152 matches found
EUVD-2023-28526
Malicious code in bioql PyPI...
Analyzing the Mirai IoT Botnet and Its Recent Variants: Satori, Mukashi, Moobot, and Sonic
Mirai is undoubtedly one of the most significant Internet of Things IoT botnet attacks in history. In terms of its detrimental effects, seamless spread, and low detection rate, it surpassed its predecessors. Its developers released the source code, which triggered the development of several...
Salt's on demand pillar functionality vulnerable to arbitrary command injections
An attacker with access to a minion key can exploit the 'on demand' pillar functionality with a specially crafted git url which could cause and arbitrary command to be run on the master with the same privileges as the master process...
CVE-2023-1097
Baicells EG7035-M11 devices with firmware through BCE-ODU-1.0.8 are vulnerable to improper code exploitation via HTTP GET command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods have been tested and validated by a 3rd party...
CVE-2023-34420
A valid, authenticated LXCA user with elevated privileges may be able to execute command injections through crafted calls to a specific web API...
CVE-2023-24508
Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB and Nova 246 devices with firmware through RTS/RTD 3.6.6 are vulnerable to remote shell code exploitation via HTTP command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods...
CVE-2020-9021
Post Oak AWAM Bluetooth Field Device 7400v2.08.21.2018, 7800SD.2015.1.16, 2011.3, 7400v2.02.01.2019, and 7800SD.2012.12.5 is vulnerable to injections of operating system commands through timeconfig.py via shell metacharacters in the htmlNtpServer parameter...
CVE-2020-14075
TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action pppoeconnect, rupppoeconnect, or dhcpconnect with the key wanifname or wan0dns, allowing an authenticated user to run arbitrary commands on the device...
CVE-2019-7256
Linear eMerge E3-Series devices allow Command Injections...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : emacs (SUSE-SU-2025:0599-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:0599-1 advisory. - CVE-2025-1244: improper handling of custom 'man' URI schemes allow for shell command injections...
SUSE SLES15 Security Update : emacs (SUSE-SU-2025:0589-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:0589-1 advisory. - CVE-2025-1244: improper handling of custom 'man' URI schemes allow for shell command injections. bsc1237091 Tenable has extracted the...
WAVLINK AC3000 命令注入漏洞
WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. A command injection vulnerability exists in the WAVLINK AC3000 M33A8.V5030.210505 version, which stems from the inclusion of multiple operating system command injections...
CVE-2024-55544
Missing input validation in the ORing IAP-420 web-interface allows authenticated Command Injections on OS level.This issue affects IAP-420 version 2.01e and below...
CVE-2024-37023
Multiple OS command injection vulnerabilities affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an authenticated remote attacker to execute arbitrary OS commands via various endpoint parameters...
CVE-2024-28750 ifm: Deleting function in Smart PLC allows command injections
A remote attacker with high privileges may use a deleting file function to inject OS commands...
CVE-2024-28749 ifm: Writing file function in Smart PLC allows command injections
A remote attacker with high privileges may use a writing file function to inject OS commands...
CVE-2024-28748 ifm: Reading function in Smart PLC allows command injections
A remote attacker with high privileges may use a reading file function to inject OS commands...
CVE-2024-28748 ifm: Reading function in Smart PLC allows command injections
A remote attacker with high privileges may use a reading file function to inject OS commands...
Composer has multiple command injections via malicious git/hg branch names
Impact The composer install command running inside a git/hg repository which has specially crafted branch names can lead to command injection. So this requires cloning untrusted repositories. Patches 2.2.24 for 2.2 LTS or 2.7.7 for mainline Workarounds Avoid cloning potentially compromised...
Composer -- Multiple command injections via malicious git/hg branch names
Composer project reports: The status, reinstall and remove commands with packages installed from source via git containing specially crafted branch names in the repository can be used to execute code. The composer install command running inside a git/hg repository which has specially crafted bran...