The Netman 204 device is vulnerable to unauthorized access and command injection. Attackers can exploit this vulnerability to execute remote commands without authentication. By using specific URLs, attackers can access different panels with default or backdoor credentials, allowing them to view critical information and perform actions without proper authorization.
The MagnusSolution magnusbilling 7.3.0 software is vulnerable to command injection. An attacker can exploit this vulnerability by injecting malicious commands through a specific URL, potentially leading to unauthorized command execution.
Due to improper handling of user-controlled configuration file parameters, an authenticated attacker can inject and run OS commands on the Ewon Cosy+ VPN gateway.
The reNgine version 2.2.0 is vulnerable to authenticated command injection. By modifying the nmap_cmd parameters in the yml configuration, an attacker can inject malicious commands. This can lead to unauthorized remote code execution with the privileges of the application. This exploit allows an authenticated user to execute arbitrary commands on the underlying system.
The TELSAT marKoni FM transmitters are vulnerable to unauthenticated remote code execution with root privileges. By manipulating the Email settings' WAN IP info service, which uses the 'wget' module, an attacker can exploit a command injection flaw. This allows unauthorized access with administrative privileges through the 'url' parameter in the HTTP GET request to ekafcgi.fcgi.
A command injection vulnerability exists in KiTTY version 0.76.1.13 and below. By exploiting this vulnerability, a remote attacker could execute arbitrary commands on the target system. This vulnerability has been assigned CVE-2024-23749.
SolarView Compact 6.00 allows remote attackers to execute arbitrary commands via a crafted HTTP request to the /downloader.php file. This vulnerability has been assigned CVE-2023-23333.
The Atcom 2.7.x.x web interface is vulnerable to command injection. An authenticated attacker can execute arbitrary commands by sending a specially crafted request to the web_cgi_main.cgi script.
The 'op', 'bop', 'ext', 'eop' arguments are not properly sanitized before including files from local resources, allowing for arbitrary file inclusion. The 'ext' argument can be used to inject PHP code into the 'cache/ext/statman/log.gtdat' file and execute commands. Additionally, the 'list.gtdat' file in the 'cache/users' folder exposes the MD5 password hashes of all admin and users. This can be exploited by crafting a specific value for the 'upass' parameter.
This is a Perl script that exploits a command validation vulnerability in the Baby Web Server. It allows an attacker to execute arbitrary commands on the server. The script takes three arguments: the target IP address, the input file containing the command to execute, and the path of the file on the server.
Services By CQR