WAGO PFC 200 Operating System Command Injection Vulnerability

The WAGO PFC 200 is a programmable logic controller PLC from the German company WAGO. An operating system command injection vulnerability exists in the cloud connectivity feature of the WAGO PFC 200 using firmware versions 03.02.0214, 03.01.0713, and 03.00.3912. The vulnerability stems from a...

WAGO PFC200 Command Injection Vulnerability (CNVD-2020-16844)

The WAGO PFC200 is a programmable logic controller PLC from WAGO Germany. A command injection vulnerability exists in the I/O-Check function of the iocheckd service in the WAGO PFC200. The vulnerability arises from a network system or product not properly filtering special characters, commands,...

Command injection

An exploitable command injection vulnerability exists in the cloud connectivity feature of WAGO PFC200. An attacker can inject operating system commands into any of the parameter values contained in the firmware update command. This affects WAGO PFC200 Firmware version 03.02.0214, version...

CVE-2019-19292

A vulnerability has been identified in Control Center Server CCS All versions V1.5.0. The Control Center Server CCS contains an SQL injection vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote attacker could exploit...

CVE-2020-9380

IPTV Smarters WEB TV PLAYER through 2020-02-22 allows attackers to execute OS commands by uploading a script...

Druva inSync Windows Client Arbitrary OS Command Execution Vulnerability

Druva inSync Client is a lightweight application that manages data backups and allows collaboration with other users.Druva inSync Windows Client is for Windows. An arbitrary operating system command execution vulnerability exists in Druva inSync Windows Client 6.5.0. The vulnerability stems from...

CVE-2020-9021

The CVE-2020-9021 entry affects Post Oak AWAM Bluetooth Field Device models (e.g., 7400v2.08.21.2018, 7800SD.2015.1.16, 2011.3, 7400v2.02.01.2019, 7800SD.2012.12.5). Root cause is injections of operating system commands via timeconfig.py through shell metacharacters in the htmlNtpServer parameter...

Artica Pandora FMS Remote Code Execution Vulnerability

Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. Artica Pandora FMS suffers from a remote code execution vulnerability that can be exploited by an attacker to execute...

The vulnerability of the SOAP API interface of the Cisco Data Center Network Manager system allows a attacker to execute arbitrary commands.

The vulnerability of the SOAP API interface of the Cisco Data Center Network Manager DCNM system exists due to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands on t...

Design/Logic Flaw

An issue was discovered in FusionAuth before 1.11.0. An authenticated user, allowed to edit e-mail templates Home - Settings - Email Templates or themes Home - Settings - Themes, can execute commands on the underlying operating system by abusing freemarker.template.utility.Execute in the Apache...

PT-2020-15303 · Jenkins · Jenkins Sounds Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Sounds Plugin version 0.5 and earlier Description: The issue allows attackers with Overall/Read access to execute arbitrary OS commands as the OS user account running Jenkins, due to a lack of permission checks in URLs performing form...

Avast Premium Security Arbitrary OS Command Execution Vulnerability

Avast Premium Security is a comprehensive security software that prevents viruses, spyware and other malicious threats from infecting your PC. An arbitrary OS command execution vulnerability exists in Avast Premium Security 19.8.2393. An attacker can exploit this vulnerability to execute arbitrar...

The vulnerability of the command-line interface of the DBA-1510P router software allows a hacker to execute arbitrary operating system commands.

The vulnerability of the command-line interface of the DBA-1510P router microprogramming system exists due to the lack of measures taken to neutralize the special elements used in the operating system’s command line. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

Cisco Data Center Network Manager REST API Command Injection Vulnerability

Cisco Data Center Network Manager DCNM is a suite of data center network managers from Cisco that provides multiprotocol management of the network and troubleshooting of switch operating conditions and performance. A REST API command injection vulnerability exists in Cisco Data Center Network...

PT-2020-1371 · Cisco · Cisco Data Center Network Manager

Name of the Vulnerable Software and Affected Versions: Cisco Data Center Network Manager DCNM affected versions not specified Description: The issue arises due to the failure to neutralize special elements used in the operating system command. This could allow a remote attacker to execute arbitra...

Multiple TRENDnet Products OS Command Injection Vulnerabilities

The TRENDnet TEW-651BR, among others, is a wireless router from TRENDnet. An operating system command injection vulnerability exists in the TRENDnet TEW-651BR version 2.04B1, TEW-652BRP version 3.04b01, and TEW-652BRU version 1.00b12. The vulnerability stems from the failure of a network system o...

The vulnerability of the External Port component of the TP-Link M7350 microprogramming system’s route blocker lies in its lack of measures to neutralize special elements used in the operating system commands. This allows a hacker to execute arbitrary commands.

The vulnerability of the External Port component of the TP-Link M7350 microprogramming system controller exists due to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

The vulnerability of the Internal Port component of the TP-Link M7350 microprogramming system’s route blocker lies in the lack of measures taken to neutralize special elements used in the operating system’s command set. This vulnerability allows a perpetrator to execute arbitrary commands.

The vulnerability of the Internal Port component of the TP-Link M7350 microprogramming system controller exists due to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

The vulnerability of the Port Triggering function in TP-Link M7350 microprogramming devices arises from the lack of measures to neutralize special elements used in the operating system’s commands. This allows attackers to execute arbitrary commands.

The vulnerability of the Port Triggering function in TP-Link’s M7350 route switch software exists because measures to neutralize the special elements used in the operating system commands are not taken. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

VulnCheck KEV: CVE-2019-17270

Yachtcontrol through 2019-10-06: It's possible to perform direct Operating System commands as an unauthenticated user via the "/pages/systemcall.php?command=COMMAND" page and parameter, where COMMAND will be executed and returning the results to the client. Affects Yachtcontrol webservers...