3849 matches found
CVE-2017-9757
IPFire 2.19 has a Remote Command Injection vulnerability in ids.cgi via the OINKCODE parameter, which is mishandled by a shell. This can be exploited directly by authenticated users, or through CSRF. Recent assessments: h00die at March 25, 2020 12:10am UTC reported: Authentication is required,...
Sophos Web Appliance < 4.3.1 Multiple Remote Command Injection Vulnerabilities
According to its self-reported version number, the Sophos Web Appliance software running on the remote host is prior to 4.3.1. It is, therefore, affected by multiple vulnerabilities : - A remote command injection vulnerability exists in the web administration interface in the...
Remote Command Injection Vulnerability at Foscam camera Add User
FOSCAM Group is a national high-tech enterprise specializing in the design, research and development, manufacturing and sales of network cameras, network video recorders and other products. Remote command injection vulnerability exists in the usrName parameter of the CGIProxy.fcgi addAccount...
Foscam camera remote command injection vulnerability
Foscam camera is a webcam that pushes messages to your phone and also enables video Baidu cloud storage directly through WIFI. Foscam camera has a remote command injection vulnerability in the modelName in the /mnt/mtd/app/config/ProductConfig.xml file. By installing the ProductConfig.xml file in...
Sierra Wireless GX440 Command Injection Vulnerability
The Sierra Wireless GX440 is a gateway device from Sierra Wireless Canada. The Sierra Wireless GX440 suffers from a command injection vulnerability that can be exploited by a remote attacker to submit a special request and execute arbitrary commands...
NETGEAR Multiple Model PHP Remote Command Injection
The remote NETGEAR device is affected by a remote command injection vulnerability in multiple PHP scripts due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially crafted URL, to execute arbitrary commands on the device. Note that...
CVE-2017-8051
Tenable Appliance 3.5 - 4.4.0, and possibly prior versions, contains a flaw in the simpleupload.py script in the Web UI. Through the manipulation of the tnsappliancesessionuser parameter, a remote attacker can inject arbitrary commands...
CVE-2017-8051
CVE-2017-8051 affects Tenable Appliance 3.5–4.4.0 (and possibly earlier) via the simpleupload.py Web UI. The flaw allows arbitrary command execution by manipulating the tns_appliance_session_user parameter, enabling unauthenticated, remote code execution as described in multiple sources (e.g., Re...
Western Digital My Cloud Products Authentication Bypass and Multiple Remote Command Injection Vulnerabilities
Western Digital My Cloud Products are prone to an authentication bypass and multiple remote command injection vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
Textract Operating System Command Injection Vulnerability
textract is a Python library for extracting text content from various documents. An operating system command injection vulnerability exists in textract. A remote attacker can use this vulnerability to inject operating system commands by calling the process function from a filename...
Sophos Web Appliance < 4.3.1.2 Multiple Vulnerabilities
According to its self-reported build number, the Sophos Web Appliance running on the remote host is prior to 4.3.1.2. It is, therefore, affected by following vulnerabilities : - A remote command injection vulnerability exists due to a failure in certain functions to properly sanitize input upon...
QNAP QTS Remote Command Injection
QNAP QTS multiple RCE vulnerabilities ===================================== The latest version of this advisory is available at: https://sintonen.fi/advisories/qnap-qts-multiple-rce-vulnerabilities.txt Overview -------- QNAP QTS firmware contains multiple Command Injection CWE-77 vulnerabilities...
Sophos Web Appliance Remote Command Injection Vulnerability (CNVD-2017-05238)
Sophos Web Appliance SWA is a suite of Web security gateway products from Sophos UK. The product supports real-time web threat protection, customized web filtering and dynamic control of applications. A remote command injection vulnerability exists in Sophos Web Appliance SWA versions prior to...
Sophos Web Appliance Remote Command Injection Vulnerability (CNVD-2017-05239)
Sophos Web Appliance SWA is a suite of Web security gateway products from Sophos UK. The product supports real-time web threat protection, customized web filtering and dynamic control of applications. A remote command injection vulnerability exists in Sophos Web Appliance SWA versions prior to...
CVE-2016-8779
Huawei FusionAccess with software V100R005C10 and V100R005C20 could allow remote attackers with specific permission to inject a Lightweight Directory Access Protocol LDAP operation command into a specific input variable to obtain sensitive information from the database...
Sophos Web Appliance Remote Command Injection Vulnerability (CNVD-2017-04889)
Sophos Web Appliance SWA is a suite of Web security gateway products from Sophos UK. The product supports real-time web threat protection, customized web filtering and dynamic control of applications. A remote command injection vulnerability exists in the interface for report generation in Sophos...
CVE-2017-6184
In Sophos Web Appliance SWA before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via the token parameter, aka NSWA-1303...
Command injection
In Sophos Web Appliance SWA before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304...
CVE-2017-6182
In Sophos Web Appliance SWA before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304...
CVE-2017-6183
In Sophos Web Appliance SWA before 4.3.1.2, a section of the machine's configuration utilities for adding and detecting Active Directory servers was vulnerable to remote command injection, aka NSWA-1314...