CVE-2024-20329

A vulnerability in the SSH subsystem of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker to execute operating system commands as root. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by...

CVE-2024-4696

A privilege escalation vulnerability was reported in Lenovo Service Bridge prior to version 5.0.2.17 that could allow operating system commands to be executed if a specially crafted link is visited...

CVE-2024-40890

UNSUPPORTED WHEN ASSIGNED A post-authentication command injection vulnerability in the CGI program of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00AAFR.4C020170615 could allow an authenticated attacker to execute operating system OS commands on an affected device by sending a crafte...

CVE-2024-40891

UNSUPPORTED WHEN ASSIGNED A post-authentication command injection vulnerability in the management commands of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00AAFR.4C020170615 could allow an authenticated attacker to execute operating system OS commands on an affected device via Telnet...

CVE-2024-40890

UNSUPPORTED WHEN ASSIGNED A post-authentication command injection vulnerability in the CGI program of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00AAFR.4C020170615 could allow an authenticated attacker to execute operating system OS commands on an affected device by sending a crafte...

CVE-2024-40890

UNSUPPORTED WHEN ASSIGNED A post-authentication command injection vulnerability in the CGI program of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00AAFR.4C020170615 could allow an authenticated attacker to execute operating system OS commands on an affected device by sending a crafte...

Zyxel VMG4325-B10A 操作系统命令注入漏洞

The Zyxel VMG4325-B10A is a modem from China Heqin Zyxel. An operating system command injection vulnerability exists in the Zyxel VMG4325-B10A version 1.00AAFR.4C020170615. An attacker could exploit this vulnerability to execute operating system OS commands...

Palo Alto Networks Expedition Command Injection Vulnerability

Palo Alto Networks Expedition is a network security appliance used to provide firewall, intrusion detection, and prevention. The Palo Alto Networks Expedition suffers from a command injection vulnerability that can be exploited by an attacker to run arbitrary operating system commands, which can...

Fortinet FortiVoice Operating System Command Injection Vulnerability

Fortinet FortiVoice is a network communications solution from Fortinet, Inc. Fortinet FortiVoice suffers from an operating system command injection vulnerability that arises from an improper neutralization of special elements used in operating system commands, which can be exploited by an attacke...

ROS-20250117-04

Visual Studio Code source code editor vulnerability is related to failure to take measures to neutralize the special elements used in the operating system command. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

CVE-2024-27778

An improper neutralization of special elements used in an OS Command vulnerability CWE-78 vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0....

The vulnerability of the microprogrammed routing software of Four-Faith F3x24 and Four-Faith F3x36 arises from the failure to take measures to neutralize special elements used in the operating system’s commands. This allows attackers to execute arbitrary commands.

The vulnerability of the microprogrammed routing software of Four-Faith F3x24 and Four-Faith F3x36 lies in the lack of measures to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

CVE-2024-51442

Command Injection in Minidlna version v1.3.3 and before allows an attacker to execute arbitrary OS commands via a specially crafted minidlna.conf configuration file...

PT-2025-1294 · Unknown · Stealthone D220 +2

Name of the Vulnerable Software and Affected Versions: STEALTHONE D220/D340/D440 affected versions not specified Description: A user with administrative privileges who logs in to the web management page of the affected product may execute an arbitrary OS command. The vulnerability is related to t...

The vulnerability of the Swagger interface of the IBM WebSphere Automation platform for automating the management and deployment of applications and services allows a perpetrator to execute arbitrary code.

The vulnerability of the Swagger interface of the IBM WebSphere Automation platform for application and service automation and deployment is related to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a malicious...

BeyondTrust Remote Support (RS) <= 24.3.1 Multiple Vulnerabilities

The version of BeyondTrust Remote Support RS running on the remote host is prior or equal to 24.3.1. It is, therefore, potentially affected by multiple vulnerabilities. - All BeyondTrust Remote Support RS versions contain a command injection vulnerability which can be exploited through a maliciou...

VulnCheck KEV: CVE-2019-11001

Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W IP cameras contain an authenticated OS command injection vulnerability. This vulnerability allows an authenticated admin to use the "TestEmail" functionality to inject and run OS commands as root...

The vulnerability of the “sta_log_htm” application programming interface in the microprogramming-based wireless access points of Advantech EKI-6333AC-2G, EKI-6333AC-2GD, and EKI-6333AC-1GPO allows a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the “staloghtm” application programming interface in the microprogramming-based wireless access points of Advantech EKI-6333AC-2G, EKI-6333AC-2GD, and EKI-6333AC-1GPO models exists due to the lack of measures taken to neutralize the special elements used in the operating syst...

The vulnerability of the “mp_apply” application programming interface of the microprogramming devices for multifunctional wireless access points Advantech EKI-6333AC-2G, EKI-6333AC-2GD, and EKI-6333AC-1GPO allows a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the “mpapply” application programming interface of the microprogramming-based wireless access points of Advantech models EKI-6333AC-2G, EKI-6333AC-2GD, and EKI-6333AC-1GPO exists due to the lack of measures taken to neutralize the special elements used in the operating system...

Ruijie Networks ReyeeOS 安全漏洞

Ruijie Networks ReyeeOS is a router from Ruijie Networks China. A security vulnerability exists in Ruijie Networks ReyeeOS version 2.206.x up to and including version 2.320.x. An attacker can use this vulnerability to send a malicious message. An attacker could use this vulnerability to send a...