24 matches found
CVE-2026-25792
Greenshot
CVE-2026-22035 Greenshot Vulnerable to OS Command Injection via ExternalCommand Plugin
Greenshot is an open source Windows screenshot utility. Versions 1.3.310 and below arvulnerable to OS Command Injection through unsanitized filename processing. The FormatArguments method in ExternalCommandDestination.cs:269 uses string.Format to insert user-controlled filenames directly into she...
nnn 资源管理错误漏洞
nnn is a terminal file manager by Arun Prakash Jana Personal Developer. A resource management error vulnerability exists in nnn 5.1 and earlier versions, which stems from a misbehavior of the function showcontentinfloatingwindow/runcmdasplugin in the file nnn/src/nnn.c, which could lead to a doub...
EUVD-2024-0404
Malicious code in bioql PyPI...
CVE-2024-23904
Jenkins Log Command Plugin 1.0.2 and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read content from arbitrary files on the Jenkins controller file syst...
CVE-2019-0330
The OS Command Plugin in the transaction GPAADMIN and the OSCommand Console of SAP Diagnostic Agent LM-Service, version 7.2, allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application...
Arbitrary file read vulnerability in Jenkins Log Command Plugin
Jenkins Log Command Plugin 1.0.2 and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read content from arbitrary files on the Jenkins controller file syst...
CVE-2024-23904
Jenkins Log Command Plugin 1.0.2 and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read content from arbitrary files on the Jenkins controller file syst...
Double free
Jenkins Log Command Plugin 1.0.2 and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read content from arbitrary files on the Jenkins controller file syst...
CVE-2024-23904
Jenkins Log Command Plugin version 1.0.2 and earlier is vulnerable. The issue stems from a command parser feature that replaces an '@' character followed by a file path in an argument with the file’s contents, enabling unauthenticated attackers to read arbitrary files on the Jenkins controller fi...
CVE-2024-23904
Jenkins Log Command Plugin 1.0.2 and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read content from arbitrary files on the Jenkins controller file syst...
CVE-2024-23904
Jenkins Log Command Plugin 1.0.2 and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read content from arbitrary files on the Jenkins controller file syst...
PT-2024-2758 · Jenkins +1 · Jenkins Log Command Plugin +2
Name of the Vulnerable Software and Affected Versions: Jenkins Log Command Plugin versions 1.0.2 and earlier Description: The issue is related to the command parser feature in the Jenkins Log Command Plugin, which replaces an '@' character followed by a file path in an argument with the file's...
Design/Logic Flaw
HomeAutomation 3.3.2 suffers from an authenticated OS command execution vulnerability using custom command v0.1 plugin. This can be exploited with a CSRF vulnerability to execute arbitrary shell commands as the web user via the 'setcommandon' and 'setcommandoff' POST parameters in...
CVE-2020-22000
HomeAutomation 3.3.2 suffers from an authenticated OS command execution vulnerability using custom command v0.1 plugin. This can be exploited with a CSRF vulnerability to execute arbitrary shell commands as the web user via the 'setcommandon' and 'setcommandoff' POST parameters in...
CVE-2020-22000
CVE-2020-22000 affects HomeAutomation 3.3.2. An authenticated OS command execution vulnerability exists in the customcommand v0.1 plugin, exploitable via CSRF to run arbitrary shell commands as the web user through unsanitized PHP exec() calls in /system/systemplugins/customcommand/customcommand....
Subreddit Home Automation 操作系统命令注入漏洞
Subreddit Home Automation is an automation device for the Subreddit community. An automated electric light. A security vulnerability exists in Subreddit Home Automation 3.3.2, which stems from authenticated OS command execution in the custom command v0.1 plugin...
HomeAutomation 3.3.2 - Remote Code Execution Vulnerability
Exploit for php platform in category web applications Exploit: HomeAutomation 3.3.2 - Remote Code Execution Author: LiquidWorm Vendor: Tom Rosenback and Daniel Malmgren Product web page: http://karpero.mine.nu/ha/ Affected version: 3.3.2 Tested on: Apache/2.4.41 centos OpenSSL/1.0.2k-fips Advisor...
CVE-2019-0330
The OS Command Plugin in the transaction GPAADMIN and the OSCommand Console of SAP Diagnostic Agent LM-Service, version 7.2, allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application...
CVE-2019-0330
The OS Command Plugin in the transaction GPAADMIN and the OSCommand Console of SAP Diagnostic Agent LM-Service, version 7.2, allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application...