1086 matches found
CVE-2021-22657
mySCADA myPRO: Versions 8.20.0 and prior has a feature where the API password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter...
Design/Logic Flaw
mySCADA myPRO: Versions 8.20.0 and prior has a feature where the API password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter...
Design/Logic Flaw
mySCADA myPRO: Versions 8.20.0 and prior has a vulnerable debug interface which includes a ping utility, which may allow an attacker to inject arbitrary operating system commands...
Design/Logic Flaw
mySCADA myPRO: Versions 8.20.0 and prior has a feature to send emails, which may allow an attacker to inject arbitrary operating system commands through a specific parameter...
Design/Logic Flaw
mySCADA myPRO: Versions 8.20.0 and prior has a feature where the firmware can be updated, which may allow an attacker to inject arbitrary operating system commands through a specific parameter...
CVE-2021-43981 mySCADA myPRO
mySCADA myPRO: Versions 8.20.0 and prior has a feature to send emails, which may allow an attacker to inject arbitrary operating system commands through a specific parameter...
CVE-2021-43984
The CVE-2021-43984 issue affects mySCADA myPRO up to version 8.20.0, where the firmware update feature may allow an attacker to inject arbitrary OS commands via a specific parameter. The vulnerability is categorized as an OS command injection with a high to critical impact (C/H/I/H) in multiple s...
CVE-2021-22657 mySCADA myPRO
mySCADA myPRO: Versions 8.20.0 and prior has a feature where the API password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter...
mySCADA myPRO 操作系统命令注入漏洞
mySCADA myPRO is an HMI/SCADA system designed primarily for the visualization and control of industrial processes. An operating system command injection vulnerability exists in mySCADA myPRO, which can be exploited by an attacker to inject arbitrary operating system commands via specific paramete...
The vulnerability of the QNAP QVR video surveillance system lies in the lack of measures to neutralize special elements used in the operating system’s command set, allowing intruders to execute arbitrary commands.
The vulnerability of the QNAP QVR video surveillance system is related to the failure to take measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability can allow a remote attacker to execute arbitrary commands...
CVE-2021-20853
ELECOM LAN routers WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior allows a network-adjacent attacker with an administrator privilege to execute arbitrary OS commands via unspecified vectors...
elecom lan 操作系统命令注入漏洞
elecom lan is a router from Elecom Japan. Elecom lan suffers from an OS command injection vulnerability that stems from improper input validation. An attacker can exploit the vulnerability to pass carefully constructed data to an application and execute arbitrary OS commands on the target system...
Docker code injection vulnerability
Docker is an open source application container engine from the U.S. company Docker. The product supports creating a container lightweight virtual machine and deploying and running applications on Linux systems, as well as automating the installation, deployment, and upgrade of applications throug...
Command injection
A command injection vulnerability was reported in the Integrated Management Module IMM of legacy IBM System x 3550 M3 and IBM System x 3650 M3 servers that could allow the execution of operating system commands over an authenticated SSH or Telnet session...
The vulnerability of the SCADA system “KRUG-2000” software lies in its failure to take measures to neutralize special elements used in the operating system’s commands. This allows a intruder to trigger a service failure or execute arbitrary code.
The vulnerability of the SCADA system “KRUG-2000” lies in the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability can allow an intruder to cause a service failure or execute arbitrary code by introducing arbitrary code into th...
Six Apart Movable Type Command Injection Vulnerability
Six Apart Movable Type is an application from Six Apart, Inc. A command injection vulnerability exists in Six Apart Movable Type due to incorrect input validation in the Movable Type XMLRPC API, which can be exploited by an unauthenticated remote attacker to execute arbitrary operating system...
The vulnerability of the POST request processing mechanism of the enhanced qualified electronic signature service for operating systems “EMIAS” allows a perpetrator to execute arbitrary code.
The vulnerability of the POST request processing mechanism of the enhanced qualified electronic signature service for operating systems “EMIAS” exists due to the failure to take measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a...
The vulnerability of the microprogrammed software in Emerson WirelessHART Gateways of the 1420, 1410D, and 1410 series wireless hardware routers lies in the lack of measures to neutralize special elements used in the operating system’s command set. This allows a hacker to execute arbitrary commands.
The vulnerability of the microprogrammed software in Emerson WirelessHART Gateways of the 1420, 1410D, and 1410 series wireless hardware routers stems from the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remot...
Mail.ru: OS command injection on seedr.ru
site: https://seedr.ru The seedid parameter be vulnerable to OS command injection attacks. It is possible to use various shell metacharacters to inject arbitrary OS commands. The command output does not appear to be returned in the application's responses, however it is possible to inject time...
CVE-2021-33693
SAP Cloud Connector, version - 2.0, allows an authenticated administrator to modify a configuration file to inject malicious codes that could potentially lead to OS command execution...