CVE-2025-36606

Dell Unity, versions 5.5 and prior, contains an OS Command Injection Vulnerability in its svcnfssupport utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges...

The vulnerability of the graphical interface of Git, a distributed version control system for software development by Microsoft Visual Studio, allows a hacker to execute arbitrary commands.

The vulnerability of the graphical interface of Git, a distributed version control system for software development by Microsoft Visual Studio, exists due to the failure to address the issues related to special elements used in operating system commands. Exploiting this vulnerability could allow a...

Nokia WaveSuite NOC 安全漏洞

Nokia WaveSuite NOC is a unified operations and maintenance platform for optical networks from Nokia Finland. A security vulnerability exists in Nokia WaveSuite NOC that stems from a command that allows unfiltered user input to be passed to the underlying operating system for execution, potential...

MB Connect Line mbNET.mini 操作系统命令注入漏洞

The mbNET.mini from MB CONNECT LINE is an industrial router designed for industrial scenarios and is primarily used to enable secure remote connections to machines and systems. MB CONNECT LINE mbNET.mini suffers from an operating system command injection vulnerability that stems from improper...

D-Link DI-7300G+ Command Injection Vulnerability

The D-Link DI-7300G+ is a ruggedized, enterprise-grade smart gateway from China-based D-Link. The D-Link DI-7300G+ suffers from a command injection vulnerability that is caused by a flaw in httpddebug.asp. An attacker can exploit this vulnerability to execute arbitrary operating system commands o...

Conductor 安全漏洞

Conductor is an event-driven orchestration platform for the Orkes community. A security vulnerability exists in Conductor version v3.21.11, which stems from unrestricted access to Java classes and could lead to the execution of arbitrary OS commands...

CVE-2025-34044

A remote command injection vulnerability exists in the confirm.php interface of the WIFISKY 7-layer Flow Control Router via a specially-crafted HTTP GET request to the t parameter. Insufficient input validation allows unauthenticated attackers to execute arbitrary OS commands. Exploitation eviden...

The vulnerability of HDL-T hard disk microprogramming software lies in the lack of measures taken to neutralize special elements used in the operating system’s command set, allowing a hacker to execute arbitrary code.

The vulnerability of HDL-T hard disk microprogramming software is related to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

CrafterCMS 安全漏洞

CrafterCMS is a Java-based CMS from CrafterCMS, Inc. A security vulnerability exists in CrafterCMS versions 4.0.0 through 4.2.2 that stems from a Groovy sandbox bypass resulting in OS commands that can be executed by certified developers...

The vulnerability of Dell Storage Manager’s cluster management software lies in its failure to eliminate special elements used in the operating system command. This allows a hacker to execute arbitrary code.

The vulnerability of Dell Storage Manager’s cluster management software lies in the lack of measures taken to neutralize special elements used in the operating system command set. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

CVE-2023-28767

The configuration parser fails to sanitize user-controlled input in the Zyxel ATP series firmware versions 5.10 through 5.36, USG FLEX series firmware versions 5.00 through 5.36, USG FLEX 50W series firmware versions 5.10 through 5.36, USG20W-VPN series firmware versions 5.10 through 5.36, and VP...

CVE-2023-28716

mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands...

CVE-2023-28384

mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands...

The vulnerability of the FUN_00459fdc function in the Totolink A3002R router’s microprogramming software allows a intruder to execute arbitrary commands.

The vulnerability of FUN00459fdc in the Totolink A3002R router’s microprogramming software relates to the failure to take measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

CVE-2022-40799

Data Integrity Failure in 'Backup Config' in D-Link DNR-322L = 2.60B15 allows an authenticated attacker to execute OS level commands on the device...

CVE-2022-20964

A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to inject arbitrary commands on the underlying operating system. This vulnerability is due to improper validation of user input within requests as part of the...

CVE-2021-26752

NeDi 1.9C allows an authenticated user to execute operating system commands in the Nodes Traffic function on the endpoint /Nodes-Traffic.php via the md or ag HTTP GET parameter. This allows an attacker to obtain access to the operating system where NeDi is installed and to all application data...

CVE-2021-42852

A command injection vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an authenticated user to execute operating system commands by sending a crafted packet to the device...

CVE-2019-3929

The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pr...

CVE-2019-5156

An exploitable command injection vulnerability exists in the cloud connectivity functionality of WAGO PFC200 versions 03.02.0214, 03.01.0713, and 03.00.3912. An attacker can inject operating system commands into the TimeoutPrepared parameter value contained in the firmware update command...