CVE-2021-27102

Accellion FTA 912411 and earlier is affected by OS command execution via a local web service call. The fixed version is FTA912416 and later...

Accellion FTA 操作系统命令注入漏洞

Accellion File Transfer Appliance FTA is a secure file transfer service that allows users to share and synchronize files online, all encrypted with AES 128/256. An OS command injection vulnerability exists in Accellion FTA 912411 and earlier versions. The vulnerability can be exploited to execute...

CVE-2021-25297

Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command...

Nagios XI 安全漏洞

Nagios XI is a commercial monitoring solution built on Nagios Core, including dashboards, web-based configuration, advanced reporting and rich data visualization. An OS command injection vulnerability exists in /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php in Nagio...

DELL EMC PowerScale 操作系统命令注入漏洞

Dell EMC PowerScale OneFS is an API-powered file system. An OS command injection vulnerability exists in Dell EMC PowerScale OneFS 8.1.0 - 9.1.0. An attacker with the ISIPRIVCLUSTER privilege could exploit this vulnerability to execute arbitrary OS commands on the underlying OS of an application...

Multiple Cisco Products OS Command Injection Vulnerabilities

The Cisco Small Business RV Series Routers is an RV series router from Cisco. An operating system command injection vulnerability exists in the Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers, which can be exploited by an authenticated, remote attacker to inject arbitra...

LOGITEC CORPORATION LAN-W300N/PGRB Operating System Command Injection Vulnerability

LOGITEC CORPORATION LAN-W300N/PGRB is a wireless router device. LOGITEC CORPORATION LAN-W300N/PGRB is vulnerable to OS command injection, which can be exploited by attackers to execute arbitrary OS commands via unspecified vectors...

OS command injection vulnerability in multiple Infoscience Corporation log management tools

Overview Infoscience Corporation's multiple log management tools provide an FTP upload function as one of the log collection methods, and is able to set to allow the adminitrators to accept FTP uploads. In a situation where the FTP upload function is enabled and there is a flaw of input value...

KLog Server OS Command Injection Vulnerability

KLog is ZhaoKaiQiang KLog individual developers of a logging tool for Android development . The tool's main functions are to print line numbers, function calls, Json parsing, XML parsing, click to jump, Log information saved and other functions. KLog Server 2.4.1 suffers from an OS command...

The vulnerability of the Ansible configuration management system lies in its lack of mechanisms to neutralize special elements used in operating system commands. This allows attackers to escalate their privileges and execute arbitrary code.

The vulnerability of the Ansible configuration management system is related to the lack of measures to neutralize special elements used in the OS command. Exploiting this vulnerability can allow an attacker to enhance their privileges and execute arbitrary code...

CVE-2020-7352

The GalaxyClientService component of GOG Galaxy runs with elevated SYSTEM privileges in a Windows environment. Due to the software shipping with embedded, static RSA private key, an attacker with this key material and local user permissions can effectively send any operating system command to the...

CVE-2020-7352 GOG Galaxy GalaxyClientService Privilege Escalation

The GalaxyClientService component of GOG Galaxy runs with elevated SYSTEM privileges in a Windows environment. Due to the software shipping with embedded, static RSA private key, an attacker with this key material and local user permissions can effectively send any operating system command to the...

IBM Security Guardium OS Command Injection Vulnerability (CNVD-2020-32648)

IBM Security Guardium is a suite of platforms from IBM in the United States that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. IBM Security Guardium suffers from an operating system command injecti...

WAGO PFC200 OS Command Injection Vulnerability (CNVD-2020-19519)

The WAGO PFC200 is a programmable logic controller PLC from WAGO Germany. The WAGO PFC200 suffers from an operating system command injection vulnerability that can be exploited by an attacker to inject operating system commands into the value of the TimeoutPrepared parameter contained in the...

ALPINE-CVE-2020-9366

A buffer overflow was found in the way GNU Screen before 4.8.0 treated the special escape OSC 49. Specially crafted output, or a special program, could corrupt memory and crash Screen or possibly have unspecified other impact...

IXP EasyInstall Operating System Command Injection Vulnerability

IXP EasyInstall is used to download and install python a third-party library management tool, through this tool can be very easy to manage the third-party libraries in Python. An operating system command injection vulnerability exists in IXP EasyInstall version 6.2.13723. The vulnerability is...

git-diff-apply OS Command Injection Vulnerability

git-diff-apply is a package for getting git diff files and applying them to local branches. An operating system command injection vulnerability exists in the index.js file in versions of git-diff-apply prior to 0.22.2. The vulnerability stems from a network system or product not properly filterin...

Exploit for OS Command Injection in Intelliantech Aptus_Web

Satellian-CVE-2020-7980 Satellian is a PoC script that shows R...

Amazon Blink XT2 Sync Module OS Command Injection Vulnerability (CNVD-2020-09704)

Blink XT2 Sync Module is a camera synchronization device. Amazon Blink XT2 Sync Module suffers from an operating system command injection vulnerability. The vulnerability arises from a network system or product not properly filtering special characters, commands, etc. from external input data...

CVE-2019-13652

TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow serviceName OS Command Injection issue 4 of 5...