rConfig 3.9.4 - 'search.crud.php' Remote Command Injection

Exploit Title: rConfig 3.9.4 - 'search.crud.php' Remote Command Injection Date: 2020-03-21 Exploit Author: Matthew Aberegg, Michael Burkey Vendor Homepage: https://www.rconfig.com Software Link: https://www.rconfig.com/downloads/rconfig-3.9.4.zip Version: rConfig 3.9.4 Tested on: Cent OS 7 1908...

CVE-2019-19940

Incorrect input sanitation in text-oriented user interfaces telnet, ssh in Swisscom Centro Grande before 6.16.12 allows remote authenticated users to execute arbitrary commands via command injection...

Drobo 5N2 4.1.1 Remote Command Injection

Exploit Title: Drobo 5N2 4.1.1 - Remote Command Injection Date: 2020-03-12 Exploit Author: Rick Ramgattie, Ian Sindermann Vendor Homepage: https://www.drobo.com/ Version: 4.1.1 and lower. CVE: CVE-2018-14709, CVE-2018-14701 !/usr/bin/env python3 nasty.py - A proof-of-concept utility for malicious...

Drobo 5N2 4.1.1 - Remote Command Injection Exploit

Exploit Title: Drobo 5N2 4.1.1 - Remote Command Injection Date: 2020-03-12 Exploit Author: Rick Ramgattie, Ian Sindermann Vendor Homepage: https://www.drobo.com/ Version: 4.1.1 and lower. CVE: CVE-2018-14709, CVE-2018-14701 !/usr/bin/env python3 nasty.py - A proof-of-concept utility for malicious...

Drobo 5N2 4.1.1 - Remote Command Injection

Drobo 5N2 4.1.1 - Remote Command Injection Exploit Title: Drobo 5N2 4.1.1 - Remote Command Injection Date: 2020-03-12 Exploit Author: Rick Ramgattie, Ian Sindermann Vendor Homepage: https://www.drobo.com/ Version: 4.1.1 and lower. CVE: CVE-2018-14709, CVE-2018-14701 !/usr/bin/env python3 nasty.py...

Drobo 5N2 4.1.1 - Remote Command Injection

Exploit Title: Drobo 5N2 4.1.1 - Remote Command Injection Date: 2020-03-12 Exploit Author: Rick Ramgattie, Ian Sindermann Vendor Homepage: https://www.drobo.com/ Version: 4.1.1 and lower. CVE: CVE-2018-14709, CVE-2018-14701 !/usr/bin/env python3 nasty.py - A proof-of-concept utility for malicious...

D-Link DIR-825 and TRENDnet TEW-632BRP Command Injection Vulnerability (CNVD-2020-16100)

The D-Link DIR-825 is an AC 1200 Wi-Fi dual-band Gigabit LAN/WAN router.The TRENDnet TEW-632BRP is a 300Mbps wireless home router. A command injection vulnerability exists in the D-Link DIR-825 and TRENDnet TEW-632BRP. A remote attacker can exploit this vulnerability to execute arbitrary commands...

CVE-2013-7380

The Etherpad Lite epimageconvert Plugin has a Remote Command Injection Vulnerability...

CVE-2013-7380

The Etherpad Lite epimageconvert Plugin has a Remote Command Injection Vulnerability Authentication is not required for remote exploitation...

UBUNTU-CVE-2013-7380

The Etherpad Lite epimageconvert Plugin has a Remote Command Injection Vulnerability Authentication is not required for remote exploitation...

Command injection

The Etherpad Lite epimageconvert Plugin has a Remote Command Injection Vulnerability...

CVE-2013-7380

The Etherpad Lite ep_imageconvert Plugin for Etherpad Lite is affected by a Remote Command Injection vulnerability. Affected: ep_imageconvert

CVE-2013-7380

The Etherpad Lite epimageconvert Plugin has a Remote Command Injection Vulnerability...

Cisco Webex Video Mesh Software CVE-2019-16005 Remote Command Injection Vulnerability

Description Cisco Webex Video Mesh Software is prone to a remote command injection vulnerability. Successfully exploiting this issue may allow an attacker to execute arbitrary commands with root privileges in the context of the affected device. This issue is being tracked by Cisco Bug ID...

D-Link DGS-1510 Command Injection Vulnerability

The D-Link DGS-1510 is a DGS-1510 series switch from AUO D-Link of Taiwan, China. A security vulnerability exists in the D-Link DGS-1510 using firmware versions 1.20.011, 1.30.007, and 1.31.B003 and earlier. A remote attacker can exploit the vulnerability to inject malicious scripts and execute...

DLINK DWL-2600 Authenticated Remote Command Injection

Some DLINK Access Points are vulnerable to an authenticated OS command injection. Default credentials for the web interface are admin/admin. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'DLIN...

Citrix SD-WAN Center trace_route Unauthenticated Remote Command Injection

The remote Citrix SD-WAN Center is affected by a remote command injection vulnerability due to improper sanitization of user-supplied input in the traceroute action of DiagnosticController. An unauthenticated, remote attacker can exploit this, via a specially crafted HTTP request, to execute...

Petwant PF-103 and Petalk AI OS Command Injection Vulnerabilities

Petwant PF-103 is an automated pet feeder from Petwant Pet Products China.Petalk AI is an automated pet feeder with monitoring function. An operating system command injection vulnerability exists in the 'processCommandUploadLog' function of the libcommon.so file in the Petwant PF-103 and Petalk A...

VulnCheck KEV: CVE-2019-18396

An issue was discovered in certain Oi third-party firmware that may be installed on Technicolor TD5130v2 devices. A Command Injection in the Ping module in the Web Interface in OIFwV20 allows remote attackers to execute arbitrary OS commands in the pingAddr parameter to mntping.cgi. NOTE: This...

Inim Electronics SmartLiving SmartLAN/G/SI 6.x Remote Root

!/bin/bash Inim Electronics SmartLiving SmartLAN/G/SI =6.x Root Remote Command Execution Vendor: INIM Electronics s.r.l. Product web page: https://www.inim.biz Link: https://www.inim.biz/en/antintrusion-control-panels/home-automation/control-panel-smartliving? Affected version: =6.x Affected...