1225 matches found
CVE-2019-19509
An issue was discovered in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a GET request to ajaxArchiveFiles.php because the path parameter is passed to the exec function without filtering, which can lead to command execution...
CVE-2019-17621
The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network...
CVE-2019-6685
On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, users with access to edit iRules are able to create iRules which can lead to an elevation of privilege, configuration modification, and arbitrary system command execution...
Design/Logic Flaw
The processCommandUploadLog function of libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user...
Design/Logic Flaw
The processCommandSetMac function of libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user...
CVE-2018-11805
In Apache SpamAssassin, multiple CVEs (notably CVE-2018-11805 and CVE-2020-1930) describe a command-execution flaw in which crafted configuration files (.cf) can run system commands with same privileges as the spamd process. The root cause is untrusted or crafted rule/config files enabling local ...
Amazon Blink XT2 Sync Module OS Command Injection Vulnerability (CNVD-2020-09704)
Blink XT2 Sync Module is a camera synchronization device. Amazon Blink XT2 Sync Module suffers from an operating system command injection vulnerability. The vulnerability arises from a network system or product not properly filtering special characters, commands, etc. from external input data...
FusionPBX Command exec.php Command Execution
This module uses administrative functionality available in FusionPBX to gain a shell. The Command section of the application permits users with execview permissions, or superadmin permissions, to execute arbitrary system commands, or arbitrary PHP code, as the web server user. This module has bee...
CVE-2019-16663
CVE-2019-16663 affects rConfig 3.9.2. An attacker can directly execute system commands by issuing a GET to search.crud.php, where the category command parameter (catCommand) is passed to exec without proper filtering, enabling command execution. The description specifies remote code execution via...
CVE-2019-13652
TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow serviceName OS Command Injection issue 4 of 5...
Code injection
DISPUTED An issue was discovered in SageMath Sage Cell Server through 2019-10-05. Python Code Injection can occur in the context of an internet facing web application. Malicious actors can execute arbitrary commands on the underlying operating system, as demonstrated by an...
CVE-2019-14423
CVE-2019-14423 affects the CUx-Daemon addon (version 1.11a) used by eQ-3 Homematic CCU-Firmware, impacting firmware 2.35.16 up to 2.45.6. The issue enables remote authenticated attackers to execute system commands as root over a simple HTTP request due to the described RCE vulnerability. Source d...
PHP 7.0 < 7.3 (Unix) - 'gc' disable_functions Bypass
= 0; $j-- $address = 8; return $out; function write&$str, $p, $v, $n = 8 $i = 0; for$i = 0; $i = 8; function leak$addr, $p = 0, $s = 8 global $abc, $helper; write$abc, 0x68, $addr + $p - 0x10; $leak = strlen$helper-a; if$s != 8 $leak %= 2 $s 8 - 1; return $leak; function parseelf$base $etype =...
CVE-2019-15029
CVE-2019-15029 affects FusionPBX 4.4.8. An attacker can execute arbitrary system commands by submitting a malicious command to the service_edit.php file (command stored in the database). Trigger relies on calling services.php via a GET request with the service id and a=start to execute the stored...
CVE-2019-1984
A vulnerability in Cisco Enterprise Network Functions Virtualization Infrastructure Software NFVIS could allow an authenticated, remote attacker with administrator privileges to overwrite files on the underlying operating system OS of an affected device. The vulnerability is due to improper input...
CVE-2019-1984
Cisco NFVIS contains an input validation error in the NFVIS file-system command that, when exploited by an authenticated administrator, can overwrite arbitrary files on the underlying OS. The vulnerability affects Cisco NFVIS versions prior to 3.12.1 (as reported by CNVD) and is addressed by soft...
CVE-2019-13294
AROX School-ERP Pro has a command execution vulnerability. importstud.php and uploadfille.php do not have session control. Therefore an unauthenticated user can execute a command on the system...
Linux Mint 18.3-19.1 - yelp Command Injection Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Exploit from github repro: https://github.com/b1ack0wl/linuxmintpoc class MetasploitModule "Linux Mint 'yelp' URI handler command injection vulnerability", 'Description'...
CVE-2019-7670
Prima Systems FlexAir, Versions 2.3.38 and prior. The application incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component, which could allow attackers to execute commands directly on the operating system...
Extract add-on for Nextcloud OS Command Injection Vulnerability
Extract add-on for Nextcloud is a set of component applications for Netcloud. An input validation vulnerability exists in Extract add-on for Nextcloud lib/Controller/ExtractionController.php, which allows remote attackers to submit a special request that can be used to execute arbitrary OS comman...