can be exploited by a remote attacker to inject commands into the "referer" field of a POST request to the component "member index login.html"...

CVE-2021-22899

A command injection vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to perform remote code execution via Windows Resource Profiles Feature...

CommScope Ruckus IoT Controller 1.7.1.0 Undocumented Account

KL-001-2021-007: CommScope Ruckus IoT Controller Undocumented Account Title: CommScope Ruckus IoT Controller Undocumented Account Advisory ID: KL-001-2021-007 Publication Date: 2021.05.26 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2021-007.txt 1. Vulnerability Details...

CommScope Ruckus IoT Controller 1.7.1.0 Undocumented Account Vulnerability

An upgrade account is included in the IoT Controller OVA that provides the vendor undocumented access via Secure Copy SCP. 1. Vulnerability Details Affected Vendor: CommScope Affected Product: Ruckus IoT Controller Affected Version: 1.7.1.0 and earlier Platform: Linux CWE Classification: CWE-798:...

CommScope Ruckus IoT Controller Undocumented Account

Vulnerability Details Affected Vendor: CommScope Affected Product: Ruckus IoT Controller Affected Version: 1.7.1.0 and earlier Platform: Linux CWE Classification: CWE-798: Use of Hard-coded Credentials, CWE-912: Hidden Functionality CVE ID: CVE-2021-33216 2. Vulnerability Description An upgrade...

PHP 8.1.0-dev Backdoor Remote Command Injection

Exploit Title: PHP 8.1.0-dev backdoor | Remote Command Injection Unauthenticated Date: 23/05/2021 Exploit Author: Richard Jones Vendor Homepage: https://www.php.net/ Software Link: https://github.com/vulhub/vulhub/tree/master/php/8.1-backdoor Version: PHP 8.1.0-dev Tested on: Linux Ubuntu 20.04.2...

PHP 8.1.0-dev Backdoor Remote Command Injection Exploit

Exploit Title: PHP 8.1.0-dev backdoor | Remote Command Injection Unauthenticated Exploit Author: Richard Jones Vendor Homepage: https://www.php.net/ Software Link: https://github.com/vulhub/vulhub/tree/master/php/8.1-backdoor Version: PHP 8.1.0-dev Tested on: Linux Ubuntu 20.04.2 LTS...

CVE-2021-1550

Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper...

Zzzcms 操作系统命令注入漏洞

ZZZCMS zzzphp is a content management system CMS. A security vulnerability exists in Zzzcms prior to version 2.0.4. The vulnerability stems from the failure of a network system or product to properly filter special characters, commands, etc. during the execution of user input construction command...

Command injection

Inim Electronics SmartLiving SmartLAN/G/SI =6.x suffers from an authenticated remote command injection vulnerability. The issue exist due to the 'par' POST parameter not being sanitized when called with the 'testemail' module through web.cgi binary. The vulnerable CGI binary ELF 32-bit LSB...

CVE-2020-21992

Inim Electronics SmartLiving SmartLAN/G/SI =6.x suffers from an authenticated remote command injection vulnerability. The issue exist due to the 'par' POST parameter not being sanitized when called with the 'testemail' module through web.cgi binary. The vulnerable CGI binary ELF 32-bit LSB...

Akuvox C315 Remote Command Injection Vulnerability

The Akuvox C315 is a 7-inch Android indoor monitor. A remote command injection vulnerability exists in the cfgdserver service in Akuvox C315 version 115.116.2613. An attacker can exploit this vulnerability by sending a payload to port 189 to inject and execute commands...

CVE-2021-31726

Akuvox C315 115.116.2613 allows remote command Injection via the cfgdserver service. The attack vector is sending a payload to port 189 default root 0.0.0.0...

CVE-2021-31726

Akuvox C315 115.116.2613 allows remote command Injection via the cfgdserver service. The attack vector is sending a payload to port 189 default root 0.0.0.0...

Command injection

Akuvox C315 115.116.2613 allows remote command Injection via the cfgdserver service. The attack vector is sending a payload to port 189 default root 0.0.0.0...

CVE-2021-31726

CVE-2021-31726 affects Akuvox C315 (7-inch Android indoor monitor). The cfgd_server service is vulnerable to remote command injection when a payload is sent to port 189 on 0.0.0.0, enabling arbitrary command execution. NVD cites CVSS v3.1 base score 9.8 (CRITICAL) with network access and no authe...

CVE-2021-31726

Akuvox C315 115.116.2613 allows remote command Injection via the cfgdserver service. The attack vector is sending a payload to port 189 default root 0.0.0.0...

CVE-2021-27708

Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes glibc's system...

NEC Aterm WF1200C 操作系统命令注入漏洞

The NEC Aterm WF1200C is a wireless router from Nippon Electric NEC. A security vulnerability exists in Aterm WF1200CR: version 1.3.2, version 1.3.3, and version 1.5.1, which allows remote users to execute arbitrary shell commands on the target system...