CVE-2021-44880

D-Link devices DIR878 DIR878FW1.30B08Hotfix02 and DIR882 DIR882FW1.30B06Hotfix02 were discovered to contain a command injection vulnerability in the system function. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request...

Command injection

Inim Electronics SmartLiving SmartLAN/G/SI =6.x suffers from an authenticated remote command injection vulnerability. The issue exist due to the 'par' POST parameter not being sanitized when called with the 'testemail' module through web.cgi binary. The vulnerable CGI binary ELF 32-bit LSB...

Command injection

Command Injection in Tenda G0 routers with firmware versions v15.11.0.69039CN and v15.11.0.55876CN , and Tenda G1 and G3 routers with firmware versions v15.11.0.179502CN or v15.11.0.169024CN allows remote attackers to execute arbitrary OS commands via a crafted action/setDebugCfg request. This...

Command injection

Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes glibc's system...

CVE-2021-27710

Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes glibc's system...

Command injection

Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes glibc's system...

CVE-2021-27708

Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes glibc's system...

Exploit for Incorrect Calculation in Google Android

...

Access Control Error Vulnerability in Multiple ABB Products

ABB OPCServer for AC800M and others are products of ABB Switzerland.ABB OPCServer for AC800M is an OPC OLE for Process Control server for AC800M.Control Builder M Professional is a Compact Control Builder. MMSServer for AC800M is an MMS server for AC800M. An Access Control Error vulnerability...

Whatsapp 2.19.216 Remote Code Execution

Exploit Title: Whatsapp 2.19.216 - Remote Code Execution Date: 2019-10-16 Exploit Author: Valerio Brussani @valbrux Vendor Homepage: https://www.whatsapp.com/ Version: include include include typedef uint8t byte; char gadgetp; void libc, lib; //dls iteration for rop int dlcallbackstruct dlphdrinf...

CVE-2019-9117

An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a...

Command injection

An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a...

CVE-2019-9117

An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a...

CVE-2019-9118

An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a...

CVE-2019-7297

An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via shell metacharacters in a crafted /HNAP1 request. This occurs when the GetNetworkTomographyResult function calls the system...

EulerOS Virtualization 2.5.1 : sudo (EulerOS-SA-2018-1380)

According to the version of the sudo package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - It was discovered that the sudo noexec restriction could have been bypassed if application run via sudo executed system, popen, or...

LiquidVPN For macOS Operating System Command Injection Vulnerability

LiquidVPN For MacOS is a VPN software for anonymous access to the Internet based on the MacOS platform. An OS command injection vulnerability exists in LiquidVPN For MacOS 1.37 and 1.36 and earlier versions, which stems from the program's failure to filter parameters passed to the 'system'...

glibc 2.26 - getcwd() Local Privilege Escalation

glibc 2.26 - getcwd Local Privilege Escalation / This software is provided by the copyright owner "as is" and any expressed or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall the...

Huawei Mate 9 DoS Vulnerability

Huawei Mate 9 is a smartphone from Chinese company Huawei Huawei. The Huawei Mate 9 is vulnerable to a DoS attack. An attacker can exploit the vulnerability to trick users into installing a malicious application, which can cause some system functions to become unavailable due to the system's...

Command injection

sudonoexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the 1 system or 2 popen function...