The vulnerability of microprogrammed software for Rosemount GC370XA, GC700XA, and GC1500XA gas chromatographs lies in the lack of measures taken to neutralize special elements used in the operating system’s command set, allowing attackers to execute arbitrary commands.

The vulnerability of microprogrammed software in Rosemount GC370XA, GC700XA, and GC1500XA gas chromatographs is related to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability can allow a remote attacker to execute arbitrar...

QNAP Systems Photo Station Command Injection Vulnerability

QNAP Systems Photo Station is an online photo album from QNAP Systems. It is used to organize multimedia content photos and movies on Qnap Nas. A command injection vulnerability exists in QNAP Photo Station prior to version 6.4.2, which stems from an operating system command injection...

The vulnerability of microprogrammed software in Rosemount GC370XA, GC700XA, and GC1500XA gas chromatographs arises from the lack of measures taken to neutralize special elements used in the operating system’s command set. This allows a perpetrator to execute arbitrary code.

The vulnerability of the microprogrammed software of the Rosemount GC370XA, GC700XA, and GC1500XA gas chromatographs is related to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute...

Command injection

The post-authentication command injection vulnerability in Zyxel NAS326 firmware versions through V5.21AAZF.15C0 and NAS542 firmware versions through V5.21ABAG.12C0 could allow an authenticated attacker with administrator privileges to execute some operating system OS commands by sending a crafte...

CVE-2023-5372

The post-authentication command injection vulnerability in Zyxel NAS326 firmware versions through V5.21AAZF.15C0 and NAS542 firmware versions through V5.21ABAG.12C0 could allow an authenticated attacker with administrator privileges to execute some operating system OS commands by sending a crafte...

Input validation

Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows OS Command Injection. The AppBuilder's Scheduler functionality that facilitates creation of scheduled tasks is vulnerable to command injection. This allows authenticated users to inject arbitrary operating...

CVE-2024-1015

Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3 affecting versions 03.07.03 and higher. An attacker could send different commands from the operating system to the system via the web configuration functionality of the device...

UBUNTU-CVE-2023-38317

An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the network interface name entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands...

openNDS Security Vulnerabilities

openNDS is openNDS open source a high-performance, small footprint portal system. A security vulnerability exists in openNDS prior to version 10.1.3 that stems from an inability to clean up a network interface name entry in a configuration file, allowing an attacker with direct or indirect access...

PT-2024-12709 · Opennds +1 · Opennds +1

Name of the Vulnerable Software and Affected Versions: OpenNDS versions prior to 10.1.3 Description: An issue was discovered in OpenNDS where it fails to sanitize the gateway FQDN entry in the configuration file. This allows attackers with direct or indirect access to the configuration file to...

The vulnerability of the Atril document viewing program relates to the possibility of inserting commands that allow a hacker to execute arbitrary code.

The vulnerability of the Atril application for viewing multi-page documents is related to improper elimination of special elements used in the OS command. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the Network Diagnostic Commands function in the microprogramming software of the SmartNode SN200 adapter allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Network Diagnostic Commands function in the microprogramming software of the SmartNode SN200 adapter lies in the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability can allow a remote attacker to...

PT-2024-1069 · Tp Link · Tp-Link Archer Ax5400 +2

Name of the Vulnerable Software and Affected Versions: TP-Link Archer AX3000 versions TP-Link Archer AX5400 versions TP-Link Archer AXE75 versions Description: The issue exists due to the lack of measures to neutralize special elements used in the operating system command. This allows a...

PT-2024-19047 · Tp Link · Tp-Link

Name of the Vulnerable Software and Affected Versions: TP-LINK products affected versions not specified Description: The issue allows a network-adjacent unauthenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands on the product that has...

SAP Application Interface Framework Code Injection Vulnerability

SAP Application Interface Framework SAP AIF is an application interface framework from SAP. A code injection vulnerability exists in the SAP Application Interface Framework File Adapter, which can be exploited to allow an elevated privilege user to traverse layers and directly execute operating...

The vulnerability of Proscend M330-w, M330-W5, M350-5G, M350-W5G, M350-6, M350-W6, M301-G, M301-GW, and ICR 111WG microprogrammed software in industrial routers stems from the lack of measures to neutralize special elements used in the operating system’s command set. This allows attackers to execute arbitrary commands.

The vulnerability of Proscend M330-w, M330-W5, M350-5G, M350-W5G, M350-6, M350-W6, M301-G, M301-GW, and ICR 111WG microprogrammed software in industrial routers is related to the lack of measures taken to neutralize the special elements used in the operating system’s commands. Exploiting this...

Dell Virtual Appliance Manager Command Injection Vulnerability (CNVD-2024-0018561)

Dell Virtual Appliance Manager is a virtual appliance manager from Dell USA. A command injection vulnerability exists in Dell Virtual Appliance Manager, which can be exploited by an attacker to cause arbitrary operating system commands to be executed on an affected system...

The vulnerability of the Nagios XI monitoring tool arises from the lack of measures taken to neutralize special elements used in the operating system command. This allows a perpetrator to execute arbitrary code with root privileges.

The vulnerability of the Nagios XI monitoring tool exists because measures are not taken to neutralize special elements used in the operating system command. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute arbitrary code with root privileges by sending a...

The vulnerability of Fortinet FortiWLM, a centralized management system for WLAN access points and LAN switches, arises due to the failure to take measures to eliminate special elements used in the operating system’s command set. This vulnerability allows attackers to execute arbitrary commands.

The vulnerability of Fortinet FortiWLM, a centralized management system for WLAN access points and LAN switches, exists due to the failure to take measures to neutralize special elements used in the operating system’s commands. Exploiting this vulnerability allows a malicious actor to execute...

CVE-2023-48668

Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 on DDMC contain an OS command injection vulnerability in an admin operation. A local high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands o...