178 matches found
CVE-2018-14714
System command injection in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to execute system commands via the "loadscript" URL parameter...
ASUS Zenfone V Live and Asus ZenFone 3 Max security vulnerabilities
The ASUS Zenfone V Live and the Asus ZenFone 3 Max are both Android-based smartphones from Asus Taiwan, China. The ASUS Zenfone V Live build fingerprint is asus/VZWASUSA009/ASUSA009:7.1.1/NMF26F/14.0610.1802.78-20180313:user/release-keys and the Asus ZenFone 3 Max build fingerprint is...
CVE-2019-10040
The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dirlogin.asp and use a hidden API URL /goform/SystemCommand to execute a system command without authentication...
CVE-2019-10040
The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dirlogin.asp and use a hidden API URL /goform/SystemCommand to execute a system command without authentication...
Command Execution Vulnerability in Rice CMS
DAMI CMS aka 3gcms is a free open source, fast, simple PC station and cell phone station integration integrated system, dedicated to providing users with simple, fast PC station and smartphone station building solutions. Rice CMS command execution vulnerability. Attackers can exploit the...
CVE-2018-1469
IBM API Connect Developer Portal 5.0.0.0 through 5.0.8.2 could allow an unauthenticated attacker to execute system commands using specially crafted HTTP requests. IBM X-Force ID: 140605...
Cross-Site Scripting Vulnerability in Foxmail Client
Foxmail is an e-mail client software. An XSS vulnerability exists in the Foxmail client. An attacker can exploit this vulnerability to execute system commands or local boosts, etc...
Telesquare SKT LTE Router SDT-CS3B1 CSRF System Command Execution
Summary We introduce SDT-CS3B1 LTE router which is a SKT 3G and 4G LTE wireless communication based LTE router product. Description The router suffers from authenticated arbitrary system command execution. The application interface allows users to perform certain actions via HTTP requests without...
Telesquare SKT LTE Router SDT-CS3B1 - Cross-Site Request Forgery
Telesquare SKT LTE Router SDT-CS3B1 CSRF System Command Execution Vendor: Telesquare Co., Ltd. Product web page: http://www.telesquare.co.kr Affected version: FwVer: SDT-CS3B1, sw version 1.2.0 LteVer: ML300S5XEA41090 1 0.1.0 Modem model: PM-L300S Summary: We introduce SDT-CS3B1 LTE router which ...
Telesquare SKT LTE Router SDT-CS3B1 CSRF System Command Execution
Summary We introduce SDT-CS3B1 LTE router which is a SKT 3G and 4G LTE wireless communication based LTE router product. Description The router suffers from authenticated arbitrary system command execution. The application interface allows users to perform certain actions via HTTP requests without...
The regular expression uses the improper triggering of the system command execution vulnerability-vulnerability warning-the black bar safety net
Sometimes, through a regular expression to the string of white list filter is not good。 This example demonstrates a regular expression in the string to the white list filter of time may lead to the OSCI(Operating System Command Injection)vulnerabilities. 0x01 text The test code is as follows:...
dotCMS contains multiple vulnerabilities
Overview The dotCMS administration panel is vulnerable to cross-site request forgery, and the "Push Publishing" feature in Enterprise Pro is vulnerable to path traversal and arbitrary file upload. dotCMS versions 3.7.1 and earlier are affected. Description CWE-352: Cross-Site Request Forgery CSRF...
Sophos Web Appliance Command Injection Vulnerability
Sophos Web Appliance is a web security gateway solution. An input validation vulnerability in the MgrReport.php file in the web management interface of the Sophos Web Appliance could be exploited by an attacker to submit a special request to inject a system command and execute it...
Symantec Web Gateway System Command Injection Vulnerability
Symantec Web Gateway is a spam filter that combines anti-spam, anti-virus, advanced content filtering and data leakage protection technologies from Symantec USA. A system command injection vulnerability exists in Symantec Web Gateway version 5.2.2. The code for the vulnerability is located in the...
ZKTeco ZKBioSecurity 3.0 hard-coded login credentials and remote system command execution
No description provided by source...
Thomson Reuters FATCA Local File Inclusion
Title: Thomson Reuters FATCA - Local File Inclusion Author: Jakub Pałaczyński Date: 10. June 2015 CVE: CVE-2015-5952 Affected software: ================== All versions of Thomson Reuters FATCA below v5.2 Exploit was tested on: ====================== Thomson Reuters FATCA v5.1.0.30 Description:...
Tianrongxin NGFW4000 Command Execution Vulnerability
The TENAA NGFW4000 is a large enterprise-class firewall. A security vulnerability exists in Tianrongxin NGFW4000, which allows an attacker to exploit this vulnerability to execute system commands...
JDWP 代码执行漏洞
JPDAJava Platform Debugger Architecture 是 Java 平台调试体系结构的缩写,通过 JPDA 提供的 API,开发人员可以方便灵活的搭建 Java 调试应用程序。JPDA 主要由三个部分组成:Java虚拟机工具接口(JVMTI),Java 调试线协议(JDWP),以及 Java 调试接口(JDI)。JDWP协议可以支持远程调试,当次接口未授权访问时,可以执行Java代码,造成代码执行,获取服务器权限。服务端监听80端口记录访问: 使用jdwp-shellifier,执行系统命令:python jdwp-shellifier.py -t...
CVE-2014-8417
ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to 1 gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or 2 execute arbitrary system...
GLPI 0.84.1 - Multiple Vulnerabilities
GLPI version 0.84.1 suffers from improper access control bypass and PHP code injection vulnerabilities. Product: GLPI Vendor: INDEPNET Vulnerable Versions: 0.84.1 and probably prior Tested Version: 0.84.1 Advisory Publication: September 11, 2013 without technical details Vendor Notification:...