CVE-2023-24229

Summary: CVE-2023-24229 affects DrayTek Vigor2960 (v1.5.1.4). An authenticated attacker with network access to the device’s web management interface can inject operating system commands through the mainfunction.cgi parameter, enabling arbitrary command execution. This vulnerability exists in a de...

CVE-2023-0978

A command injection vulnerability in Trellix Intelligent Sandbox CLI for version 5.2 and earlier, allows a local user to inject and execute arbitrary operating system commands using specially crafted strings. This vulnerability is due to insufficient validation of arguments that are passed to...

CVE-2023-0978

A command injection vulnerability in Trellix Intelligent Sandbox CLI for version 5.2 and earlier, allows a local user to inject and execute arbitrary operating system commands using specially crafted strings. This vulnerability is due to insufficient validation of arguments that are passed to...

CVE-2023-0978

Summary: CVE-2023-0978 concerns Trellix Intelligent Sandbox CLI, affected in versions 5.2 and earlier, due to insufficient validation of CLI arguments that allows a local user to inject and execute arbitrary OS commands. Impact (as stated): local command execution with potential high impact on co...

The vulnerability of the npm systeminformation package on the Node.js software platform allows a hacker to execute arbitrary commands.

The vulnerability of the npm systeminformation package on Node.js platforms exists due to the lack of measures taken to neutralize special elements used in operating system commands. Exploiting this vulnerability allows an attacker to execute arbitrary commands...

CVE-2023-20075

Vulnerability in the CLI of Cisco Secure Email Gateway could allow an authenticated, remote attacker to execute arbitrary commands. These vulnerability is due to improper input validation in the CLI. An attacker could exploit this vulnerability by injecting operating system commands into a...

Input validation

Vulnerability in the CLI of Cisco Secure Email Gateway could allow an authenticated, remote attacker to execute arbitrary commands. These vulnerability is due to improper input validation in the CLI. An attacker could exploit this vulnerability by injecting operating system commands into a...

The software platform for container deployment in the SUSE Rancher production environment is vulnerable. This vulnerability stems from the failure to address the need to neutralize certain special elements used in the operating system command set. This allows attackers to execute arbitrary commands.

The vulnerability of the software platform for container deployment in the SUSE Rancher wrangler production environment exists due to the lack of measures taken to neutralize special elements used in the operating system command set. Exploiting this vulnerability allows a remote attacker to execu...

pdf_info 安全漏洞

pdfinfo is a package pdfinfo command line tool by tomtaylor personal developer. A security vulnerability exists in pdfinfo version 0.5.3, which can be exploited by an attacker to execute operating system commands using a command chain...

Cisco Email Security Appliance Arbitrary Code Execution (cisco-sa-esa-sma-privesc-9DVkFpJ8)

According to its self-reported version, Cisco Email Security Appliance is affected by vulnerability in the CLI of Cisco ESA could allow an authenticated, local attacker to execute arbitrary commands on an affected device. This vulnerability is due to improper input validation in the CLI. An...

K15399: Usermin remote vulnerability CVE-2014-3883

Security Advisory Description Description Usermin before 1.600 allows remote attackers to execute arbitrary operating-system commands via unspecified vectors related to a user action. CVE-2014-3883 Impact None. No F5 products are vulnerable to this vulnerability. Status F5 Product Development has...

The vulnerability of the command-line interface (CLI) implementation of Zyxel networking devices allows a perpetrator to execute arbitrary commands.

The vulnerability of CLI implementations for Zyxel network devices involves a lack of measures to neutralize special elements used in OS commands. Exploiting this vulnerability allows an attacker to execute arbitrary commands remotely...

The vulnerability of the Nagios XI monitoring tool’s script /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php allows a attacker to execute arbitrary commands.

The vulnerability of the Nagios XI monitoring tool’s script located at /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php is related to the failure to take measures to neutralize special elements used in operating system commands. Exploiting this vulnerability allows a...

CVE-2023-20075

Vulnerability in the CLI of Cisco Secure Email Gateway could allow an authenticated, remote attacker to execute arbitrary commands. These vulnerability is due to improper input validation in the CLI. An attacker could exploit this vulnerability by injecting operating system commands into a...

The vulnerability of the lib/ajaxHandlers/ajaxAddTemplate.php component, a utility for managing network device configurations using the rConfig protocol, allows a attacker to execute arbitrary operating system commands.

The vulnerability of the lib/ajaxHandlers/ajaxAddTemplate.php utility, which is used to manage network device configurations in the rConfig framework, exists because special elements used in the operating system command are not properly eliminated. Exploiting this vulnerability allows a malicious...

PT-2023-2971 · Cisco · Cisco Secure Email Gateway

Name of the Vulnerable Software and Affected Versions: Cisco Secure Email Gateway affected versions not specified Description: The issue is due to improper input validation in the CLI, allowing an authenticated, remote attacker to execute arbitrary commands by injecting operating system commands...

Wago PFC200 Cloud Connectivity Multiple Command Injection (CVE-2019-5155)

An exploitable command injection vulnerability exists in the cloud connectivity feature of WAGO PFC200. An attacker can inject operating system commands into any of the parameter values contained in the firmware update command. This affects WAGO PFC200 Firmware version 03.02.0214, version...

The vulnerability of InHand Networks InRouter302’s microprogramming software arises from the failure to take measures to neutralize the special elements used in the operating system command set. This vulnerability allows a perpetrator to execute arbitrary commands.

The vulnerability of InHand Networks InRouter302 microprogramming software exists due to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

EdgeNexus ADC 操作系统命令注入漏洞

EdgeNexus ADC is a powerful and easy-to-use load balancer from EdgeNexus. An operating system command injection vulnerability exists in EdgeNexus ADC version 4.2.8, which stems from the presence of a command injection vulnerability that allows an authenticated attacker to execute arbitrary comman...

The vulnerability of Microprogrammed Software for InHand Networks’ InRouter 302 and InRouter 615 routers arises from the failure to take measures to neutralize special elements used in the operating system command. This vulnerability allows a perpetrator to execute arbitrary code.

The vulnerability of InHand Networks InRouter 302 and InRouter 615 lies in the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary code with root privileges by sending a specially...