jw.util Operating System Command Injection Vulnerability

jw.util is a Python-based utility package that includes modules for versioning, file handling, and YAML configuration. jw.util suffers from an operating system command injection vulnerability. An attacker can exploit this vulnerability by inserting python into a loaded yaml to execute arbitrary...

Dell EMC RSA Archer Operating System Command Injection Vulnerability

Dell EMC RSA Archer is an enterprise IT governance and compliance governance product from Dell USA. The product enables the development of eGRC programs for managing enterprise risk, automating business processes, and more. An operating system command injection vulnerability exists in versions...

CVE-2019-19217

BMC Control-M/Agent 7.0.00.000 allows OS Command Injection...

CVE-2020-12246

Beeline Smart Box 2.0.38 routers allow "Advanced settings Other Diagnostics" OS command injection via the Ping pingipaddr parameter, the Nslookup nslookupipaddr parameter, or the Traceroute tracerouteipaddr parameter...

Moxa AWK-3131A Operating System Command Injection Vulnerability (CNVD-2020-13481)

Moxa AWK-3131A is a wireless access device from Moxa. An operating system command injection vulnerability exists in the 'Device Name' in the Moxa AWK-3131A using firmware version 1.13. An attacker can exploit this vulnerability to execute arbitrary system commands to take control of the device...

Moxa AWK-3131A Operating System Command Injection Vulnerability (CNVD-2020-13473)

Moxa AWK-3131A is a wireless access device from Moxa. An operating system command injection vulnerability exists in the Moxa AWK-3131A using firmware version 1.13. The vulnerability can be exploited to execute arbitrary busybox commands and take control of the device with the help of specially...

DEBIAN-CVE-2013-2024

OS command injection vulnerability in the "qs" procedure from the "utils" module in Chicken before 4.9.0...

CVE-2019-11364

An OS Command Injection vulnerability in Snare Central before 7.4.5 allows remote authenticated attackers to inject arbitrary OS commands via the ServerConf/DataManagement/DiskManager.php FORMNASshare parameter...

Cisco Integrated Management Controller Operating System Command Injection Vulnerability (CNVD-2019-28403)

Cisco Integrated Management Controller IMC is a set of software from the American company Cisco Cisco for the management of UCS Unified Computing System. The software supports HTTP, SSH access, etc., and can perform operations such as powering on, powering off and rebooting the server. There is a...

Geutebrück G-Cam and G-Code OS Command Injection Vulnerabilities

G-Cam is a series of webcams from Geutebrück.G-Code is an analog video encoder from Geutebrück. An OS command injection vulnerability exists in Geutebrück G-Cam and G-Code. The vulnerability stems from a network system or product not properly filtering special characters, commands, etc. from...

CVE-2019-3727

Dell EMC RecoverPoint versions prior to 5.1.3 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an OS command injection vulnerability in the installation feature of Boxmgmt CLI. A malicious boxmgmt user may potentially be able to execute arbitrary commands as root...

Motorola C1 and Motorola M2 OS Command Injection Vulnerability (CNVD-2019-34642)

The Motorola C1 and Motorola M2 are both routers from Motorola USA. An operating system command injection vulnerability exists in the Motorola C1 and Motorola M2. The vulnerability can be exploited to execute arbitrary operating system commands with the help of a specially crafted request...

CVE-2018-9285

MainAnalysisContent.asp in /apply.cgi on ASUS RT-AC66U, RT-AC68U, RT-AC86U, RT-AC88U, RT-AC1900, RT-AC2900, and RT-AC3100 devices before 3.0.0.4.38410007; RT-N18U devices before 3.0.0.4.382.39935; RT-AC87U and RT-AC3200 devices before 3.0.0.4.382.50010; and RT-AC5300 devices before...

ClipBucket OS Command Injection Vulnerability

ClipBucket is an open source video sharing software developed by Arslan team. The software allows you to share videos to video sites and supports the lights off effect when watching a movie. A security vulnerability exists in versions prior to ClipBucket 4.0.0 Release 4902. The vulnerability can ...

MISP app/Controller/ServersController.php file OS command injection vulnerability

MISP is a suite of open source software solutions for collecting, storing, distributing and sharing cybersecurity metrics and threats cybersecurity event analysis and malware analysis. A security vulnerability exists in the app/Controller/ServersController.php file in MISP version 2.4.87. An...

MP Form Mail CGI eCommerce Edition vulnerable to OS command injection

Overview MP Form Mail CGI eCommerce Edition provided by futomi Co., Ltd. is a CGI used to send mail from a web form. MP Form Mail CGI eCommerce Edition contains an OS command injection vulnerability CWE-78. Daiki Ichinose of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA...

CVE-2017-6224

Ruckus Wireless Zone Director Controller firmware releases ZD9.x, ZD10.0.0.x, ZD10.0.1.x less than 10.0.1.0.17 MR1 release and Ruckus Wireless Unleashed AP Firmware releases 200.0.x, 200.1.x, 200.2.x, 200.3.x, 200.4.x. contain OS Command Injection vulnerabilities that could allow local...

UBUNTU-CVE-2017-7413

In HordeCrypt before 2.7.6, as used in Horde Groupware Webmail Edition through 5.2.17, OS Command Injection can occur if the attacker is an authenticated Horde Webmail user, has PGP features enabled in their preferences, and attempts to encrypt an email addressed to a maliciously crafted email...

PC-EGG pWebManager OS Command Injection Vulnerability

PC-EGG pWebManager is a set of static HTML homepage template tool based on PHP language . A security vulnerability exists in PC-EGG pWebManager versions prior to 3.3.10 and pWebManager for PHP4 versions prior to 2.2.2. A remote attacker can exploit this vulnerability to execute arbitrary OS...

Operating System Command Injection Vulnerability in Multiple TYPE-MOON Products

TYPE-MOON Fate/stay night, Fate/hollow ataraxia, Witch on the Holy Night, and Fate/stay night + are all game products of the Japanese company TYPE-MOON. A security vulnerability exists in several TYPE-MOON products. A remote attacker could exploit the vulnerability to execute arbitrary OS command...