NEC Aterm WG2600HS 操作系统命令注入漏洞

The NEC Aterm WG2600HS is a wireless router from Nippon Electric NEC. Aterm WG2600HS: Version 1.5.1 contains a security vulnerability that could allow a remote attacker to execute arbitrary shell commands on the target system...

CVE-2021-26679

A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager versions: Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based management interface allows remote authenticated users to run arbitrary commands on the underlying...

CVE-2020-2507

The vulnerability have been reported to affect earlier versions of QTS. If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3...

CVE-2020-35851

HGiga MailSherlock does not validate specific parameters properly. Attackers can use the vulnerability to launch Command inject attacks remotely and execute arbitrary commands of the system...

CVE-2020-35851

HGiga MailSherlock is affected by CVE-2020-35851: a vulnerability where the product does not validate specific parameters properly, enabling remote command injection and arbitrary command execution. The issue is documented across multiple sources (e.g., CNVD-2021-06950, NVD, CVE lists) and is des...

CVE-2020-24634

An attacker is able to remotely inject arbitrary commands by sending especially crafted packets destined to the PAPI Aruba Networks AP Management protocol UDP port 8211 of access-pointsor controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility...

CVE-2020-24634

An attacker is able to remotely inject arbitrary commands by sending especially crafted packets destined to the PAPI Aruba Networks AP Management protocol UDP port 8211 of access-pointsor controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility...

WARNING — Critical Remote Hacking Flaws Affect D-Link VPN Routers

Some widely sold D-Link VPN router models have been found vulnerable to three new high-risk security vulnerabilities, leaving millions of home and business networks open to cyberattacks—even if they are secured with a strong password. Discovered by researchers at Digital Defense, the three securi...

ZeroShell 3.9.0 - 'cgi-bin/kerbynet' Remote Root Command Injection (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zeroshell 3.9.0 Remote Command Execution', 'Description' = %q This module exploits an unauthenticated command injection vulnerability found in...

CVE-2020-2490

If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. QTS versions prior to 4.4.3.1421 on build 20200907...

CVE-2020-23639

A command injection vulnerability exists in Moxa Inc VPort 461 Series Firmware Version 3.4 or lower that could allow a remote attacker to execute arbitrary commands in Moxa's VPort 461 Series Industrial Video Servers...

PT-2020-8658 · Qnap Systems · Music Station

Name of the Vulnerable Software and Affected Versions: QNAP Systems Inc. Music Station versions prior to 5.1.13 QNAP Systems Inc. Music Station versions prior to 5.2.9 QNAP Systems Inc. Music Station versions prior to 5.3.11 Description: This issue is a command injection vulnerability that could...

CVE-2020-27976

osCommerce Phoenix CE before 1.0.5.4 allows OS command injection remotely. Within admin/mail.php, a from POST parameter can be passed to the application. This affects the PHP mail function, and the sendmail -f option...

Nagios XI 5.7.3 Remote Command Injection

Exploit Title: Nagios XI 5.7.3 - 'mibs.php' Remote Command Injection Authenticated Date: 10-27-2020 Vulnerability Discovery: Chris Lyne Vulnerability Details: https://www.tenable.com/security/research/tra-2020-58 Exploit Author: Matthew Aberegg Vendor Homepage:...

Vulnerabilities fixed in QNAP QTS

QNAS has fixed vulnerabilities in the QTS operating system. The vulnerabilities allow a remote malicious person to to inject arbitrary commands. It is good practice to have the user interface for a system like QTS to be exposed on a separate administrator network. QNAP has released updates to fix...

Nagios XI 5.7.3 - 'mibs.php' Remote Command Injection (Authenticated)

Exploit Title: Nagios XI 5.7.3 - 'mibs.php' Remote Command Injection Authenticated Date: 10-27-2020 Vulnerability Discovery: Chris Lyne Vulnerability Details: https://www.tenable.com/security/research/tra-2020-58 Exploit Author: Matthew Aberegg Vendor Homepage:...

CVE-2020-26878

Ruckus through 1.5.1.0.21 is affected by remote command injection. An authenticated user can submit a query to the API /service/v1/createUser endpoint, injecting arbitrary commands that will be executed as root user via web.py...

CVE-2020-26878

CVE-2020-26878 affects Ruckus IoT Controller (Ruckus vRIoT) up to version 1.5.1.0.21. An authenticated user can submit a crafted request to the API at /service/v1/createUser, injecting commands that are executed with root privileges via web.py. Public sources document this as a remote command-inj...

CVE-2020-12124

A remote command-line injection vulnerability in the /cgi-bin/liveapi.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication...

Remote Command Injection Vulnerability in TP-LINK Archer AX50

TP-LINK is a leading global supplier of network communication equipment. A remote command injection vulnerability exists in the TP-LINK Archer AX50, which can be exploited by an attacker to gain server privileges...