CVE-2018-1238

Dell EMC ScaleIO versions prior to 2.5, contain a command injection vulnerability in the Light Installation Agent LIA. This component is used for central management of ScaleIO deployment and uses shell commands for certain actions. A remote malicious user, with network access to LIA and knowledge...

PowerShell Downgrade Attack: Unicorn

PowerShell Downgrade Attack Magic Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber’s powershell attacks and the powershell bypass technique presented by David Kennedy TrustedSec and Josh Kelly at Defcon 18. Usage ...

Remote Command Injection Vulnerability in Riptide Networks NBR1300G-E&RG-EG2000CE-1T

Riptide Networks NBR1300G-E is a new generation gateway product. Riptide Networks RG-EG2000CE-1T is an SSL VPN device. A remote command injection vulnerability exists in Riptide Networks NBR1300G-E & RG-EG2000CE-1T. An attacker can send malicious code to realize remote command injection before...

Zoho ManageEngine Applications Manager Remote Code Execution Vulnerability (CNVD-2018-06478)

ZOHO ManageEngine Applications Manager is a set of application performance monitoring software from ZOHO. The software allows remote monitoring and management of different business systems, applications and network services e.g. servers, operating systems, etc.. A command injection vulnerability...

Multiple IoT Vendors – Multiple Vulnerabilities

Vulnerabilities summary The following advisory describes three 3 vulnerabilities found in the following vendors: Lorex StarVedia Eminent Kraun The vulnerabilities found: Hard-coded credentials Remote command injection 2 It is possible to chain the vulnerabilities and to achieve unauthenticated...

USN-3571-1 erlang vulnerabilities

It was discovered that the Erlang FTP module incorrectly handled certain CRLF sequences. A remote attacker could possibly use this issue to inject arbitrary FTP commands. This issue only affected Ubuntu 14.04 LTS. CVE-2014-1693 It was discovered that Erlang incorrectly checked CBC padding bytes. ...

RubyGems echor 'backplane.rb' remote command injection vulnerability

RubyGems echor is a Ruby-based Echo application developed by software developer Pedro Del Gallego. A remote command injection vulnerability exists in RubyGems echor, which stems from the program failing to adequately filter user-submitted input data. An attacker could use this vulnerability to...

Exploit for OS Command Injection in Atom Electron

CVE-2018-1000006-DEMO A demo version of CVE-2018-1000006...

CVE-2017-15637

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the pptphellointerval variable in the pptpserver.lua file...

CVE-2017-15628

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the lcpechointerval variable in the pptpserver.lua file...

CVE-2017-15632

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-mppeencryption variable in the pptpserver.lua file...

CVE-2017-15630

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-remotesubnet variable in the pptpclient.lua file...

CVE-2017-15635

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the maxconn variable in the sessionlimits.lua file...

CVE-2017-15620

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-zone variable in the ipmacimport.lua file...

CVE-2017-15615

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the lcpechointerval variable in the pptpclient.lua file...

CVE-2017-15616

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-interface variable in the phddns.lua file...

Command injection

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the olmode variable in the interfacewan.lua file...

CVE-2017-15623

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-enable variable in the pptpserver.lua file...

TP-Link Remote Command Injection

Introduction: ================ The WVR-, WAR- and ER- products are the SOHO/WIFI routers of TP-Link. These issues allow remote authenticated administrators to execute arbitrary commands via command injection through different variables of different lua files. If the attacker obtains the account a...

CVE-2017-17105

Zivif PR115-204-P-RS V2.3.4.2103 and V4.7.4.2121 and possibly in-between versions web cameras are vulnerable to unauthenticated, blind remote command injection via CGI scripts used as part of the web interface, as demonstrated by a...