315 matches found
Arbitrary Command Injection
Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the erroneous implementation of the allowlist process. An attacker can gain unauthorized access to execute arbitrary shell commands by bypassing configured restrictions. This may result in exposure or...
Arbitrary Command Injection
Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the erroneous implementation of the allowlist process. An attacker can gain unauthorized access to execute arbitrary shell commands by bypassing configured restrictions. This may result in exposure or...
Arbitrary Command Injection
Overview github.com/filebrowser/filebrowser/v2/http is a web file browser. Affected versions of this package are vulnerable to Arbitrary Command Injection via the erroneous implementation of the allowlist process. An attacker can gain unauthorized access to execute arbitrary shell commands by...
Arbitrary Command Injection
Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the Execute commands feature, which allows shell commands to be executed without restriction to the assigned scope. An attacker can gain unauthorized read and write access to all files managed by the serv...
Arbitrary Command Injection
Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the Command Execution process. An attacker can execute arbitrary commands with the privileges of the server process by leveraging allowed shell commands that can spawn additional commands. This is only...
Arbitrary Command Injection
Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the Execute commands feature, which allows shell commands to be executed without restriction to the assigned scope. An attacker can gain unauthorized read and write access to all files managed by the serv...
Arbitrary Command Injection
Overview github.com/filebrowser/filebrowser/v2/http is a web file browser. Affected versions of this package are vulnerable to Arbitrary Command Injection via the Command Execution process. An attacker can execute arbitrary commands with the privileges of the server process by leveraging allowed...
Arbitrary Command Injection
Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the Command Execution process. An attacker can execute arbitrary commands with the privileges of the server process by leveraging allowed shell commands that can spawn additional commands. This is only...
Arbitrary Command Injection
Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the Command Execution process. An attacker can execute arbitrary commands with the privileges of the server process by leveraging allowed shell commands that can spawn additional commands. This is only...
Arbitrary Command Injection
Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the Command Execution process. An attacker can execute arbitrary commands with the privileges of the server process by leveraging allowed shell commands that can spawn additional commands. This is only...
CVE-2025-5826 Autel MaxiCharger AC Wallbox Commercial ble_process_esp32_msg Misinterpretation of Input Vulnerability
Autel MaxiCharger AC Wallbox Commercial bleprocessesp32msg Misinterpretation of Input Vulnerability. This vulnerability allows network-adjacent attackers to inject arbitrary AT commands on affected installations of Autel MaxiCharger AC Wallbox Commercial charging stations. Authentication is not...
CVE-2025-4010 Arbitrary Command Injection in Netcom NTC-6200 & NWL-222
The Netcom NTC 6200 and NWL 222 series expose a web interface to be configured and set up by operators. Multiple endpoints of the web interface are vulnerable to arbitrary command injection and use insecure hardcoded passwords. Remote authenticated attackers can gain arbitrary code execution with...
PT-2025-23474 · Diviotec · Diviotec Professional Series
Name of the Vulnerable Software and Affected Versions: The Diviotec professional series affected versions not specified Description: The issue concerns the exposure of a web interface in the Diviotec professional series, where one endpoint is vulnerable to arbitrary command injection. Additionall...
CVE-2024-41585
DrayTek Vigor3910 devices through 4.3.2.6 are affected by an OS command injection vulnerability that allows an attacker to leverage the recvCmd binary to escape from the emulated instance and inject arbitrary commands into the host machine...
CVE-2022-0764
Arbitrary Command Injection in GitHub repository strapi/strapi prior to 4.1.0...
CVE-2019-18780
An arbitrary command injection vulnerability in the Cluster Server component of Veritas InfoScale allows an unauthenticated remote attacker to execute arbitrary commands as root or administrator. These Veritas products are affected: Access 7.4.2 and earlier, Access Appliance 7.4.2 and earlier, Fl...
CVE-2019-19875
An issue was discovered in B Industrial Automation APROL before R4.2 V7.08. Arbitrary commands could be injected using Python scripts via the AprolCluster script that is invoked via sudo and thus executes with root privileges, a different vulnerability than CVE-2019-16364...
CVE-2019-10788
im-metadata through 3.0.1 allows remote attackers to execute arbitrary commands via the "exec" argument. It is possible to inject arbitrary commands as part of the metadata options which is given to the "exec" function...
Arbitrary Command Injection
Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the processFile function in the wxapkg File Parser component. An attacker can execute arbitrary system commands by providing crafted input to this function. Remediation There is no fixed version for...
Arbitrary Command Injection
Craft CMS is vulnerable to Arbitrary Command Injection. The vulnerability is due to unauthenticated user-supplied data being stored in session files without validation, potentially allowing PHP code injection into a predictable server file path...