1086 matches found
CVE-2023-28400
mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands...
Design/Logic Flaw
mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands...
Design/Logic Flaw
mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands...
Design/Logic Flaw
mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands...
Design/Logic Flaw
mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands...
Design/Logic Flaw
mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands...
CVE-2023-28716 CVE-2023-28716
mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands...
CVE-2023-29150 CVE-2023-29150
mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands...
The vulnerability of the microprogramming software in the remote terminal block INEA ME RTU arises from the lack of measures taken to neutralize special elements used in the operating system’s commands. This allows a perpetrator to execute arbitrary code.
The vulnerability of the microprogrammed remote terminal block INEA ME RTU exists due to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
CVE-2023-25133
Improper privilege management vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote...
Privilege escalation
Improper privilege management vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote...
CVE-2023-25759
OS Command Injection in TripleData Reporting Engine in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated users to run unprivileged OS level commands via a crafted request payload...
PT-2023-20282 · Unknown · Tripledata Reporting Engine +1
Name of the Vulnerable Software and Affected Versions: Tripleplay Platform versions prior to 3.4.0 Description: The issue allows authenticated users to run unprivileged OS level commands via a crafted request payload. This is due to an OS Command Injection in the TripleData Reporting Engine...
The vulnerability of the mySCADA myPRO industrial process visualization and control system lies in the lack of measures to neutralize special elements used in the operating system’s commands. This allows attackers to execute arbitrary commands.
The vulnerability of the mySCADA myPRO industrial process visualization and control system exists due to the failure to take measures to neutralize special elements used in the operating system’s commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remote...
PT-2023-2168 · Myscada · Myscada Mypro
Name of the Vulnerable Software and Affected Versions: mySCADA myPRO versions 8.26.0 and prior Description: The issue exists due to the lack of measures to neutralize special elements used in operating system commands. This could allow a remote attacker to execute arbitrary commands. An...
The vulnerability of the graphical and application software interface of the FortiTester hardware-based diagnostic and audit software exists due to the failure to take measures to neutralize the special elements used in the operating system’s command set. This allows attackers to execute arbitrary commands.
The vulnerability of the graphical and application software interface of the FortiTester hardware-based diagnostic and audit software exists due to the failure to take measures to neutralize the special elements used in the operating system command set. Exploiting this vulnerability allows a...
CVE-2023-28726
Panasonic AiSEG2 versions 2.80F through 2.93A allows remote attackers to execute arbitrary OS commands...
PT-2023-21858 · Pymedusa · Pymedusa
Name of the Vulnerable Software and Affected Versions: pymedusa versions prior to 1.0.12 Description: pymedusa is an automatic video library manager for TV Shows. An attacker with access to the web interface can update the git executable path in /config/general/ advanced settings with arbitrary O...
CVE-2023-1304
An authenticated attacker can leverage an exposed getattr method via a Jinja template to smuggle OS commands and perform other actions that are normally expected to be private methods. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the...
Design/Logic Flaw
DrayTek Vigor2960 v1.5.1.4 allows an authenticated attacker with network access to the web management interface to inject operating system commands via the mainfunction.cgi 'parameter' parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...