Cisco Firepower Threat Defense和Cisco FXOS Software 操作系统操作系统命令注入漏洞

Cisco Firepower Threat Defense FTD and Cisco FXOS Software are both products of Cisco, Inc. Cisco Firepower Threat Defense is a unified suite of software that provides next-generation firewall services.Cisco FXOS Cisco FXOS Software is a suite of firewall software that runs in Cisco security...

WAGO 安全漏洞

WAGO is a 750-88x series programmable logic controller from WAGO, Germany. The device is designed for use in industrial environments as an electronic system for the operation of digital algorithms. A security vulnerability exists in the WAGO I/O-Check Service, which can be exploited by an...

PT-2022-10353 · Wago · Wago I/O-Check Service

Name of the Vulnerable Software and Affected Versions: WAGO I/O-Check Service affected versions not specified Description: The issue allows an unauthenticated remote attacker to send a specially crafted packet containing OS commands, which can cause the iocheck process to crash and result in memo...

CVE-2022-43567 Remote Code Execution via the Splunk Secure Gateway application Mobile Alerts feature

In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run arbitrary operating system commands remotely through the use of specially crafted requests to the mobile alerts feature in the Splunk Secure Gateway app...

The vulnerability of the Fortinet FortiClient for Mac security tool arises from the lack of measures taken to neutralize special elements used in the operating system’s command set. This allows attackers to bypass security restrictions and execute arbitrary commands.

The vulnerability of the Fortinet FortiClient for Mac protection tool is related to the lack of measures taken to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows an attacker to bypass security restrictions and execute arbitrary commands...

Usermin 操作系统命令注入漏洞

Webmin Usermin is a web-based interface from Webmin Inc. It is used for webmail, password change, mail filters, fetchmail, and more. A security vulnerability exists in Usermin version 1.850 and earlier versions. An attacker can exploit this vulnerability to perform OS command injection attacks...

Design/Logic Flaw

MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108HE, contain a web shell that is accessible via a /shell URI. A remote unauthenticated attacker can execute arbitrary operating system commands as root. This vulnerability has also been referred to as the "JAWS webserver RCE"...

PT-2022-6359 · Dell Emc · Dell Emc Metro Node

Name of the Vulnerable Software and Affected Versions: Dell EMC Metro node versions prior to 7.1 Description: The issue is related to incorrect code generation management in the system, allowing a remote attacker to execute arbitrary commands. An authenticated nonprivileged attacker could...

The vulnerability of the Administrative Console Framework software platform of IBM Spectrum Protect Plus allows a perpetrator to execute arbitrary code.

The vulnerability of the Administrative Console Framework of the IBM Spectrum Protect Plus software protection platform lies in the lack of measures taken to neutralize special elements used in the operating system command set. Exploiting this vulnerability allows a remote attacker to execute...

Crafter CMS 安全漏洞

Crafter CMS is an open source content management system CMS for digital experience applications. A security vulnerability exists in Crafter CMS Crafter Studio versions prior to 3.1.23, which stems from improperly controlled dynamic management code resources that allow authenticated developers to...

CVE-2022-38094

OS command injection vulnerability in the telnet function of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote authenticated attacker to execute an arbitrary OS command...

Planex Holding SmaCam CS-QR10和SmaCam Night Vision CS-QR20 授权问题漏洞

Planex Holding SmaCam CS-QR10 and Planex Holding SmaCam Night Vision CS-QR20 are both products of Planex Holding, Japan.Planex Holding SmaCam CS-QR10 is a networked smart camera. Holding SmaCam Night Vision CS-QR20 is a network camera. A security vulnerability exists in all versions of the SmaCam...

The vulnerability of the KDDI Home Spot Cube2 router’s microprogramming software lies in the lack of measures to neutralize the special elements used in the operating system’s command set, allowing attackers to execute arbitrary operating system commands.

The vulnerability of the microprogrammed software of the KDDI Home Spot Cube2 relates to the failure to take measures to neutralize special elements used in the operating system’s commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands of the operating syste...

CVE-2022-2234

An authenticated mySCADA myPRO 8.26.0 user may be able to modify parameters to run commands directly in the operating system...

Movable Type 代码注入漏洞

Six Apart Movable Type MT is a blogging system from Six Apart USA. The system includes features such as multiple users, comments, quotes, and topics. A code injection vulnerability exists in Movable Type that originates from a specially crafted message that can be sent to the Movable Type XMLRPC...

CVE-2022-35733

Missing authentication for critical function vulnerability in UNIMO Technology digital video recorders UDR-JA1004/JA1008/JA1016 firmware versions v1.0.20.13 and earlier, and UDR-JA1016 firmware versions v2.0.20.13 and earlier allows a remote unauthenticated attacker to execute an arbitrary OS...

mySCADA myPRO 操作系统命令注入漏洞

mySCADA myPRO is a software application. myPRO is a professional HMI/SCADA system designed for the visualization and control of industrial processes. An operating system command injection vulnerability exists in versions of mySCADA myPRO prior to 8.26.0. The vulnerability stems from an improper...

The vulnerability of the Reolink RLC-410W IP camera’s microprogramming software arises from the lack of measures taken to neutralize the special elements used in the operating system’s command set. This vulnerability allows a intruder to execute arbitrary commands.

The vulnerability of the Reolink RLC-410W IP camera’s microprogramming software exists due to the lack of measures taken to neutralize the special elements used in the operating system’s commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the Reolink RLC-410W camera’s microprogramming software arises from the lack of measures taken to neutralize the special elements used in the operating system’s command set. This allows a intruder to execute arbitrary commands.

The vulnerability of the Reolink RLC-410W IP camera’s microprogramming software exists due to the lack of measures taken to neutralize the special elements used in the operating system’s commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

Nintendo Wi-Fi Network Adaptor WAP-001 操作系统命令注入漏洞

The Nintendo Wi-Fi Network Adaptor WAP-001 is a network adapter from Nintendo of Japan. A security vulnerability exists in the Nintendo Wi-Fi Network Adaptor WAP-001 that could allow a user with access to the product management page to execute arbitrary operating system commands...