GHSA-68WV-RJRM-576P Cross-Site Request Forgery (CSRF) in Apache Airflow

In Apache Airflow 1.8.2 and earlier, a CSRF vulnerability allowed for a remote command injection on a default install of Airflow...

Apache Airflow Cross-Site Request Forgery Vulnerability

Apache Airflow is the United States Apache Apache Software Foundation's set of open source platform for creating, managing and monitoring workflow. The platform has dynamic and scalable features. A cross-site request forgery vulnerability exists in Apache Airflow 1.8.2 and earlier versions. A...

CVE-2017-17835

In Apache Airflow 1.8.2 and earlier, a CSRF vulnerability allowed for a remote command injection on a default install of Airflow...

Command injection

In Apache Airflow 1.8.2 and earlier, a CSRF vulnerability allowed for a remote command injection on a default install of Airflow...

PYSEC-2019-148

In Apache Airflow 1.8.2 and earlier, a CSRF vulnerability allowed for a remote command injection on a default install of Airflow...

PYSEC-2019-148

In Apache Airflow 1.8.2 and earlier, a CSRF vulnerability allowed for a remote command injection on a default install of Airflow...

CVE-2017-17835

In Apache Airflow 1.8.2 and earlier, a CSRF vulnerability allowed for a remote command injection on a default install of Airflow...

CVE-2017-17835

In Apache Airflow 1.8.2 and earlier, a CSRF vulnerability allowed for a remote command injection on a default install of Airflow...

CVE-2017-17835

CVE-2017-17835 affects Apache Airflow 1.8.2 and earlier. The vulnerability is described as a CSRF flaw that allowed remote command injection on a default Airflow install. The connected documents corroborate the CSRF/vector and the potential for command execution, but do not provide exploitation d...

CVE-2017-17835

In Apache Airflow 1.8.2 and earlier, a CSRF vulnerability allowed for a remote command injection on a default install of Airflow...

AudioCode 400HD Remote Command Injection

CVE-2018-10093 Remote command injection vulnerability in AudioCode IP phones Description The AudioCodes 400HD series of IP phones consists in a range of easy-to-use, feature-rich desktop devices for the service provider hosted services, enterprise IP telephony and contact center markets. The CGI...

AudioCode 400HD Remote Command Injection Vulnerability

Exploit for cgi platform in category web applications CVE-2018-10093 Remote command injection vulnerability in AudioCode IP phones Description The AudioCodes 400HD series of IP phones consists in a range of easy-to-use, feature-rich desktop devices for the service provider hosted services,...

Wifi-soft's Unibox Controllers Remote Command Injection Vulnerability (CNVD-2019-00771)

Wifi-soft's Unibox Controllers are fast-paced network controllers for all large and small venues. A remote code injection vulnerability exists in Wifi-soft's Unibox Controllers. An attacker can exploit the vulnerability to inject arbitrary code...

Wifi-soft's Unibox Controllers Remote Command Injection Vulnerability (CNVD-2019-00770)

Wifi-soft's Unibox Controllers are fast-paced network controllers for all large and small venues. A remote code injection vulnerability exists in Wifi-soft's Unibox Controllers. An attacker can exploit the vulnerability to inject arbitrary code...

FutureNet NXR-G240 Series ShellShock Command Injection Exploit

-- coding: utf-8 -- Title: FutureNet NXR-G240 Series - "ShellShock" Remote Command Injection Author: Nassim Asrir You have a Q ? Contact me at: https://www.linkedin.com/in/nassim-asrir-b73a57122/ Vendor: http://www.centurysys.co.jp/ CVE: CVE-2014-6271 Greetz to : Nadia BENCHIKHA for the great hel...

FutureNet NXR-G240 Series ShellShock Command Injection

-- coding: utf-8 -- Title: FutureNet NXR-G240 Series - "ShellShock" Remote Command Injection Date: 2018-06-12 Author: Nassim Asrir You have a Q ? Contact me at: https://www.linkedin.com/in/nassim-asrir-b73a57122/ Vendor: http://www.centurysys.co.jp/ CVE: CVE-2014-6271 Greetz to : Nadia BENCHIKHA...

CVE-2018-15716

NUUO NVRMini2 version 3.9.1 is vulnerable to authenticated remote command injection. An attacker can send crafted requests to upgradehandle.php to execute OS commands as root...

CVE-2018-15716

NUUO NVRMini2 version 3.9.1 is vulnerable to authenticated remote command injection. An attacker can send crafted requests to upgradehandle.php to execute OS commands as root...

CVE-2018-15716

NUUO NVRMini2 version 3.9.1 is vulnerable to an authenticated command injection via upgrade_handle.php, allowing OS command execution as root. Exploitation details and PoCs are present in multiple sources (PacketStorm, Exploit-DB; authenticated flow shown). The advisory recommends upgrading to ve...

CVE-2018-13307

System command injection in fromNtp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ntpServerIp2" POST parameter. Certain payloads cause the device to become permanently inoperable...