Legacy Server BMC Remote Command Injection

In some Lenovo ThinkServer-branded servers, a command injection vulnerability exists in the BMC firmware download command. This allows a privileged user to download and execute arbitrary code inside the BMC. This can only be exploited by authorized privileged users...

Command injection

The karo gem 2.3.8 for Ruby allows Remote command injection via the host field...

CVE-2014-10075

The karo gem 2.3.8 for Ruby allows Remote command injection via the host field...

CVE-2014-10075

CVE-2014-10075 affects the Ruby karo gem (v2.3.8) and enables Remote command injection via the host field. The flaw resides in db.rb where metacharacters are mishandled, allowing an attacker to execute arbitrary commands (examples show building and executing a shell command with unsanitized input...

WordPress Plainview Activity Monitor Plugin OS Command Injection Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports PHP and MySQL server set up a personal blog site . Plainview Activity Monitor plugin is used in one of the website user activity monitoring plugin . An operating syst...

Cisco SD-WAN Solution Remote Command Injection Vulnerability (CNVD-2018-14074)

Cisco vBond Orchestrator Software and other products are from Cisco. cisco vBond Orchestrator Software is a set of security network extension management software. vEdge 100 Series Routers is a 100 series router product. SD-WAN Solution is a set of network extension solution running in it. A comma...

PT-2018-2662 · Linksys · Linksys E2500 +1

Name of the Vulnerable Software and Affected Versions: Linksys E1200 versions 2.0.09 Linksys E2500 versions 3.0.04 Description: The issue exists due to improper filtering of data passed to and retrieved from NVRAM, allowing for OS command injection. This can be exploited by a remote attacker to...

CVE-2018-7785

In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows authentication bypass...

CVE-2018-7785

In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows authentication bypass...

Command injection

In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows authentication bypass...

CVE-2018-7785

In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows authentication bypass...

CVE-2018-7785

CVE-2018-7785 affects Schneider Electric’s U.motion Builder software prior to version 1.3.4. The vulnerability is a remotely exploitable command injection that leads to authentication bypass, with high/critical impact reported (network access, no authentication, full or partial compromise of conf...

Nikto 2.1.6 - CSV Injection

Nikto 2.1.6 - CSV Injection Exploit Title: Nikto 2.1.6 - CSV Injection Google Dork: N/A Date: 2018-06-01 Exploit Author: Adam Greenhill Vendor Homepage: https://cirt.net/Nikto2 Software Link: https://github.com/sullo/nikto Affected Version: 2.1.6, 2.1.5 Category: Applications Tested on: Kali Linu...

Security Bulletin: IBM QRadar Incident Forensics, as found in IBM QRadar SIEM, is vulnerable to an authentication bypass leading to remote command injection. (CVE-2018-1418)

Summary An authentication bypass leading to remote command injection has been found in IBM QRadar Incident Forensics. Vulnerability Details CVEID: CVE-2018-1418 DESCRIPTION: IBM QRadar Incident Forensics could allow a user to bypass authentication which could lead to code execution. CVSS Base...

QNAP QTS Remote Command Injection (CVE-2013-0143)

Remote command injection vulnerabilities exist in QNAP QTS. A remote attacker can exploit these weaknesses to execute arbitrary commands in the affected devices via a crafted request...

Fedora 27 : mysql-mmm (2018-e31f52c5ee)

Multi-Master Replication Manager for MySQL mmmagentd Remote Command Injection Vulnerabilities This update adds data sanitization to inputs for the mmm agent. Multiple exploitable remote command injection vulnerabilities exist in the MySQL Master-Master Replication Manager MMM mmmagentd daemon...

Fedora 26 : mysql-mmm (2018-92f04c6b61)

Multi-Master Replication Manager for MySQL mmmagentd Remote Command Injection Vulnerabilities This update adds data sanitization to inputs for the mmm agent. Multiple exploitable remote command injection vulnerabilities exist in the MySQL Master-Master Replication Manager MMM mmmagentd daemon...

D-Link DSL-2750B OS Command Injection

This module exploits a remote command injection vulnerability in D-Link DSL-2750B devices. Vulnerability can be exploited through "cli" parameter that is directly used to invoke "ayecli" binary. Vulnerable firmwares are from 1.01 up to 1.03. This module requires Metasploit:...

CVE-2018-10992

lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument, because the GNU...

Git Remote Command Injection Vulnerability

Git is a free, open source distributed version control system developed by American software developer Linus Torvalds Linus Torvalds. A command vulnerability exists in Git versions prior to 2.7.5. A remote attacker can run an arbitrary device with the help of a specially crafted 'ssh://...' URL t...