Lucene search
K

178 matches found

OSV
OSV
added 2019/05/13 1:29 p.m.3 views

CVE-2018-14714

System command injection in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to execute system commands via the "loadscript" URL parameter...

9.8CVSS5.9AI score0.27411EPSS
Exploits3References1
CNVD
CNVD
added 2019/04/28 12:0 a.m.2 views

ASUS Zenfone V Live and Asus ZenFone 3 Max security vulnerabilities

The ASUS Zenfone V Live and the Asus ZenFone 3 Max are both Android-based smartphones from Asus Taiwan, China. The ASUS Zenfone V Live build fingerprint is asus/VZWASUSA009/ASUSA009:7.1.1/NMF26F/14.0610.1802.78-20180313:user/release-keys and the Asus ZenFone 3 Max build fingerprint is...

7.8CVSS7.5AI score0.00416EPSS
Exploits0References1
NVD
NVD
added 2019/03/25 7:29 p.m.25 views

CVE-2019-10040

The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dirlogin.asp and use a hidden API URL /goform/SystemCommand to execute a system command without authentication...

10CVSS9.7AI score0.02522EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/03/25 6:3 p.m.31 views

CVE-2019-10040

The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dirlogin.asp and use a hidden API URL /goform/SystemCommand to execute a system command without authentication...

9.7AI score0.02522EPSS
Exploits1References1
CNVD
CNVD
added 2018/08/25 12:0 a.m.2 views

Command Execution Vulnerability in Rice CMS

DAMI CMS aka 3gcms is a free open source, fast, simple PC station and cell phone station integration integrated system, dedicated to providing users with simple, fast PC station and smartphone station building solutions. Rice CMS command execution vulnerability. Attackers can exploit the...

7.8AI score
Exploits0
NVD
NVD
added 2018/04/04 6:29 p.m.19 views

CVE-2018-1469

IBM API Connect Developer Portal 5.0.0.0 through 5.0.8.2 could allow an unauthenticated attacker to execute system commands using specially crafted HTTP requests. IBM X-Force ID: 140605...

10CVSS9.4AI score0.02788EPSS
Exploits0References2
CNVD
CNVD
added 2018/03/30 12:0 a.m.4 views

Cross-Site Scripting Vulnerability in Foxmail Client

Foxmail is an e-mail client software. An XSS vulnerability exists in the Foxmail client. An attacker can exploit this vulnerability to execute system commands or local boosts, etc...

6.5AI score
Exploits0
seebug.org
seebug.org
added 2017/12/29 12:0 a.m.54 views

Telesquare SKT LTE Router SDT-CS3B1 CSRF System Command Execution

Summary We introduce SDT-CS3B1 LTE router which is a SKT 3G and 4G LTE wireless communication based LTE router product. Description The router suffers from authenticated arbitrary system command execution. The application interface allows users to perform certain actions via HTTP requests without...

7.3AI score
Exploits0
Exploit DB
Exploit DB
added 2017/12/27 12:0 a.m.44 views

Telesquare SKT LTE Router SDT-CS3B1 - Cross-Site Request Forgery

Telesquare SKT LTE Router SDT-CS3B1 CSRF System Command Execution Vendor: Telesquare Co., Ltd. Product web page: http://www.telesquare.co.kr Affected version: FwVer: SDT-CS3B1, sw version 1.2.0 LteVer: ML300S5XEA41090 1 0.1.0 Modem model: PM-L300S Summary: We introduce SDT-CS3B1 LTE router which ...

7.4AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2017/12/27 12:0 a.m.74 views

Telesquare SKT LTE Router SDT-CS3B1 CSRF System Command Execution

Summary We introduce SDT-CS3B1 LTE router which is a SKT 3G and 4G LTE wireless communication based LTE router product. Description The router suffers from authenticated arbitrary system command execution. The application interface allows users to perform certain actions via HTTP requests without...

5.3CVSS6AI score0.00286EPSS
Exploits2
myhack58
myhack58
added 2017/03/15 12:0 a.m.27 views

The regular expression uses the improper triggering of the system command execution vulnerability-vulnerability warning-the black bar safety net

Sometimes, through a regular expression to the string of white list filter is not good。 This example demonstrates a regular expression in the string to the white list filter of time may lead to the OSCI(Operating System Command Injection)vulnerabilities. 0x01 text The test code is as follows:...

0.4AI score
Exploits0
CERT
CERT
added 2017/03/06 12:0 a.m.31 views

dotCMS contains multiple vulnerabilities

Overview The dotCMS administration panel is vulnerable to cross-site request forgery, and the "Push Publishing" feature in Enterprise Pro is vulnerable to path traversal and arbitrary file upload. dotCMS versions 3.7.1 and earlier are affected. Description CWE-352: Cross-Site Request Forgery CSRF...

9.3CVSS8.4AI score0.06546EPSS
Exploits0References4
CNVD
CNVD
added 2017/02/14 12:0 a.m.8 views

Sophos Web Appliance Command Injection Vulnerability

Sophos Web Appliance is a web security gateway solution. An input validation vulnerability in the MgrReport.php file in the web management interface of the Sophos Web Appliance could be exploited by an attacker to submit a special request to inject a system command and execute it...

9CVSS7.1AI score0.19312EPSS
Exploits6References1
CNVD
CNVD
added 2016/10/08 12:0 a.m.6 views

Symantec Web Gateway System Command Injection Vulnerability

Symantec Web Gateway is a spam filter that combines anti-spam, anti-virus, advanced content filtering and data leakage protection technologies from Symantec USA. A system command injection vulnerability exists in Symantec Web Gateway version 5.2.2. The code for the vulnerability is located in the...

9CVSS8AI score0.04605EPSS
Exploits4References1
seebug.org
seebug.org
added 2016/09/07 12:0 a.m.23 views

ZKTeco ZKBioSecurity 3.0 hard-coded login credentials and remote system command execution

No description provided by source...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2015/08/12 12:0 a.m.33 views

Thomson Reuters FATCA Local File Inclusion

Title: Thomson Reuters FATCA - Local File Inclusion Author: Jakub Pałaczyński Date: 10. June 2015 CVE: CVE-2015-5952 Affected software: ================== All versions of Thomson Reuters FATCA below v5.2 Exploit was tested on: ====================== Thomson Reuters FATCA v5.1.0.30 Description:...

9.7AI score0.03424EPSS
Exploits2
CNVD
CNVD
added 2015/07/05 12:0 a.m.4 views

Tianrongxin NGFW4000 Command Execution Vulnerability

The TENAA NGFW4000 is a large enterprise-class firewall. A security vulnerability exists in Tianrongxin NGFW4000, which allows an attacker to exploit this vulnerability to execute system commands...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/05/20 12:0 a.m.42 views

JDWP 代码执行漏洞

JPDAJava Platform Debugger Architecture 是 Java 平台调试体系结构的缩写,通过 JPDA 提供的 API,开发人员可以方便灵活的搭建 Java 调试应用程序。JPDA 主要由三个部分组成:Java虚拟机工具接口(JVMTI),Java 调试线协议(JDWP),以及 Java 调试接口(JDI)。JDWP协议可以支持远程调试,当次接口未授权访问时,可以执行Java代码,造成代码执行,获取服务器权限。服务端监听80端口记录访问: 使用jdwp-shellifier,执行系统命令:python jdwp-shellifier.py -t...

7.1AI score
Exploits0
OSV
OSV
added 2014/11/24 3:59 p.m.9 views

CVE-2014-8417

ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to 1 gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or 2 execute arbitrary system...

7.3AI score
Exploits0References1
0day.today
0day.today
added 2013/10/02 12:0 a.m.77 views

GLPI 0.84.1 - Multiple Vulnerabilities

GLPI version 0.84.1 suffers from improper access control bypass and PHP code injection vulnerabilities. Product: GLPI Vendor: INDEPNET Vulnerable Versions: 0.84.1 and probably prior Tested Version: 0.84.1 Advisory Publication: September 11, 2013 without technical details Vendor Notification:...

6.8CVSS0.9AI score0.07855EPSS
Exploits11
Rows per page
Query Builder