Command injection

An issue was discovered on Systrome Cumilon ISG-600C, ISG-600H, and ISG-800W devices with firmware V1.1-R2.1TRUNK-20181105.bin. A shell command injection occurs by editing the description of an ISP file. The file network/isp/ispupdateedit.php does not properly validate user input, which leads to...

CVE-2019-7385

CVE-2019-7385 affects Raisecom ISCOM HT803G-U/HT803G-W/HT803G-1GE/HT803G GPON devices with firmware versions

CVE-2019-7385

An authenticated shell command injection issue has been discovered in Raisecom ISCOM HT803G-U, HT803G-W, HT803G-1GE, and HT803G GPON products with the firmware version ISCOMHT803G-U2.0.0140521R4.1.47.002 or below, The values of the newpass and confpass parameters in /bin/WebMGR are used in a syst...

CVE-2019-7384

CVE-2019-7384 affects Raisecom ISCOM HT803G-U, HT803G-W, HT803G-1GE, and HT803G GPON ONTs with firmware

CVE-2019-7384

An authenticated shell command injection issue has been discovered in Raisecom ISCOM HT803G-U, HT803G-W, HT803G-1GE, and HT803G GPON products with the firmware version ISCOMHT803G-U2.0.0140521R4.1.47.002 or below. The value of the fmgponloid parameter is used in a system call inside the boa binar...

CVE-2019-7383

An issue was discovered on Systrome Cumilon ISG-600C, ISG-600H, and ISG-800W devices with firmware V1.1-R2.1TRUNK-20181105.bin. A shell command injection occurs by editing the description of an ISP file. The file network/isp/ispupdateedit.php does not properly validate user input, which leads to...

CVE-2019-7383

CVE-2019-7383 affects Systrome Cumilon ISG-600C, ISG-600H and ISG-800W with firmware V1.1-R2.1_TRUNK-20181105.bin. The issue is a shell command injection in network/isp/isp_update_edit.php caused by improper validation of the des parameter, enabling arbitrary commands when the ISP file descriptio...

SYSTORME ISG Command Injection

===================================== Authenticated Shell Command Injection ===================================== . contents:: Table Of Content Overview ======== Title : Authenticated Shell command Injection Author: Kaustubh G. Padwad CVE ID: CVE-2019-7383 Vendor: Systrome Networks...

Virtuozzo 6 : emacs-git / emacs-git-el / git / git-all / git-cvs / etc (VZLSA-2017-2485)

An update for git is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

Multiple D-Link Routers Open to Complete Takeover with Simple Attack

Eight D-Link routers in the company’s small/home office “DWR” range are vulnerable to complete takeover – but the vendor said it is planning on only patching two, according to a researcher. Błażej Adamczyk of the Silesian University of Technology in Poland discovered the vulnerabilities in May,...

CVE-2018-10823

CVE-2018-10823 affects several D-Link router models (DWR-116 up to 1.06, DWR-512 up to 2.02, DWR-712 up to 2.02, DWR-912 up to 2.02, DWR-921 up to 2.02, DWR-111 up to 1.01). An authenticated attacker can inject shell commands via the chkisg.htm Sip parameter, leading to arbitrary code execution a...

Shell Command Injection

egg-scripts is vulnerable to shell command injection attacks. The attack exists because the library uses the execFile function which is not properly sanitized, allowing the attacker to inject malicious shell commands through command line argument...

CVE-2018-10660

An issue was discovered in multiple models of Axis IP Cameras. There is Shell Command Injection...

CVE-2018-10660

An issue was discovered in multiple models of Axis IP Cameras. There is Shell Command Injection...

CVE-2018-10660

An issue was discovered in multiple models of Axis IP Cameras. There is Shell Command Injection...

CVE-2018-10660

CVE-2018-10660 affects Axis Network Cameras. The connected sources confirm a shell command injection vulnerability in multiple Axis IP Camera models, enabling unauthenticated remote command execution through the .srv-to-parhand flow in the device’s UI/API, potentially giving root/system-level acc...

Axis Cameras Riddled With Vulnerabilities Enabling “Full Control”

A slew of vulnerabilities in Axis cameras could enable an attacker to access camera video streams, control the camera, add it to a botnet or render it useless. Researchers at VDOO, who disclosed the vulns on Monday, recommended that customers update immediately after finding that more than 400 Ax...

Security Bulletin: IBM QRadar SIEM is vulnerable to shell command injection vulnerability in the admin panel. (CVE-2015-4930, CVE-2015-2016 )

Summary IBM QRadar SIEM is vulnerable to a shell command injection the in admin panel if logged in as an admin user. Vulnerability Details CVE-ID: CVE-2015-4930 Description: IBM QRadar could allow a user authenticated with admin access, to execute commands on the server as root. CVSS Base Score:8...

Security Bulletin: IBM Security Network Protection is affected by Shell Command Injection vulnerability (CVE-2014-6183)

Summary A Shell Command Injection vulnerability has been discovered in IBM Security Network Protection. Vulnerability Details CVE-ID: CVE-2014-6183 Description: IBM Security Network Protection could allow a remote attacker to execute arbitrary commands on the system. An authenticated attacker cou...

MMM mmm_agentd shell command injection vulnerability (CNVD-2018-15654)

MySQL Multi-Master Replication Manager MMM is a set of flexible scripts that performs monitoring/failover and management of MySQL master-master replication configurations. mmmagentd is an agent daemon that runs on each MySQL server and provides a simple set of remote services to the monitoring...