The vulnerability of the application programming interface of the Trellix Enterprise Security Manager (ESM) system, which allows a perpetrator to execute arbitrary commands.

The vulnerability of the application programming interface of the Trellix Enterprise Security Manager ESM system for monitoring, analyzing, and managing security threats is related to the failure to take measures to neutralize special elements used in the operating system’s command set. Exploitin...

The vulnerability of the list_base_config.php file in the web interface of the Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 integrated software solution version 3.90 allows a hacker to execute arbitrary code.

The vulnerability of the listbaseconfig.php web interface of the Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 software is version 3.90. This vulnerability stems from the failure to eliminate special elements used in the OS command. Exploiting this vulnerability allows a remote attacker to...

PT-2024-2790 · Microsoft · Defender For Iot

Name of the Vulnerable Software and Affected Versions: Microsoft Defender for IoT affected versions not specified Description: The issue is related to the failure to neutralize special elements used in an operating system command. This can allow a remote attacker to execute arbitrary code...

The vulnerability of the setAction function (/itbox_pi/networksafe.php?a=set) in the Ruijie RG-EG series of router microprogramming software allows a attacker to execute arbitrary commands.

The vulnerability of the setAction function /itbox.pi.networksafe.php?a=set in the Ruijie RG-EG series of router microprogramming systems is related to the failure to take measures to neutralize special elements used in operating system commands. Exploiting this vulnerability allows a remote...

The vulnerability of the FileDialog.aspx component in the mojoPortal content management system allows a hacker to execute XSS attacks.

The vulnerability of the FileDialog.aspx component in the mojoPortal content management system exists because measures to neutralize special elements used in the operating system command have not been implemented. Exploiting this vulnerability allows a remote attacker to perform XSS attacks...

The vulnerability of the ML lifecycle management platform arises from the lack of measures to neutralize special elements used in the operating system’s command set. This allows a perpetrator to execute arbitrary commands or trigger service failures.

The vulnerability of the MLflow model lifecycle management platform exists due to the lack of measures taken to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability can allow an attacker to execute arbitrary commands or cause service failures...

The vulnerability of the microprogrammed software for Zyxel NAS326, NAS540, and NAS542 lies in the lack of measures taken to neutralize special elements used in the operating system’s command set. This allows attackers to execute arbitrary code.

The vulnerability of the microprogrammed software for Zyxel NAS326, NAS540, and NAS542 lies in the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a specially...

The vulnerability of D-Link DIR-846 router’s microprogramming software arises from the lack of measures taken to neutralize special elements used in the operating system command. This allows a hacker to execute arbitrary code.

The vulnerability of D-Link DIR-846 router microprogramming software exists due to the lack of measures taken to neutralize the special elements used in the operating system command. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerabilities of the closed software environment of Cisco Evolved Programmable Network Manager, the Cisco Identity Services Engine, the Cisco Prime Infrastructure – systems for monitoring and managing network equipment – allow attackers to escalate their privileges.

The vulnerability of the closed-programming environment of Cisco Evolved Programmable Network Manager, the Cisco Identity Services Engine, and the Cisco Prime Infrastructure system for network monitoring and management exists due to the lack of measures taken to neutralize special elements used i...

The vulnerability of the application for blocking advertisements and Pi-hole internet trackers arises from the failure to take measures to neutralize special elements used in the operating system’s command set. This allows a violator to execute arbitrary code.

The vulnerability of the Pi-hole ad blocking app exists because measures are not taken to neutralize the special elements used in the operating system’s command set. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the command-line interface (CLI) implementation of Zyxel networking devices allows a perpetrator to execute arbitrary commands.

The vulnerability of CLI implementations for Zyxel network devices involves a lack of measures to neutralize special elements used in OS commands. Exploiting this vulnerability allows an attacker to execute arbitrary commands remotely...

PT-2022-7694 · Drawio +1 · Drawio +1

Name of the Vulnerable Software and Affected Versions: drawio versions prior to 20.3.0 Description: The issue is related to the incorrect neutralization of special elements used in an OS command, which can allow a remote attacker to execute arbitrary commands. Recommendations: For versions prior ...

The vulnerability of the `import_sdk_file()` function implementation in the microprogramming software for VPN routers of the Robustel R1510 allows a hacker to execute arbitrary commands.

The vulnerability of the importsdkfile function in the Microprogramming Software for VPN Routers of Robustel R1510 relates to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrar...

The software of SIEM EventLog Analyzer is vulnerable because measures are not taken to neutralize special elements used in the operating system command. This vulnerability allows a perpetrator to execute arbitrary commands on the target system.

The vulnerability of the SIEM EventLog Analyzer software exists due to the lack of measures taken to neutralize special elements used in the operating system command. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands on the target system remotely...

CVE-2021-21595

Dell EMC PowerScale OneFS versions 8.2.x - 9.1.1.x contain an improper neutralization of special elements used in an OS command. This vulnerability could allow the compadmin user to elevate privileges. This only impacts Smartlock WORM compliance mode clusters as a critical vulnerability and Dell...

The vulnerability of the CLI command-line interface implementation of the kdbg tool in Fortinet FortiAP access points allows a hacker to execute arbitrary commands.

The vulnerability of the CLI command-line interface implementation of the Fortinet FortiAP access point software relates to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability can allow an attacker to execute arbitrary...

The vulnerability of the Xstream Java library for converting objects to XML or JSON format arises from the lack of measures taken to eliminate special elements used in operating system commands. This vulnerability allows attackers to execute arbitrary code.

The vulnerability of the Java library for converting objects to XML or JSON format, Xstream, exists due to the lack of measures taken to eliminate special elements used in the operating system command. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...