CVE-2022-3091

RONDS EPM version 1.19.5 has a vulnerability in which a function could allow unauthenticated users to leak credentials. In some circumstances, an attacker can exploit this vulnerability to execute operating system OS commands...

Multiple vulnerabilities in PIXELA PIX-RT100

Overview PIX-RT100 provided by PIXELA CORPORATION contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2023-22304 Backdoor access issue CWE-912 - CVE-2023-22316 MASAHIRO IIDA of LAC Co.,Ltd. reported these vulnerabilities to IPA. JPCERT/CC coordinated with the develop...

CVE-2022-48252

The jokob-sk/Pi.Alert fork before 22.12.20 of Pi.Alert allows Remote Code Execution via nmapscan.php scan parameter OS Command Injection...

MAHO-PBX NetDevancer series 操作系统命令注入漏洞

The MAHO-PBX NetDevancer series is an IP-PBX system from MAHO-PBX Japan. A security vulnerability exists in the MAHO-PBX NetDevancer, which is caused by an operating system command injection in the Management screen, and can be exploited by a remote attacker to execute arbitrary operating system...

Multiple vulnerabilities in UNIMO Technology digital video recorders

Overview Multiple digital video recorders provided by UNIMO Technology Co., Ltd contain multiple vulnerabilities listed below. Improper Authentication CWE-287 - CVE-2022-44620 OS Command Injection CWE-78 - CVE-2022-44606 Hidden Functionality CWE-912 - CVE-2022-43464 The reporter states that attac...

Mitsubishi Electric GT SoftGOT2000

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Corporation Equipment: GT SoftGOT2000 Vulnerability: Operating System OS Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...

IBM InfoSphere Information Server 操作系统命令注入漏洞

IBM InfoSphere Information Server is a data integration platform from International Business Machines IBM, Inc. IBM InfoSphere Information Server version 11.7 contains an operating system command injection vulnerability that can be exploited by a locally authenticated attacker to execute arbitrar...

Command Injection

kylin is vulnerable to command injection. The vulnerability exists when overwriting system parameters in the configuration overwrites menu which allows an attacker to send a specially crafted request using the value parameter and inject any operating system command into the system...

CVE-2022-24697

Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of “-- conf=” to inject any operating system command into the comma...

Aruba Networks ClearPass Policy Manager 操作系统命令注入漏洞

Aruba Networks ClearPass Policy Manager is an Aruba Networks application that provides a secure access management system for wireless networks. An operating system command injection vulnerability exists in Aruba Networks ClearPass Policy Manager versions 6.10.6 and earlier, 6.9.11 and earlier,...

D-Link DIR-2150 OS Command Injection Vulnerability (CNVD-2023-21660)

The D-Link DIR-2150 is a wireless router device from D-Link.The D-Link DIR-2150 is vulnerable to an operating system command injection vulnerability that could be exploited by attackers to execute code in the context of a service account...

CVE-2022-39815

In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities occurs. This vulnerability allow unauthenticated users to execute commands on the operating system...

CVE-2022-38399

Missing protection mechanism for alternate hardware interface in SmaCam CS-QR10 all versions and SmaCam Night Vision CS-QR20 all versions allows an attacker to execute an arbitrary OS command by having the product connect to the product's specific serial connection...

TOTOLINK A3700R 操作系统命令注入漏洞

The TOTOLINK A3700R is a wireless router from China's Gion Electronics TOTOLINK. An operating system command injection vulnerability exists in the TOTOLINK A3700R version V9.1.2u.6134B20201202, which stems from a command injection issue in the hostName parameter of the setOpModeCfg method...

CVE-2022-33923

Dell PowerStore, versions prior to 3.0.0.0, contains an OS Command Injection vulnerability in PowerStore T environment. A locally authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS command on the PowerStore underlying OS. Exploiting may...

Robustel R1510 OS Command Injection Vulnerability (CNVD-2022-51429)

The Robustel R1510 is an industrial VPN router from Robustel China.The Robustel R1510 is vulnerable to an operating system command injection vulnerability, which stems from the fact that specially crafted network packets can be affected by a command injection vulnerability in the...

Robustel R1510 操作系统命令注入漏洞

The Robustel R1510 is an industrial VPN router from Robustel China.The Robustel R1510 is vulnerable to an operating system command injection vulnerability, which stems from the fact that specially crafted network packets can be subject to a command injection vulnerability in the /ajax/setsystime/...

Robustel R1510 操作系统命令注入漏洞

The Robustel R1510 is an industrial VPN router from Robustel China.The Robustel R1510 is vulnerable to an operating system command injection vulnerability, which stems from the fact that specially crafted network packets can be affected by a command injection vulnerability in the...

Festo Controller CECC-X-M1 操作系统命令注入漏洞

The Festo Controller CECC-X-M1 is a series of controller devices from Festo, Germany. An operating system command injection vulnerability exists in the Festo Controller CECC-X-M1. An attacker could use this vulnerability to execute system commands with root privileges...

CVE-2022-1986

OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9...