Crafter CMS Dynamic Management Code Resource Miscontrol Vulnerability (CNVD-2020-63996)

Crafter CMS is an open source content management system for websites, mobile apps, VR and more. A Dynamic Management Code Resource Miscontrol vulnerability exists in Crafter Studio in Crafter CMS. An attacker can exploit this vulnerability to execute OS commands via Groovy scripts...

The vulnerability of the RESTFull API mechanism of the Kylin data processing platform allows a perpetrator to execute arbitrary commands.

The vulnerability of the RESTFull API mechanism of the Kylin data processing platform is related to the failure to take measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

ng-packagr Command Injection Vulnerability

ng-packagr is an extension library for Js for individual developers . The library can be configured via a configuration file to package the developer's library into the APF format . A command injection vulnerability exists in ng-packagr versions prior to 10.1.1, which stems from command injection...

PT-2020-6848 · Sophos · Sophos Sg Utm

Name of the Vulnerable Software and Affected Versions: Sophos SG UTM versions prior to v9.705 MR5 Sophos SG UTM versions prior to v9.607 MR7 Sophos SG UTM versions prior to v9.511 MR11 Description: A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM. The vulnerability is...

SQLMap v1.4.9 - Automatic SQL Injection And Database Takeover Tool

SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lastin...

The vulnerability of the CloudForms Management Engine, a software platform for managing virtual environments, arises from the lack of measures taken to eliminate special elements used in the operating system’s command set. This vulnerability allows attackers to execute arbitrary commands.

The software platform for managing virtual environments, CloudForms Management Engine, is vulnerable due to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotel...

CVE-2020-14324

A high severity vulnerability was found in all active versions of Red Hat CloudForms before 5.11.7.0. The out of band OS command injection vulnerability can be exploited by authenticated attacker while setuping conversion host through Infrastructure Migration Solution. This flaw allows attacker t...

PT-2020-13356 · Aerospike · Aerospike Community Edition

Name of the Vulnerable Software and Affected Versions: Aerospike Community Edition version 4.9.0.5 Description: The issue allows for unauthenticated submission and execution of user-defined functions UDFs, written in Lua, as part of a database query. Although it attempts to restrict code executio...

GHSA-GPRM-XQRC-C2J3 Command Injection in Kylin

Kylin has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command without any protection or validation...

CVE-2020-7825

A vulnerability exists that could allow the execution of operating system commands on systems running MiPlatform 2019.05.16 and earlier. An attacker could execute arbitrary remote command by sending parameters to WinExec function in ExtCommandApi.dll module of MiPlatform...

Command injection

A vulnerability exists that could allow the execution of operating system commands on systems running MiPlatform 2019.05.16 and earlier. An attacker could execute arbitrary remote command by sending parameters to WinExec function in ExtCommandApi.dll module of MiPlatform...

CVE-2020-7825

A vulnerability exists that could allow the execution of operating system commands on systems running MiPlatform 2019.05.16 and earlier. An attacker could execute arbitrary remote command by sending parameters to WinExec function in ExtCommandApi.dll module of MiPlatform...

The vulnerability of the executable file cgibin.exe of the D-Link DIR-865L router’s microprogramming system allows a hacker to execute arbitrary operating system commands.

The vulnerability of the executable file cgibin.exe of the D-Link DIR-865L router operating system exists due to the failure to take measures to neutralize special elements used in the operating system’s commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary command...

The vulnerability of a node’s shell for the `curl` command, related to the failure to eliminate special elements used in operating system commands, allows a perpetrator to execute arbitrary commands.

The vulnerability of a node’s command-line interface for the curl command relates to the failure to address the special elements used in operating system commands. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary commands...

The vulnerability of the libnotify module in penetration testing software, such as the Metasploit Framework, allows a hacker to execute arbitrary commands.

The vulnerability of the libnotify module in testing software with the Metasploit Framework exists due to the lack of measures taken to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

PT-2020-13814 · Monstra · Monstra Cms

Name of the Vulnerable Software and Affected Versions: Monstra CMS version 3.0.4 Description: The issue allows an attacker with administrative access to execute arbitrary OS commands via the Theme Module by visiting the "admin/index.php?id=themes&action=edit chunk" URI. This is achieved by...

PT-2020-2908 · D Link · D-Link Dir-865L

Name of the Vulnerable Software and Affected Versions: D-Link DIR-865L Ax version 1.20B01 Beta Description: The issue exists due to the lack of neutralization of special elements used in the operating system command. This allows a remote attacker to execute arbitrary operating system commands. Th...

Lexiglot Operating System Command Injection Vulnerability

Lexiglot is a translation platform written in PHP by the French software developer Damien Sorel. An operating system command injection vulnerability exists in the admin.php script in Lexiglot versions 2014-11-20 and earlier. An attacker can exploit this vulnerability by adding a new item to execu...

Vim OS Command Injection Vulnerability

Vim is an editor for the UNIX platform. An operating system command injection vulnerability exists in Vim versions prior to 8.1.0881. The vulnerability can be exploited to bypass rvim restricted mode and execute arbitrary operating system commands with the help of a scripting interface e.g.,...

CVE-2020-11950

VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x and before XXXXX-VVTK-0XXXXBeta2 allows an authenticated user to upload and execute a script with resultant execution of OS commands. For example, this affects IT9388-HT devices...