439 matches found
CVE-2020-7352 GOG Galaxy GalaxyClientService Privilege Escalation
The GalaxyClientService component of GOG Galaxy runs with elevated SYSTEM privileges in a Windows environment. Due to the software shipping with embedded, static RSA private key, an attacker with this key material and local user permissions can effectively send any operating system command to the...
IBM Security Guardium OS Command Injection Vulnerability (CNVD-2020-32648)
IBM Security Guardium is a suite of platforms from IBM in the United States that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. IBM Security Guardium suffers from an operating system command injecti...
WAGO PFC200 OS Command Injection Vulnerability (CNVD-2020-19519)
The WAGO PFC200 is a programmable logic controller PLC from WAGO Germany. The WAGO PFC200 suffers from an operating system command injection vulnerability that can be exploited by an attacker to inject operating system commands into the value of the TimeoutPrepared parameter contained in the...
ALPINE-CVE-2020-9366
A buffer overflow was found in the way GNU Screen before 4.8.0 treated the special escape OSC 49. Specially crafted output, or a special program, could corrupt memory and crash Screen or possibly have unspecified other impact...
IXP EasyInstall Operating System Command Injection Vulnerability
IXP EasyInstall is used to download and install python a third-party library management tool, through this tool can be very easy to manage the third-party libraries in Python. An operating system command injection vulnerability exists in IXP EasyInstall version 6.2.13723. The vulnerability is...
git-diff-apply OS Command Injection Vulnerability
git-diff-apply is a package for getting git diff files and applying them to local branches. An operating system command injection vulnerability exists in the index.js file in versions of git-diff-apply prior to 0.22.2. The vulnerability stems from a network system or product not properly filterin...
Exploit for OS Command Injection in Intelliantech Aptus_Web
Satellian-CVE-2020-7980 Satellian is a PoC script that shows R...
Amazon Blink XT2 Sync Module OS Command Injection Vulnerability (CNVD-2020-09704)
Blink XT2 Sync Module is a camera synchronization device. Amazon Blink XT2 Sync Module suffers from an operating system command injection vulnerability. The vulnerability arises from a network system or product not properly filtering special characters, commands, etc. from external input data...
CVE-2019-13652
TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow serviceName OS Command Injection issue 4 of 5...
Code injection
DISPUTED An issue was discovered in SageMath Sage Cell Server through 2019-10-05. Python Code Injection can occur in the context of an internet facing web application. Malicious actors can execute arbitrary commands on the underlying operating system, as demonstrated by an...
CVE-2019-7670
Prima Systems FlexAir, Versions 2.3.38 and prior. The application incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component, which could allow attackers to execute commands directly on the operating system...
Gemalto Ezio Server Operating System Command Injection Vulnerability
Gemalto Ezio Server is an authentication server from Gemalto USA. An operating system command injection vulnerability exists in Gemalto Ezio Server versions prior to 3.1.0, which can be exploited by an attacker to execute illegal operating system commands...
CVE-2018-16194
Aterm WF1200CR and Aterm WG1200CR Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier allows authenticated attackers to execute arbitrary OS commands via unspecified vectors...
Mailcleaner Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Mailcleaner Remote Code Execution", 'Description' = %q This module exploits the command injection vulnerability of MailCleaner Community Edition...
Mailcleaner Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Mailcleaner Remote Code Execution", 'Description' = %q This module exploits the command injection vulnerability of MailCleaner Community Edition...
Mailcleaner Remote Code Execution
This module exploits the command injection vulnerability of MailCleaner Community Edition product. An authenticated user can execute an operating system command under the context of the web server user which is root. /admin/managetracing/search/search endpoint takes several user inputs and then...
PT-2018-1554 · Nordvpn · Nordvpn
Name of the Vulnerable Software and Affected Versions: NordVPN version 6.14.28.0 Description: The issue is caused by the failure to neutralize special elements used in an operating system command. Exploitation of this issue can allow an attacker to execute arbitrary commands or code with SYSTEM...
CVE-2018-3856
An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The device incorrectly handles spaces in the URL field, leading to an arbitrary operating system command injection. An attacker can send a series of...
CVE-2018-9276
An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administrator web console with administrative privileges can exploit an OS command injection vulnerability both on the server and on devices by sending malformed parameters in sensor or...
PT-2018-18954 · Paessler · Prtg Network Monitor
Name of the Vulnerable Software and Affected Versions: PRTG Network Monitor versions prior to 18.2.39 Description: An issue was discovered that allows an attacker with access to the PRTG System Administrator web console and administrative privileges to exploit an OS command injection vulnerabilit...