Design/Logic Flaw

RONDS EPM version 1.19.5 has a vulnerability in which a function could allow unauthenticated users to leak credentials. In some circumstances, an attacker can exploit this vulnerability to execute operating system OS commands...

RONDS EPM 信息泄露漏洞

RONDS EPM is an application from RONDS, Inc. An information disclosure vulnerability exists in RONDS EPM version 1.19.5. An attacker could exploit this vulnerability to execute operating system OS commands...

The vulnerability of FortiWeb web applications’ network firewalls arises from the failure to take measures to neutralize special elements used in the operating system’s command set. This allows attackers to execute arbitrary code or perform arbitrary commands.

The vulnerability of FortiWeb web applications’ network firewalls exists due to the lack of measures taken to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or perform arbitrary commands usin...

Multiple vulnerabilities in MAHO-PBX NetDevancer series

Overview There are multiple vulnerabilities in the Management screen of MAHO-PBX NetDevancer series provided by Mahoroba Kobo, Inc. OS Command Injection CWE-78 - CVE-2023-22279 OS Command Injection CWE-78 - CVE-2023-22280 Cross-Site Request Forgery CWE-352 - CVE-2023-22286 Reflected Cross-site...

GHSA-P4QR-VQ2G-22WP ThinkPHP Framework vulnerable to remote code execution

ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled langswitchon=true. An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including pearcmd.php...

Siemens SICAM PAS/PQS Sensitive Information Plaintext Transfer Vulnerability

Siemens SICAM PAS/PQS is a software from Siemens with an operating system for energy automation and power quality. A security vulnerability exists in Siemens SICAM PAS/PQS versions prior to V7.0 due to the affected software transmitting database credentials for the built-in SQL server in clear...

The vulnerability of the microprogrammed software of the Ricon Mobile S9922XL and S9922L routers exists due to the failure to take measures to neutralize special elements used in the operating system’s command set. This vulnerability allows a perpetrator to execute arbitrary commands with root privileges.

The vulnerability of the microprogrammed software of the Ricon Mobile S9922XL and S9922L routers exists due to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

CVE-2022-39044

Hidden functionality vulnerability in multiple Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command. The affected products/versions are as follows: WCR-300 firmware Ver. 1.87 and earlier, WHR-HP-G300N firmware Ver. 2.00 and...

The vulnerability of the tcpdump function in the web interface for managing Cisco Identity Services Engine (ISE) connections allows a hacker to execute arbitrary commands.

The vulnerability of the tcpdump web interface of the Cisco Identity Services Engine ISE management platform relates to the lack of measures taken to neutralize special elements used in operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

CVE-2022-45045

Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow authenticated users to execute arbitrary commands as root, as exploited in the wild starting in approximately 2019. A remote and authenticated...

The vulnerability of the graphical web interface for managing and monitoring ClusterLabs Hawk allows a perpetrator to execute arbitrary code.

The vulnerability of the graphical web interface for managing and monitoring ClusterLabs Hawk exists due to the lack of measures taken to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remote...

CVE-2022-44808

A command injection vulnerability has been found on D-Link DIR-823G devices with firmware version 1.02B03 that allows an attacker to execute arbitrary operating system commands through well-designed /HNAP1 requests. Before the HNAP API function can process the request, the system function execute...

Cisco Identity Services Engine Vulnerabilities

Multiple vulnerabilities in Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to inject arbitrary operating system commands, bypass security protections, and conduct cross-site scripting attacks. For more information about these vulnerabilities, see the Details...

Six Apart Movable Type 代码注入漏洞

Six Apart Movable Type is an application from Six Apart USA. It provides features such as multiple users, comments, trackbacks, and threads. A security vulnerability exists in Six Apart Movable Type, which can be exploited to execute arbitrary Perl scripts and/or arbitrary operating system comman...

CVE-2022-20934

A vulnerability in the CLI of Cisco Firepower Threat Defense FTD Software and Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root. This vulnerability is due to improper input validation for specific CLI commands...

CVE-2021-34569

In WAGO I/O-Check Service in multiple products an attacker can send a specially crafted packet containing OS commands to crash the diagnostic tool and write memory...

CVE-2021-34567

In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service and an limited out-of-bounds read...

PT-2022-10356 · Wago · Wago I/O-Check Service

Name of the Vulnerable Software and Affected Versions: WAGO I/O-Check Service affected versions not specified Description: The issue allows an attacker to send a specially crafted packet containing OS commands to crash the diagnostic tool and write memory. Recommendations: At the moment, there is...

WAGO 安全漏洞

WAGO is a 750-88x series programmable logic controller from WAGO, Germany. The device is designed for use in industrial environments as an electronic system for the operation of digital algorithms. A security vulnerability exists in the WAGO I/O-Check Service that originates from an unauthenticat...

WAGO 缓冲区错误漏洞

WAGO is a 750-88x series programmable logic controller from WAGO, Germany. The device is a digital algorithmic operating electronics system designed specifically for applications in industrial environments. A buffer error vulnerability exists in the WAGO I/O-Check Service, which originates from a...