CVE-2024-2742 OS Command Injection in Planet IGS-4215-16T2S

Operating system command injection vulnerability in Planet IGS-4215-16T2S, affecting firmware version 1.305b210528. An authenticated attacker could execute arbitrary code on the remote host by exploiting IP address functionality...

Dell Unity SQL Injection Vulnerability

Dell Unity is a set of virtual Unity storage environments from Dell USA. A SQL injection vulnerability exists in Dell Unity prior to version 5.4, which stems from the inclusion of an operating system command injection vulnerability in its svccava utility. An attacker could exploit this...

PT-2024-3897 · Sap · Sap Ides Ecc-Systems

Name of the Vulnerable Software and Affected Versions: SAP IDES ECC-systems affected versions not specified Description: The issue allows the execution of arbitrary program code of a user's choice, potentially enabling an attacker to control the system's behavior by executing malicious code. This...

PT-2024-2833

Name of the Vulnerable Software and Affected Versions QTS versions prior to 5.1.5.2645 build 20240116 QuTS hero versions prior to h5.1.5.2647 build 20240118 QuTScloud versions prior to c5.1.5.2651 Description An OS command injection vulnerability exists in QNAP operating system versions due to th...

Akaunting Operating System Command Injection Vulnerability

Akaunting is an application from Akaunting that provides all the tools needed to manage money online. An operating system command injection vulnerability exists in Akaunting v3.1.3 and prior versions, which stems from the presence of an operating system command injection that could allow an...

GTKWave OS Command Injection Vulnerability (CNVD-2024-39666)

GTKWave is a full-featured, GTK+-based waveform viewer from GTKWave. GTKWave version 3.3.115 suffers from an operating system command injection vulnerability that can be exploited by an attacker to cause arbitrary code execution via a specially crafted fst file...

CVE-2023-49695

OS command injection vulnerability in WRC-X3000GSN v1.0.2, WRC-X3000GS v1.0.24 and earlier, and WRC-X3000GSA v1.0.24 and earlier allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command by sending a specially crafted request to the product...

Input validation

The improper neutralization of special elements in the CGI program of the Zyxel NAS326 firmware version V5.21AAZF.14C0 and NAS542 firmware version V5.21ABAG.11C0 could allow an authenticated attacker to execute some operating system OS commands by sending a crafted URL to a vulnerable device...

Multiple vulnerabilities in CubeCart

Overview CubeCart provided by CubeCart Limited contains multiple vulnerabilities listed below. Cross-site request forgery CWE-352 - CVE-2023-38130 Directory traversal CWE-22 - CVE-2023-42428 Directory traversal CWE-22 - CVE-2023-47283 OS command injection CWE-78 - CVE-2023-47675 Gen Sato of Mitsu...

PT-2023-29948 · Netmodule · Netmodule Router

Name of the Vulnerable Software and Affected Versions: NetModule Router Software versions 4.6 through 4.6.0.105 NetModule Router Software versions 4.8 through 4.8.0.100 Description: The web administration interface in NetModule Router Software executes an OS command, potentially leading to remote...

CVE-2023-30805 Sangfor Next-Gen Application Firewall Login Un Param Command Injection

The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /LogInOut.php endpoint. This is due to mishandling ...

Fortinet FortiManager and FortiAnalyzer and FortiADC Operating System Command Injection Vulnerability

Fortinet FortiManager and others are products of Fortinet, Inc.Fortinet FortiManager is a centralized network security management platform.Fortinet FortiAnalyzer is a centralized network security reporting solution.Fortinet FortiADC is an application delivery controller. Fortinet FortiADC is an...

Fortinet FortiWLM Operating System Command Injection Vulnerability

Fortinet FortiWLM is a wireless manager from Fortinet. A security vulnerability exists in Fortinet FortiWLM that stems from the presence of an operating system command injection vulnerability. The vulnerability allows an attacker to execute unauthorized code or commands via specially crafted http...

High-Severity Flaws in ConnectedIO's 3G/4G Routers Raise Concerns for IoT Security

Multiple high-severity security vulnerabilities have been disclosed in ConnectedIO's ER2000 edge routers and the cloud-based management platform that could be exploited by malicious actors to execute malicious code and access sensitive data. "An attacker could have leveraged these flaws to fully...

CVE-2022-47555 Improper Neutralization of Special Elements in Ormazabal products

Operating system command injection in ekorCCP and ekorRCI, which could allow an authenticated attacker to execute commands, create new users with elevated privileges or set up a backdoor...

CVE-2023-36922

Due to programming error in function module and report, IS-OIL component in SAP ECC and SAP S/4HANA allows an authenticated attacker to inject an arbitrary operating system command into an unprotected parameter in a common default extension. On successful exploitation, the attacker can read or...

Design/Logic Flaw

Due to programming error in function module and report, IS-OIL component in SAP ECC and SAP S/4HANA allows an authenticated attacker to inject an arbitrary operating system command into an unprotected parameter in a common default extension. On successful exploitation, the attacker can read or...

CVE-2023-36922

The CVE-2023-36922 entry concerns SAP ECC/SAP S/4HANA IS-OIL with a programming error in the function module and report that permits an authenticated attacker to inject an arbitrary operating system command into an unprotected parameter of a common extension. Exploitation can allow reading/modify...

Apache Kylin vulnerable to remote code execution

Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of “-- conf=” to inject any operating system command into the comma...

PT-2023-3349 · Fortinet · Fortiadc

Name of the Vulnerable Software and Affected Versions: FortiADC versions 6.0 through 7.1.0 Description: The issue is related to an improper neutralization of special elements used in an OS command, which may allow a local and authenticated attacker to execute unauthorized commands via specificall...