IBM Spectrum Protect Plus hostname Command Injection

The IBM Spectrum Protect Plus SPP administrative console running on the remote host is affected by a remote command injection vulnerability due to improper validation of user-supplied data when processing a 'set hostname' HTTP request. An unauthenticated, remote attacker can exploit this, via a...

Cisco Data Center Network Manager Command Injection Vulnerability

Cisco Data Center Network Manager DCNM is a data center management system from Cisco. The system works with Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting. A security vulnerability exists in the REST API endpoint in Cisco DCNM versions...

CVE-2020-13917

rkscli in Ruckus Wireless Unleashed through 200.7.10.92 allows a remote attacker to achieve command injection and jailbreak the CLI via a crafted CLI command. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d, T310n,...

CVE-2020-13919

emfd/libemf in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to achieve command injection via a crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d, T310n, T310s, T610,...

PT-2020-20395 · V Sol +1 · V-Sol Home Routers +2

Name of the Vulnerable Software and Affected Versions: Guangzhou 1GE ONU V2801RW versions 1.9.1-181203 through 2.9.0-181024 Guangzhou 1GE ONU V2804RGW versions 1.9.1-181203 through 2.9.0-181024 V-SOL Home Routers affected versions not specified Description: The issue allows remote attackers to...

The vulnerability of the built-in software of NETGEAR routers such as NETGEAR RBK852, NETGEAR RBK853, NETGEAR RBK842, NETGEAR RBR850, NETGEAR RBS850, NETGEAR RBR840, NETGEAR RBS840, NETGEAR RBK752, NETGEAR RBK753, NETGEAR RBK753S, NETGEAR RBR750, and NETGEAR RBS750 exists due to the failure to address the issue of eliminating specific components. This vulnerability allows attackers to inject arbitrary commands.

The vulnerability of the embedded software of NETGEAR routers such as NETGEAR RBK852, NETGEAR RBK853, NETGEAR RBK842, NETGEAR RBR850, NETGEAR RBS850, NETGEAR RBR840, NETGEAR RBS840, NETGEAR RBK752, NETGEAR RBK753, NETGEAR RBK753S, NETGEAR RBR750, and NETGEAR RBS750 exists due to the lack of...

Sickbeard 0.1 Command Injection

Exploit Title: Sickbeard 0.1 - Remote Command Injection Google Dork: https://www.shodan.io/search?query=sickbeard Date: 2020-06-06 Exploit Author: bdrake Vendor Homepage: https://sickbeard.com/ Software Link: https://github.com/midgetspy/Sick-Beard Version: alpha master -- git :...

Tenda PA6 Wi-Fi Powerline extender command injection vulnerability

Tenda PA6 Wi-Fi Powerline extender is a wireless network range extender from Tenda China. A security vulnerability exists in the Tenda PA6 Wi-Fi Powerline extender version 1.0.1.21. A remote attacker can exploit the vulnerability by sending specially crafted strings to execute injected arbitrary...

CVE-2018-21268

The traceroute aka node-traceroute package through 1.0.0 for Node.js allows remote command injection via the host parameter. This occurs because the Child.exec method, which is considered to be not entirely safe, is used. In particular, an OS command can be placed after a newline character...

CVE-2018-21268

The traceroute aka node-traceroute package through 1.0.0 for Node.js allows remote command injection via the host parameter. This occurs because the Child.exec method, which is considered to be not entirely safe, is used. In particular, an OS command can be placed after a newline character...

CVE-2018-21268

The traceroute aka node-traceroute package through 1.0.0 for Node.js allows remote command injection via the host parameter. This occurs because the Child.exec method, which is considered to be not entirely safe, is used. In particular, an OS command can be placed after a newline character...

CVE-2018-21268

CVE-2018-21268 concerns the node-traceroute package (v1.0.0 and earlier) for Node.js, where remote command injection is possible via the host parameter due to Child.exec() being used, allowing an OS command after a newline. Multiple sources (NVD, Red Hat, GitHub advisories, osv.dev) describe this...

QNAP QTS Remote Command Injection (CVE-2019-7193)

A remote command injection vulnerability exists in QNAP QTS. An authenticated attacker can exploit this vulnerability by injecting arbitrary PHP code into the session. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

Cayin Digital Signage System xPost 2.5 - Remote Command Injection Exploit

Exploit for multiple platform in category web applications Title: Cayin Digital Signage System xPost 2.5 - Remote Command Injection Author:LiquidWorm Vendor: https://www.cayintech.com CVE: N/A !/usr/bin/env python3 Cayin Digital Signage System xPost 2.5 Pre-Auth SQLi Remote Code Execution Vendor:...

Cayin Content Management Server 11.0 - Remote Command Injection (root) Vulnerability

Exploit for multiple platform in category web applications Title: Cayin Content Management Server 11.0 - Remote Command Injection root Author:LiquidWorm Vendor: https://www.cayintech.com CVE: N/A Cayin Content Management Server 11.0 Root Remote Command Injection Vendor: CAYIN Technology Co., Ltd...

Cayin Signage Media Player 3.0 Root Remote Command Injection

!/usr/bin/env python3 Cayin Signage Media Player 3.0 Root Remote Command Injection Vendor: CAYIN Technology Co., Ltd. Product web page: https://www.cayintech.com Affected version: SMP-8000QD v3.0 SMP-8000 v3.0 SMP-6000 v3.0 Build 19025 SMP-6000 v1.0 Build 14246 SMP-6000 v1.0 Build 14199 SMP-6000...

Cayin Signage Media Player 3.0 Root Remote Command Injection

Summary CAYIN Technology provides Digital Signage solutions, including media players, servers, and software designed for the DOOH Digital Out-of-home networks. We develop industrial-grade digital signage appliances and tailored services so you don't have to do the hard work. Description CAYIN...

Cayin Content Management Server 11.0 - Remote Command Injection (root)

Title: Cayin Content Management Server 11.0 - Remote Command Injection root Author:LiquidWorm Date: 2020-06-04 Vendor: https://www.cayintech.com CVE: N/A Cayin Content Management Server 11.0 Root Remote Command Injection Vendor: CAYIN Technology Co., Ltd. Product web page: https://www.cayintech.c...

Cayin Digital Signage System xPost 2.5 - Remote Command Injection

Title: Cayin Digital Signage System xPost 2.5 - Remote Command Injection Author:LiquidWorm Date: 2020-06-04 Vendor: https://www.cayintech.com CVE: N/A !/usr/bin/env python3 Cayin Digital Signage System xPost 2.5 Pre-Auth SQLi Remote Code Execution Vendor: CAYIN Technology Co., Ltd. Product web...

NSA Announces Sandworm Actors Exploiting Exim MTA Vulnerability (CVE-2019-10149)

The Exim MTA vulnerability, initially reported by Qualys in May 2019, is currently being exploited in the wild. Recently, the US National Security Agency NSA announced that Sandworm actors Russian hacker group have been actively exploiting the Exim Mail Transfer Agent vulnerability. Qualys releas...