HP LinuxKI 6.01 - Remote Command Injection Exploit

Exploit Title: HP LinuxKI 6.01 - Remote Command Injection Exploit Author: Cody Winkler Vendor Homepage: https://www.hpe.com/us/en/home.html Software Link: https://github.com/HewlettPackard/LinuxKI/releases/tag/v6.0-1 Version: = v6.0-1 Tested on: LinuxKI Docker Image CVE: CVE-2020-7209 !/usr/bin/e...

HP LinuxKI 6.01 - Remote Command Injection

Exploit Title: HP LinuxKI 6.01 - Remote Command Injection Date: 2020-05-17 Exploit Author: Cody Winkler Vendor Homepage: https://www.hpe.com/us/en/home.html Software Link: https://github.com/HewlettPackard/LinuxKI/releases/tag/v6.0-1 Version: = v6.0-1 Tested on: LinuxKI Docker Image CVE:...

HP LinuxKI 6.01 Remote Command Injection

Exploit Title: HP LinuxKI 6.01 - Remote Command Injection Date: 2020-05-17 Exploit Author: Cody Winkler Vendor Homepage: https://www.hpe.com/us/en/home.html Software Link: https://github.com/HewlettPackard/LinuxKI/releases/tag/v6.0-1 Version: = v6.0-1 Tested on: LinuxKI Docker Image CVE:...

IBM Spectrum Protect Plus username Command Injection

The IBM Spectrum Protect Plus administrative console running on the remote host is affected by a remote command injection vulnerability due to improper validation of user-supplied data when processing a login HTTP request. An unauthenticated, remote attacker can exploit this, via a specially...

D-Link DWL-2600 Authentication Remote Command Injection Vulnerability

The D-Link DWL-2600 is a wireless access point device. A security vulnerability exists in the D-Link DWL-2600. An attacker can exploit the vulnerability to inject arbitrary commands...

CVE-2020-10603

WebAccess/NMS versions prior to 3.0.2 does not properly sanitize user input and may allow an attacker to inject system commands remotely...

CVE-2020-10603

Advantech WebAccess/NMS prior to version 3.0.2 is vulnerable to CVE-2020-10603 (OS command injection) due to improper sanitization of user input, enabling remote command execution. ZDI notes exploitation via the ManualDBBackup endpoint filename parameter, potentially with authentication bypass; c...

DLINK DWL-2600 Authenticated Remote Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'DLINK DWL-2600 Authenticated Remote Command Injection', 'Description' = %q Some DLINK Access Points are vulnerable to an authenticated OS command...

Hackers Exploit Zero-Day Bugs in Draytek Devices to Target Enterprise Networks

Cybersecurity researchers with Qihoo 360's NetLab today unveiled details of two recently spotted zero-day cyberattack campaigns in the wild targeting enterprise-grade networking devices manufactured by Taiwan-based DrayTek. According to the report, at least two separate groups of hackers exploite...

Draytek Vigor3900, Vigor2960 and Vigor300B Operating System Command Injection Vulnerability

DrayTek Vigor3900 and others are products of DrayTek Taiwan, China.DrayTek Vigor3900 is a broadband router/VPN gateway appliance.Vigor2960 is a load-balancing router and VPN gateway appliance.Vigor300B is a load-balancing router. A security vulnerability exists in the /cgi-bin/activate.cgi file i...

CVE-2020-10826

/cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve command injection via a remote HTTP request in DEBUG mode...

EKAKIN Shihonkanri Plus GOOUT Operating System Command Injection Vulnerability

EKAKIN Shihonkanri Plus GOOUT is a CGI Common Gateway Interface from EKAKIN Japan. An operating system command injection vulnerability exists in EKAKIN Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10. A remote attacker could exploit this vulnerability to execute arbitrary operating system commands...

Keijiban Tsumiki Free CGI Operating System Command Injection Vulnerability

Keijiban Tsumiki Free CGI is a free CGI public gateway interface. An operating system command injection vulnerability exists in Keijiban Tsumiki v1.15. A remote attacker can exploit this vulnerability to execute arbitrary operating system commands...

UCM6202 1.0.18.13 - Remote Command Injection Exploit

Exploit for hardware platform in category web applications Exploit Title: UCM6202 1.0.18.13 - Remote Command Injection Exploit Author: Jacob Baines Vendor: http://www.grandstream.com Product Link: http://www.grandstream.com/products/ip-pbxs/ucm-series-ip-pbxs/product/ucm6200-series Tested on:...

UCM6202 1.0.18.13 Remote Command Injection

Exploit Title: UCM6202 1.0.18.13 - Remote Command Injection Date: 2020-03-23 Exploit Author: Jacob Baines Vendor: http://www.grandstream.com Product Link: http://www.grandstream.com/products/ip-pbxs/ucm-series-ip-pbxs/product/ucm6200-series Tested on: UCM6202 1.0.18.13 CVE : CVE-2020-5722 Shodan...

UCM6202 1.0.18.13 - Remote Command Injection

UCM6202 1.0.18.13 - Remote Command Injection Exploit Title: UCM6202 1.0.18.13 - Remote Command Injection Date: 2020-03-23 Exploit Author: Jacob Baines Vendor: http://www.grandstream.com Product Link: http://www.grandstream.com/products/ip-pbxs/ucm-series-ip-pbxs/product/ucm6200-series Tested on:...

UCM6202 1.0.18.13 - Remote Command Injection

Exploit Title: UCM6202 1.0.18.13 - Remote Command Injection Date: 2020-03-23 Exploit Author: Jacob Baines Vendor: http://www.grandstream.com Product Link: http://www.grandstream.com/products/ip-pbxs/ucm-series-ip-pbxs/product/ucm6200-series Tested on: UCM6202 1.0.18.13 CVE : CVE-2020-5722 Shodan...

rConfig 3.9.4 - (search.crud.php) Remote Command Injection Exploit

Exploit for php platform in category web applications Exploit Title: rConfig 3.9.4 - 'search.crud.php' Remote Command Injection Exploit Author: Matthew Aberegg, Michael Burkey Vendor Homepage: https://www.rconfig.com Software Link: https://www.rconfig.com/downloads/rconfig-3.9.4.zip Version:...

rConfig 3.9.4 Remote Command Injection

Exploit Title: rConfig 3.9.4 - 'search.crud.php' Remote Command Injection Date: 2020-03-21 Exploit Author: Matthew Aberegg, Michael Burkey Vendor Homepage: https://www.rconfig.com Software Link: https://www.rconfig.com/downloads/rconfig-3.9.4.zip Version: rConfig 3.9.4 Tested on: Cent OS 7 1908...

rConfig 3.9.4 - search.crud.php Remote Command Injection

rConfig 3.9.4 - search.crud.php Remote Command Injection Exploit Title: rConfig 3.9.4 - 'search.crud.php' Remote Command Injection Date: 2020-03-21 Exploit Author: Matthew Aberegg, Michael Burkey Vendor Homepage: https://www.rconfig.com Software Link:...