proxy-down 操作系统命令注入漏洞

proxyee-down is an open source free HTTP high-speed downloader , the underlying use of netty development , support for custom HTTP request download and support for extensions , you can install extensions to achieve special download requirements . Proxyee-down suffers from an operating system...

PT-2021-21488 · D Link · Dsl-2750U

Name of the Vulnerable Software and Affected Versions: D-Link router DSL-2750U versions vME1.16 and prior Description: The issue allows an unauthenticated attacker on the local network to modify the configuration and execute any OS commands on the vulnerable device. Recommendations: For D-Link...

Nagios XI 操作系统命令注入漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems and more. A security vulnerability exists in Nagios XI Switch Wizard, which stems from the fact that Nagios XI...

Nagios XI 操作系统命令注入漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI Switch Wizard, which stems from the fact that Nagios XI Switc...

Palo Alto Networks PAN-OS 操作系统命令注入漏洞

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks, Inc. for its firewall appliances. An operating system command injection vulnerability exists in the Palo Alto Networks PAN-OS web, which stems from an operating system command injection vulnerability in the Palo Alt...

aaPanel 安全漏洞

aaPanel is an open source hosting control panel. A security vulnerability exists in aaPanel LinuxStable 6.8.12, which allows attackers to conduct cross-site WebSocket hijacking CSWH and OS commands in WebSocket messages...

CVE-2020-25206

The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 allows authenticated command injection in the Throughput, WANStats, PhyStats, and QosStats API classes. An attacker with access to a web console account may execute operating system commands on affected devices by sending crafte...

CVE-2021-28634

Acrobat Reader DC versions 2021.005.20054 and earlier, 2020.004.30005 and earlier and 2017.011.30197 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command. An authenticated attacker could leverage this vulnerability to achieve arbitrary code execution on...

The vulnerability of FortiWeb web applications’ network firewalls arises from the failure to take measures to neutralize special elements used in the operating system’s command set. This vulnerability allows attackers to execute arbitrary commands.

The vulnerability of FortiWeb web applications’ network firewalls exists due to the lack of measures taken to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely, using the SAML serve...

The vulnerability of Adobe After Effects’ video and dynamic image editing software lies in the lack of measures taken to neutralize special elements used in operating system commands, allowing a perpetrator to execute arbitrary OS commands on the target system.

The vulnerability of Adobe After Effects video and dynamic image editing software relates to the lack of measures taken to neutralize special elements used in operating system commands. Exploiting this vulnerability allows a malicious actor to remotely execute arbitrary OS commands on the target...

The vulnerability of the node-notifier package, related to the failure to take measures to neutralize special elements used in operating system commands, allows a perpetrator to execute arbitrary code.

The vulnerability of the node-notifier package is related to the failure to take measures to neutralize special elements used in operating system commands. Exploiting this vulnerability allows an attacker to execute arbitrary code...

MyQ X 操作系统命令注入漏洞

MyQ X is an application of myq-solution. It neatly organizes past and active projects in one place and centralizes their management in one interface. A security vulnerability exists in MyQ X Smart versions prior to 8.2, which can be exploited by an attacker to inject arbitrary OS commands via the...

VulnCheck KEV: CVE-2020-24581

An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU2.31V1.1.47ae55. It contains an executecmd.cgi feature that is not reachable via the web user interface that lets an authenticated user execute Operating System commands...

The vulnerability of the webSetEMailAlert function in the embedded web server, due to insufficient validation of input data, allows a malicious user to elevate their privileges and execute system commands of the operating system.

The vulnerability of the webSetEMailAlert function in the embedded web server is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to enhance their privileges and execute system commands of the operating system...

Cisco DNA Spaces OS Command Injection Vulnerability (CNVD-2021-37121)

Cisco DNA Spaces is a set of indoor location services platform of the United States Cisco Cisco. An operating system command injection vulnerability exists in Cisco DNA Spaces Connector versions prior to 2.3.1, which can be exploited by an attacker to execute arbitrary operating system commands o...

The vulnerability of Cisco Enterprise NFV Infrastructure Software (NFVIS) lies in the lack of measures to neutralize special elements used in operating system commands, allowing attackers to execute arbitrary commands with root privileges.

The vulnerability of Cisco Enterprise NFV Infrastructure Software NFVIS is related to the lack of measures taken to neutralize special elements used in operating system commands. Exploiting this vulnerability allows an attacker to execute arbitrary commands with root privileges...

CVE-2021-21550

Dell EMC PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. This vulnerability can allow an authenticated user with ISIPRIVLOGINSSH or ISIPRIVLOGINCONSOLE privileges to escalate privileges...

The vulnerability of the DestIP parameter in the microprogramming software for industrial Ethernet switches Moxa MGate 5105-MB-EIP allows a hacker to enhance their privileges or execute arbitrary code.

The vulnerability of the DestIP parameter in the microprogrammed industrial Ethernet switch Moxa MGate 5105-MB-EIP relates to the lack of measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability can allow a remote attacker to increase their...

Symantec Security Analytics Web UI 操作系统命令注入漏洞

Symantec Security Analytics Web UI is an application from Symantec Corporation, USA. Symantec Security Analytics suffers from an operating system command injection vulnerability that results from improper input validation. An unauthenticated, remote attacker could use this vulnerability to send...

PT-2021-14497 · Grav · Grav Admin Plugin

Name of the Vulnerable Software and Affected Versions: Grav Admin Plugin versions 1.10.7 and earlier Description: The issue allows an unauthenticated user to execute certain methods of the administrator controller without credentials, resulting in arbitrary YAML file creation or modification. Thi...