workflow-cps-global-lib: OS command execution through crafted SCM contents

A flaw was found in Jenkins. The JenkinsPipeline: Shared Groovy Libraries uses the same checkout directories for distinct SCMs for Pipeline libraries. This flaw allows attackers with item/configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents. This...

workflow-multibranch: OS command execution through crafted SCM contents

A flaw was found in Jenkins. The Pipeline: Multibranch uses the same checkout directories for distinct SCMs for the readTrusted step. This flaw allows attackers with item/configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents.This allows attackers to...

ManageEngine ADSelfService Plus Custom Script Execution Exploit

This Metasploit module exploits the "custom script" feature of ADSelfService Plus. The feature was removed in build 6122 as part of the patch for CVE-2022-28810. For purposes of this module, a "custom script" is arbitrary operating system command execution. This module uses an attacker provided...

CVE-2022-27188

OS command injection vulnerability exists in CENTUM VP R4.01.00 to R4.03.00, CENTUM VP Small R4.01.00 to R4.03.00, CENTUM VP Basic R4.01.00 to R4.03.00, and B/M9000 VP R6.01.01 to R6.03.02, which may allow an attacker who can access the computer where the affected product is installed to execute ...

Crestron Multiple Products Command Injection Vulnerability

Multiple Crestron products are vulnerable to command injection via the filetransfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root...

CVE-2022-0999

An authenticated user may be able to misuse parameters to inject arbitrary operating system commands into mySCADA myPRO versions 8.25.0 and prior...

CVE-2022-0999

An authenticated user may be able to misuse parameters to inject arbitrary operating system commands into mySCADA myPRO versions 8.25.0 and prior...

Authentication flaw

An authenticated user may be able to misuse parameters to inject arbitrary operating system commands into mySCADA myPRO versions 8.25.0 and prior...

CVE-2022-0999 mySCADA myPRO Command Injection

An authenticated user may be able to misuse parameters to inject arbitrary operating system commands into mySCADA myPRO versions 8.25.0 and prior...

workflow-multibranch: OS command execution through crafted SCM contents

A flaw was found in Jenkins. The Pipeline: Multibranch uses the same checkout directories for distinct SCMs for the readTrusted step. This flaw allows attackers with item/configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents.This allows attackers to...

Github Git 操作系统命令注入漏洞

Github Git is a free, open source distributed version control system. An operating system command injection vulnerability exists in Github Git, which stems from the lack of cleanup functionality in the Git.git method, allowing the execution of operating system commands instead of just the git...

Fortinet FortiWLM Command Injection Vulnerability

A command injection vulnerability exists in Fortinet FortiWLC, a wireless LAN controller from Fortinet, which stems from a failure to properly validate input data in the alert dashboard and controller configuration handler. HTTP requests and execute arbitrary operating system commands on the targ...

PT-2022-17113 · Jenkins · Jenkins Pipeline: Shared Groovy Libraries Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline: Shared Groovy Libraries Plugin versions 552.vd9cc05b8a2e1 and earlier Jenkins Pipeline: Shared Groovy Libraries Plugin version 2.18.1 Jenkins Pipeline: Shared Groovy Libraries Plugin version 2.21.1 Description: The issue...

The vulnerability of the software responsible for creating, monitoring, and orchestrating data processing scripts in Airflow lies in the failure to take measures to neutralize special elements used in the OS commands. This allows a malicious actor to execute arbitrary commands with superuser privileges.

The vulnerability of the software used for creating, monitoring, and orchestrating data processing scripts in Airflow is related to the lack of measures taken to neutralize special elements used in the OS commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary comman...

PT-2022-8910 · Liferay · Liferay Portal Server

Name of the Vulnerable Software and Affected Versions: Liferay Portal Server versions 7.2.0 GA1 through 7.3.5 GA6 Description: The issue allows an administrator user to inject commands through the Gogo Shell module, enabling the execution of any OS command on the Liferay Portal Server. This is...

CVE-2021-45912

An unauthenticated Named Pipe channel in Controlup Real-Time Agent cuAgent.exe before 8.5 potentially allows an attacker to run OS commands via the ProcessActionRequest WCF method...

CVE-2021-35031

A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, which could allow an authenticated LAN user to execute arbitrary OS commands via the GUI of the vulnerable device...

CVE-2021-43981

mySCADA myPRO: Versions 8.20.0 and prior has a feature to send emails, which may allow an attacker to inject arbitrary operating system commands through a specific parameter...

CVE-2021-43984

mySCADA myPRO: Versions 8.20.0 and prior has a feature where the firmware can be updated, which may allow an attacker to inject arbitrary operating system commands through a specific parameter...

CVE-2021-23198

mySCADA myPRO: Versions 8.20.0 and prior has a feature where the password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter...