CVE-2018-13023

The connected CNVD entry confirms a concrete vulnerability in Xiaomi Mi Router 3, affecting version 2.22.15, via the wifi_access endpoint. The root cause is a system command injection exploitable through the timeout URL parameter, enabling an attacker to execute arbitrary commands. CVSS info from...

CVE-2018-13316

System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "subnet" POST parameter...

CVE-2018-13023

System command injection vulnerability in wifiaccess in Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute system commands via the "timeout" URL parameter...

CVE-2018-13314

System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ipAddr" POST parameter...

CVE-2018-14893

A system command injection vulnerability in zyshclient in ZyXEL NSA325 V2 version 4.81 allows attackers to execute system commands via the web application API...

CVE-2018-14893

A system command injection vulnerability in zyshclient in ZyXEL NSA325 V2 version 4.81 allows attackers to execute system commands via the web application API...

CVE-2018-16130

System command injection in requestmitv in Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute arbitrary system commands via the "payload" URL parameter...

Command injection

System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ipAddr" POST parameter...

Command injection

System command injection in fromNtp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ntpServerIp2" POST parameter. Certain payloads cause the device to become permanently inoperable...

CVE-2018-13314

System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ipAddr" POST parameter...

CVE-2018-16130

System command injection in requestmitv in Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute arbitrary system commands via the "payload" URL parameter...

CVE-2018-13318

System command injection in User.create method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute system commands via the "name" parameter...

CVE-2018-13318

System command injection in User.create method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute system commands via the "name" parameter...

CVE-2018-13311

System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "sambaUser" POST parameter...

CVE-2018-13311

System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "sambaUser" POST parameter...

CVE-2018-13320

System Command Injection in network.setauthsettings in Buffalo TS5600D1206 version 3.70-0.10 allows attackers to execute system commands via the adminUsername and adminPassword parameters...

CVE-2018-13311

System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "sambaUser" POST parameter...

CVE-2018-13311

CVE-2018-13311 affects TOTOLINK A3002RU (firmware v1.0.8) in the formDlna component. An attacker can inject system commands via the sambaUser POST parameter, enabling remote code execution. Public references from NVD/CNVD describe a system command injection vulnerability with high severities (CVS...

Loadbalancer.org Enterprise VA MAX 8.3.2 - Remote Code Execution

Loadbalancer.org Enterprise VA MAX 8.3.2 - Remote Code Execution Exploit Title: Loadbalancer.org Enterprise VA MAX 8.3.2 - Remote Code Execution Date: 2018-07-24 Exploit Authors: Jakub Palaczynski Vendor Homepage: https://www.loadbalancer.org/ Version: . Such JavaScript is stored in "Apache User...

Webiness Inventory 2.9 Shell Upload

Exploit Title: Webiness Inventory 2.9 Arbitrary File Upload Date: 10/27/2018 Exploit Author: Boumediene KADDOUR Unit: Algerie Telecom R&D Unit Software Link: https://github.com/webiness/webinessinventory Version: 2.9 46 foreach $FILES as $file 47 $fileName = $file'name'; 48 $fileTmp =...