CVE-2016-11021

setSystemCommand on D-Link DCS-930L devices before 2.12 allows a remote attacker to execute code via an OS command in the SystemCommand parameter...

CVE-2012-3490

The 1 mypopenvimpl and 2 myspawnv functions in src/condorutils/mypopen.cpp and the 3 systemCommand function in condorvm-gahp/vmgahpcommon.cpp in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 does not properly check the return value of setuid calls, which might cause a subprocess to be created...

D-Link DIR-816 A2 Router System Command Execution Vulnerability

The D-Link DIR-816 A2 is a wireless router from AUO D-Link of Taiwan, China. A security vulnerability exists in the D-Link DIR-816 A2 version 1.11, which stems from the program only checking for random tokens when authorizing a goform request. The vulnerability can be exploited to execute system...

Authentication flaw

The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dirlogin.asp and use a hidden API URL /goform/SystemCommand to execute a system command without authentication...

CVE-2017-12577

An issue was discovered on the PLANEX CS-QR20 1.30. A hardcoded account / password "admin:password" is used in the Android application that allows attackers to use a hidden API URL "/goform/SystemCommand" to execute any command with root permission...

CVE-2017-12577

CVE-2017-12577 affects PLANEX CS-QR20 (version 1.30). The Android app ships a hardcoded credential (admin:password) that can be used to access a hidden API URL /goform/SystemCommand, enabling an attacker to execute arbitrary commands with root privileges. This is tied to the Web UI component and ...

PT-2016-3444 · D Link · Dcs-930L

Name of the Vulnerable Software and Affected Versions: D-Link DCS-930L devices version 2.12 and earlier Description: The issue allows a remote attacker to execute code via an OS command in the SystemCommand parameter. This is due to the lack of measures to neutralize special elements used in the ...