Path traversal

Relative path traversal in Druva inSync Windows Client 6.6.3 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges...

The vulnerability of spam filtering systems using Perl-based text analysis tools like SpamAssassin arises from the failure to address the special elements used in operating system commands. This allows attackers to access confidential data, compromise its integrity, and cause service interruptions.

The vulnerability of spam filtering systems that use Perl-based text analysis, such as SpamAssassin, is related to incorrect configuration of malicious rules or configuration files, which may have been uploaded from the update server. Exploiting this vulnerability can allow a remote attacker to...

BMC Control-M/Agent Command Injection Vulnerability

Control-M is one of BMC's most important automation control products, and is the world's leading integrated business scheduling solution for cross-platform and cross-application job scheduling. A security vulnerability exists in BMC Control-M/Agent when using the TCP protocol, which can be...

BMC Control-M/Agent Command Injection Vulnerability (CNVD-2020-26845)

Control-M is one of BMC's most important automation control products, and is the world's leading integrated business scheduling solution for cross-platform and cross-application job scheduling. A security vulnerability exists in the communication between BMC Control-M/Agent and Control-M/Server...

Beeline Smart Box Operating System Command Injection Vulnerability

The Beeline Smart Box is a wireless router from the Russian company Beeline. A security vulnerability exists in Beeline Smart Box version 2.0.38. An attacker can exploit this vulnerability via the 'Ping pingipaddr', 'Nslookup nslookupipaddr' or 'Traceroute tracerouteipaddr' parameters to execute...

CVE-2020-8639

An unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. This allows an authenticated attacker to upload a malicious file containing PHP code to execute operating system...

CVE-2020-8639

An unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. This allows an authenticated attacker to upload a malicious file containing PHP code to execute operating system...

Unrestricted file upload

An unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. This allows an authenticated attacker to upload a malicious file containing PHP code to execute operating system...

ZEVENET Zen Load Balancer Operating System Command Injection Vulnerability

ZEVENET Zen Load Balancer is an application delivery controller from ZEVENET Spain. A security vulnerability exists in Manage::Certificates in ZEVENET Zen Load Balancer version 3.10.1. An attacker can exploit this vulnerability with the help of parameters such as 'certissuer' with shell...

EKAKIN Shihonkanri Plus GOOUT Operating System Command Injection Vulnerability

EKAKIN Shihonkanri Plus GOOUT is a CGI Common Gateway Interface from EKAKIN Japan. An operating system command injection vulnerability exists in EKAKIN Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10. A remote attacker could exploit this vulnerability to execute arbitrary operating system commands...

The vulnerability of Cisco Remote PHY device’s software lies in the lack of measures taken to neutralize special elements used in the operating system commands. This allows attackers to execute arbitrary commands in the Linux shell with root privileges.

The vulnerability of Cisco Remote PHY device software relates to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows an attacker to execute arbitrary commands in the Linux shell with root privileges...

Centreon OS Command Injection Vulnerability (CNVD-2020-21244)

Centreon Merethis Centreon is a set of open source system monitoring tools from the French company Centreon . The product mainly provides monitoring functions on the network , system and application resources . Centreon 19.04.4 and earlier versions of the minPlayCommand.php file operating system...

Dell EMC Data Protection Advisor OS Command Execution Vulnerability

Dell EMC Data Protection Advisor is a data protection management solution from Dell Dell. The product supports data backup, data recovery and data replication management. A security vulnerability exists in the REST API in Dell EMC Data Protection Advisor. An attacker could exploit this...

PerlSpeak Command Execution Vulnerability

PerlSpeak is a module that supports converting text to speech. A security vulnerability exists in PerlSpeak 2.01 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary operating system commands...

CVE-2020-10674

PerlSpeak through 2.01 allows attackers to execute arbitrary OS commands, as demonstrated by use of system and 2-argument open...

UBUNTU-CVE-2020-10674

PerlSpeak through 2.01 allows attackers to execute arbitrary OS commands, as demonstrated by use of system and 2-argument open...

WAGO PFC200 Command Injection Vulnerability (CNVD-2020-16842)

The WAGO PFC200 is a programmable logic controller PLC from WAGO Germany. A command injection vulnerability exists in the iocheckd service 'I/O-Check' function of the WAGO PFC200 03.02.0214. An attacker can exploit this vulnerability to inject OS commands via specially crafted XML cache files...

WAGO PFC200 Command Injection Vulnerability (CNVD-2020-16847)

The WAGO PFC200 is a programmable logic controller PLC from WAGO Germany. A command injection vulnerability exists in the I/O-Check function of the iocheckd service in the WAGO PFC200. The vulnerability arises from a network system or product not properly filtering special characters, commands,...

WAGO PFC200 Command Injection Vulnerability (CNVD-2020-16846)

The WAGO PFC200 is a programmable logic controller PLC from WAGO Germany. A command injection vulnerability exists in the I/O-Check function of the iocheckd service in the WAGO PFC200. The vulnerability arises from a network system or product not properly filtering special characters, commands,...

WAGO PFC200 Command Injection Vulnerability (CNVD-2020-16845)

The WAGO PFC200 is a programmable logic controller PLC from WAGO Germany. A command injection vulnerability exists in the I/O-Check function of the iocheckd service in the WAGO PFC200. The vulnerability arises from a network system or product not properly filtering special characters, commands,...