The vulnerability of the Standard Operation and Monitoring function in distributed control systems such as CENTUM VP and CENTUM VP Entry Class allows attackers to execute arbitrary commands.

The vulnerability of the Standard Operation and Monitoring function in distributed control systems such as CENTUM VP and CENTUM VP Entry Class exists due to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability can allow...

The vulnerability of the modular interface between web servers and web applications in Rack, related to improper neutralization of special elements used in operating system commands, allows attackers to execute arbitrary shell commands on the target system.

The vulnerability of the modular interface between web servers and web applications in Rack is related to improper input validation during data processing. This issue occurs when data is transmitted through the intermediate software Rack Lint and CommonLogger. Exploiting this vulnerability allows...

KDDI HOME SPOT CUBE OS Command Injection Vulnerability

KDDI HOME SPOT CUBE2 is a home wireless router from KDDI Japan. KDDI HOME SPOT CUBE2 is vulnerable to an operating system command injection vulnerability, which stems from data received from a DHCP server not being processed properly. An attacker could use this vulnerability to execute arbitrary...

The vulnerability of Huawei CV81-WDM FW printer’s microprogramming software arises from the lack of measures taken to neutralize special elements used in the operating system command set. This vulnerability allows attackers to execute arbitrary operating system commands.

The vulnerability of Huawei CV81-WDM FW printer’s microprogramming software exists due to the lack of measures taken to neutralize the special elements used in the operating system command set. Exploiting this vulnerability allows a remote attacker to execute arbitrary operating system commands...

GHSA-77HF-23PQ-2G7C Code injection in Apache NiFi and NiFi Registry

The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operating system commands on Linux and macOS platforms. The ShellUserGroupProvider is not included in the...

CVE-2022-33140

The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operating system commands on Linux and macOS platforms. The ShellUserGroupProvider is not included in the...

Command injection

The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operating system commands on Linux and macOS platforms. The ShellUserGroupProvider is not included in the...

CVE-2022-33140

The Red Hat, CIRCL, OSV, and other connected feeds confirm CVE-2022-33140 affects Apache NiFi (1.10.0–1.16.2) and Apache NiFi Registry (0.6.0–1.16.2). The root cause is that the optional ShellUserGroupProvider does not neutralize arguments for group resolution commands, allowing command injection...

CVE-2022-33140 Improper Neutralization of Command Elements in Shell User Group Provider

The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operating system commands on Linux and macOS platforms. The ShellUserGroupProvider is not included in the...

Carrier LenelS2 HID Mercury access panels 操作系统命令注入漏洞

Carrier LenelS2 HID Mercury access panels is a controller panel from Carrier, U.S.A. An operating system command injection vulnerability exists in Carrier LenelS2 HID Mercury access panels, which could be exploited by an attacker to pass specially crafted data to an application and execute...

VulnCheck KEV: CVE-2021-4039

A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could allow an attacker to execute arbitrary OS commands on the device...

Popcorn Time Cross-Site Scripting Vulnerability

Popcorn Time is a multi-platform BitTorrent client. version 0.4.7 of Popcorn Time is vulnerable to a cross-site scripting vulnerability that originates in the setting page Movies API Servers field's lack of data validation filtering for user-supplied data and output. An attacker could exploit the...

CVE-2022-25229

Popcorn Time 0.4.7 has a Stored XSS in the 'Movies API Servers' field via the 'settings' page. The 'nodeIntegration' configuration is set to on which allows the 'webpage' to use 'NodeJs' features, an attacker can leverage this to run OS commands...

CVE-2021-42852

A command injection vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an authenticated user to execute operating system commands by sending a crafted packet to the device...

Command injection

A command injection vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an authenticated user to execute operating system commands by sending a crafted packet to the device...

CVE-2021-42852

A command injection vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an authenticated user to execute operating system commands by sending a crafted packet to the device...

The vulnerability of the ImageProcessing software arises from the lack of measures taken to neutralize special elements used in the operating system’s command set, allowing attackers to execute shell commands.

The vulnerability of the ImageProcessing software exists due to the lack of measures taken to neutralize special elements used in the operating system’s commands. Exploiting this vulnerability allows a remote attacker to execute shell commands...

AVEVA InTouch Command Injection Vulnerability

AVEVA InTouch is an open and extensible HMI from AVEVA UK with intuitive graphical animation and scripting capabilities that provide incredible functionality and flexibility for application designers. A command injection vulnerability exists in AVEVA InTouch. The vulnerability stems from a failur...

多款AVEVA产品安全漏洞

AVEVA InTouch is an open and extensible HMI from AVEVA UK with intuitive graphical animation and scripting capabilities that provide incredible functionality and flexibility for application designers. A command injection vulnerability exists in AVEVA InTouch. The vulnerability stems from a failur...

The vulnerability of the Plexus-utils package from the IBM Netezza Analytics extended analytics platform allows a hacker to execute arbitrary commands.

The vulnerability of the Plexus-utils package of the IBM Netezza Analytics extended analytics platform exists due to the lack of measures taken to neutralize the special elements used in the operating system’s command set. Exploiting this vulnerability allows a malicious actor to execute arbitrar...