Typora v1.7.4 is vulnerable to OS command injection. By manipulating the 'run command' feature in the PDF export settings, an attacker can inject and execute arbitrary commands, leading to unauthorized access or further exploitation of the system. This vulnerability was discovered by Ahmet Ümit BAYRAM on 13.09.2023.
7 Sticky Notes v1.9 allows OS command injection via the 'Alarms' feature. By setting an alarm with a malicious command in the 'Action' field, an attacker can execute arbitrary commands on the underlying operating system.
Typora v1.7.4 is vulnerable to OS command injection. An attacker can exploit this vulnerability by entering a malicious command into the 'run command' box under Preferences > Export tab > PDF, leading to remote code execution.
7 Sticky Notes v1.9 is vulnerable to OS command injection. By manipulating the 'Action' field in the 'Alarms' tab, an attacker can execute arbitrary commands on the system. An attacker can set a malicious command as an alarm action, leading to the execution of the command when the alarm triggers.
Multiple vulnerabilities have been found in D-Link IP cameras that could allow an unauthenticated remote attacker to execute arbitrary commands, access the video stream via HTTP and RTSP, and bypass RTSP authentication using hard-coded credentials.
Various D-Link Routers are vulnerable to OS command injection in the UPnP SOAP interface. This module has been tested successfully on DIR-300, DIR-600, DIR-645, DIR-845 and DIR-865. According to the vulnerability discoverer, more D-Link devices may be affected.
Different D-Link Routers are vulnerable to OS command injection in the UPnP SOAP interface. Since it is a blind OS command injection vulnerability, there is no output for the executed command when using the CMD target. Additionally, two targets are included, to start a telnetd service and establish a session over it, or deploy a native mipsel payload. This module has been tested successfully on DIR-300, DIR-600, DIR-645, DIR-845 and DIR-865. According to the vulnerability discoverer, more D-Link devices may be affected.
This module exploits an OS command injection vulnerability in a web-accessible CGI script used to change passwords for locally-defined proxy user accounts. Valid credentials for such an account are required. Command execution will be in the context of the "nobody" account, but this account had broad sudo permissions, including to run the script /usr/local/bin/chrootpasswd (which changes the password for the Linux root account on the system to the value specified by console input once it is executed). The password for the proxy user account specified will *not* be changed by the use of this module, as long as the target system is vulnerable to the exploit. Very early versions of Endian Firewall (e.g. 1.1 RC5) require HTTP basic auth credentials as well to exploit this vulnerability. Use the USERNAME and PASSWORD advanced options to specify these values if required. Versions >= 3.0.0 still contain the vulnerable code, but it appears to never be executed due to a bug in the vulnerable CGI script which also prevents normal use (http://jira.endian.com/browse/UTM-1002). Versions 2.3.x and 2.4.0 are not vulnerable because of a similar bug (http://bugs.endian.com/print_bug_page.php?bug_id=3083). Tested successfully against the following versions of EFW Community: 1.1 RC5, 2.0, 2.1, 2.2, 2.5.1, 2.5.2. Should function against any version from 1.1 RC5 to
This module exploits an OS command injection vulnerability in a web-accessible CGI script used to change passwords for locally-defined proxy user accounts. Valid credentials for such an account are required. Command execution will be in the context of the "nobody" account, but on versions of EFW I tested, this account had broad sudo permissions, including to run the script /usr/local/bin/chrootpasswd as root. This script changes the password for the Linux root account on the system to the value specified by console input once it is executed. The password for the proxy user account specified will *not* be changed by the use of this module, as long as the target system is vulnerable to the exploit. Very early versions of Endian Firewall (e.g. 1.1 RC5) require HTTP basic auth credentials as well to exploit this vulnerability. Use the standard USERNAME and PASSWORD advanced options to specify these values if required. Versions >= 3.0.0 still contain the vulnerable code, but it appears to never be executed due to a bug in the vulnerable CGI script which also prevents normal use. Tested successfully against the following versions of EFW Community: 1.1 RC5, 2.0, 2.1, 2.5.1, 2.5.2. Used Apache mod_cgi Bash Environment Variable Code Injection and Novell ZENworks Configuration Management Remote Execution modules as templates.
Different devices using the Realtek SDK with the miniigd daemon are vulnerable to OS command injection in the UPnP SOAP interface. Since it is a blind OS command injection vulnerability, there is no output for the executed command. This module has been tested successfully on a Trendnet TEW-731BR router with emulation.
Services By CQR