OpenLiteSpeed and LSWS Enterprise vulnerable to OS command injection

Overview OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies contain the following vulnerability. OS command injection CWE-78 - CVE-2026-31386 Daisuke Nakayama of Mizuho Financial Group, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

CVE-2021-47903

LiteSpeed Web Server Enterprise version 5.4.11 has an authenticated command injection vulnerability in the external app configuration interface. A user with administrative privileges can inject shell commands via the Command parameter, enabling remote code execution through path traversal and bas...

CVE-2021-47903 LiteSpeed Web Server Enterprise 5.4.11 - Command Injection

LiteSpeed Web Server Enterprise 5.4.11 contains an authenticated command injection vulnerability in the external app configuration interface. Authenticated administrators can inject shell commands through the 'Command' parameter in the server configuration, allowing remote code execution via path...

CVE-2021-47903 LiteSpeed Web Server Enterprise 5.4.11 - Command Injection

LiteSpeed Web Server Enterprise 5.4.11 contains an authenticated command injection vulnerability in the external app configuration interface. Authenticated administrators can inject shell commands through the 'Command' parameter in the server configuration, allowing remote code execution via path...

CVE-2021-47903

LiteSpeed Web Server Enterprise 5.4.11 contains an authenticated command injection vulnerability in the external app configuration interface. Authenticated administrators can inject shell commands through the 'Command' parameter in the server configuration, allowing remote code execution via path...

LiteSpeed Web Server Enterprise security vulnerabilities

LiteSpeed Web Server Enterprise is a server software developed by LiteSpeed Corporation in the United States. Version 5.4.11 of LiteSpeed Web Server Enterprise contains a security vulnerability, which stems from command injection in the external application configuration interface. This...

EUVD-2012-4796

Malware in sbrugna...

EUVD-2005-3692

Malware in sbrugna...

EUVD-2022-15294

Malicious code in bioql PyPI...

VulnCheck KEV: CVE-2022-0074

Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server Container allows Privilege Escalation. This affects versions from 1.6.15 before 1.7.16.1...

CVE-2022-0073

Improper Input Validation vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Command Injection. This affects 1.7.0 versions before 1.7.16.1...

CVE-2022-0073

Improper Input Validation vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Command Injection. This affects 1.7.0 versions before 1.7.16.1...

CVE-2022-0074

Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server Container allows Privilege Escalation. This affects versions from 1.6.15 before 1.7.16.1...

Design/Logic Flaw

Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server Container allows Privilege Escalation. This affects versions from 1.6.15 before 1.7.16.1...

CVE-2022-0073

CVE-2022-0073 affects LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards. The vulnerability is an Improper Input Validation that enables Command Injection. Affected versions are OpenLiteSpeed Web Server 1.7.0.x up to 1.7.16.0 (and corresponding OpenLiteSpeed/LiteS...

LiteSpeed Web Server Enterprise Command Injection

A command injection vulnerability exists in LiteSpeed Web Server Enterprise. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

LiteSpeed Web Server Enterprise 5.4.11 Command Injection

Exploit Title: LiteSpeed Web Server Enterprise 5.4.11 - Command Injection Authenticated Date: 05/20/2021 Exploit Author: cmOs - SunCSR Vendor Homepage: https://www.litespeedtech.com/ Software Link: https://www.litespeedtech.com/products Version: 5.4.11 Ubuntu/Kali Linux Step 1: Log in to the...

LiteSpeed Web Server Enterprise 5.4.11 - Command Injection (Authenticated)

Exploit Title: LiteSpeed Web Server Enterprise 5.4.11 - Command Injection Authenticated Date: 05/20/2021 Exploit Author: cmOs - SunCSR Vendor Homepage: https://www.litespeedtech.com/ Software Link: https://www.litespeedtech.com/products Version: 5.4.11 Ubuntu/Kali Linux Step 1: Log in to the...

LiteSpeed Web Server HTTP Header Injection Vulnerability

LiteSpeed Web Server is a software for the Mac operating system. LiteSpeed Web Server suffers from an HTTP header injection vulnerability that allows attackers to exploit the vulnerability for injection attacks...

LiteSpeed Web Server 5.1.0 HTTP Header Injection

Information -------------------- Advisory by Netsparker Name: HTTP Header Injection in LiteSpeed Web Server Affected Software : LiteSpeed Web Server Affected Versions: v5.1.0 and possibly below Vendor Homepage : https://www.litespeedtech.com/ Vulnerability Type : HTTP Header Injection Severity :...