DRK Odenwaldkreis Testerfassung 操作系统命令注入漏洞

DRK Odenwaldkreis Testerfassung is an open source solution for obtaining and documenting corona antigen rapid test results. DRK Odenwaldkreis Testerfassung March-2021 An operating system command injection vulnerability, which originates in the application's results.php Shell metacharacter injecti...

CVE-2021-28634

Acrobat Reader DC versions 2021.005.20054 and earlier, 2020.004.30005 and earlier and 2017.011.30197 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command. An authenticated attacker could leverage this vulnerability to achieve arbitrary code execution on...

PYSEC-2021-116

This affects the package bikeshed before 3.0.0. This can occur when an untrusted source file containing Inline Tag Command metadata is processed. When an arbitrary OS command is executed, the command output would be included in the HTML output...

CVE-2021-36982

AIMANAGER before B115 on MONITORAPP Application Insight Web Application Firewall AIWAF devices with Manager 2.1.0 allows OS Command Injection because of missing input validation on one of the parameters of an HTTP request...

CVE-2020-25206

CVE-2020-25206 affects Mimosa B5/B5c/C5x firmware up to 2.8.0.2. The web console exposes authenticated command injection in Throughput.php, WANStats.php, PhyStats.php, and QosStats.php endpoints, enabling an attacker with web-console access to execute OS commands and take full control of the devi...

GravCMS Remote Command Execution

This module exploits arbitrary config write/update vulnerability to achieve remote code execution. Unauthenticated users can execute a terminal command under the context of the web server user. Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify...

GravCMS 1.10.7 Remote Command Execution Exploit

This Metasploit module exploits an arbitrary config write/update vulnerability to achieve remote code execution. Unauthenticated users can execute a terminal command under the context of the web server user. Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and...

China Mobile An Lianbao WF-1 router 操作系统命令注入漏洞

China Mobile An Lianbao WF-1 router is a router from China Mobile China. China Mobile An Lianbao WF-1 router 1.0.1 suffers from an operating system command injection vulnerability, which originates in the api/ZRFirmware/settimezone set time zone interface, that can be exploited by remote attacker...

GravCMS 1.10.7 Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GravCMS Remote Command Execution', 'Description' = %q This module exploits arbitrary config write/update vulnerability to achieve remote code...

CVE-2021-21425 Unauthenticated Arbitrary YAML Write/Update leads to Code Execution

Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. In versions 1.10.7 and earlier, an unauthenticated user can execute some methods of administrator controller without needing any credentials. Particular method execution will result in...

CVE-2021-27102

Accellion FTA 912411 and earlier is affected by OS command execution via a local web service call. The fixed version is FTA912416 and later...

Accellion FTA 操作系统命令注入漏洞

Accellion File Transfer Appliance FTA is a secure file transfer service that allows users to share and synchronize files online, all encrypted with AES 128/256. An OS command injection vulnerability exists in Accellion FTA 912411 and earlier versions. The vulnerability can be exploited to execute...

CVE-2021-25297

Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command...

Nagios XI 安全漏洞

Nagios XI is a commercial monitoring solution built on Nagios Core, including dashboards, web-based configuration, advanced reporting and rich data visualization. An OS command injection vulnerability exists in /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php in Nagio...

DELL EMC PowerScale 操作系统命令注入漏洞

Dell EMC PowerScale OneFS is an API-powered file system. An OS command injection vulnerability exists in Dell EMC PowerScale OneFS 8.1.0 - 9.1.0. An attacker with the ISIPRIVCLUSTER privilege could exploit this vulnerability to execute arbitrary OS commands on the underlying OS of an application...

Multiple Cisco Products OS Command Injection Vulnerabilities

The Cisco Small Business RV Series Routers is an RV series router from Cisco. An operating system command injection vulnerability exists in the Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers, which can be exploited by an authenticated, remote attacker to inject arbitra...

LOGITEC CORPORATION LAN-W300N/PGRB Operating System Command Injection Vulnerability

LOGITEC CORPORATION LAN-W300N/PGRB is a wireless router device. LOGITEC CORPORATION LAN-W300N/PGRB is vulnerable to OS command injection, which can be exploited by attackers to execute arbitrary OS commands via unspecified vectors...

OS command injection vulnerability in multiple Infoscience Corporation log management tools

Overview Infoscience Corporation's multiple log management tools provide an FTP upload function as one of the log collection methods, and is able to set to allow the adminitrators to accept FTP uploads. In a situation where the FTP upload function is enabled and there is a flaw of input value...

KLog Server OS Command Injection Vulnerability

KLog is ZhaoKaiQiang KLog individual developers of a logging tool for Android development . The tool's main functions are to print line numbers, function calls, Json parsing, XML parsing, click to jump, Log information saved and other functions. KLog Server 2.4.1 suffers from an OS command...

CVE-2020-7352

The GalaxyClientService component of GOG Galaxy runs with elevated SYSTEM privileges in a Windows environment. Due to the software shipping with embedded, static RSA private key, an attacker with this key material and local user permissions can effectively send any operating system command to the...