CVE-2021-34416

The network address administrative settings web portal for the Zoom on-premise Meeting Connector before version 4.6.360.20210325, Zoom on-premise Meeting Connector MMR before version 4.6.360.20210325, Zoom on-premise Recording Connector before version 3.8.44.20210326, Zoom on-premise Virtual Room...

CVE-2021-34414

The network proxy page on the web portal for the Zoom on-premise Meeting Connector Controller before version 4.6.348.20201217, Zoom on-premise Meeting Connector MMR before version 4.6.348.20201217, Zoom on-premise Recording Connector before version 3.8.42.20200905, Zoom on-premise Virtual Room...

CVE-2021-34416

The network address administrative settings web portal for the Zoom on-premise Meeting Connector before version 4.6.360.20210325, Zoom on-premise Meeting Connector MMR before version 4.6.360.20210325, Zoom on-premise Recording Connector before version 3.8.44.20210326, Zoom on-premise Virtual Room...

Command injection

The network address administrative settings web portal for the Zoom on-premise Meeting Connector before version 4.6.360.20210325, Zoom on-premise Meeting Connector MMR before version 4.6.360.20210325, Zoom on-premise Recording Connector before version 3.8.44.20210326, Zoom on-premise Virtual Room...

CVE-2021-34416

The network address administrative settings web portal for the Zoom on-premise Meeting Connector before version 4.6.360.20210325, Zoom on-premise Meeting Connector MMR before version 4.6.360.20210325, Zoom on-premise Recording Connector before version 3.8.44.20210326, Zoom on-premise Virtual Room...

CVE-2021-34414

CVE-2021-34414 affects Zoom on-premise components (Meeting Connector Controller, MMR, Recording Connector, Virtual Room Connector, and Load Balancer) prior to respective builds 4.6.348.20201217, 3.8.42.20200905, 4.4.6620.20201110, and 2.5.5495.20210326. The issue arises from a failure to validate...

ZOOM on-premise Meeting Connector 输入验证错误漏洞

ZOOM on-premise Meeting Connector is a meeting connector from Zoom ZOOM USA. The ZOOM on-premise Meeting Connector suffers from an input validation error vulnerability that stems from an inability to validate inputs in a request sent to update a network configuration, which could lead to remote...

GHSA-WFRJ-QQC2-83CM Remote command injection when using sendmail email transport

Impact Sites using the sendmail transport as part of their mail config are vulnerable to remote command injection due to a vulnerability in the nodemailer dependency. Ghost defaults to the direct transport so this is only exploitable if the sendmail transport is explicitly used. Patches Fixed in...

Remote command injection when using sendmail email transport

Impact Sites using the sendmail transport as part of their mail config are vulnerable to remote command injection due to a vulnerability in the nodemailer dependency. Ghost defaults to the direct transport so this is only exploitable if the sendmail transport is explicitly used. Patches Fixed in...

CVE-2021-37912

The HGiga OAKlouds mobile portal does not filter special characters of the Ethernet number parameter of the network interface card setting page. Remote attackers can use this vulnerability to perform command injection and execute arbitrary commands in the system without logging in...

CVE-2021-33554

Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code...

PT-2021-20198 · Geutebrück +1 · Geutebrück Camera Devices +1

Name of the Vulnerable Software and Affected Versions: UDP Technology camera devices affected versions not specified Geutebrück camera devices affected versions not specified Description: The issue concerns command injection, which may allow an attacker to remotely execute arbitrary code on...

PT-2021-20201 · Geutebrück +1 · Geutebrück Camera Devices +1

Name of the Vulnerable Software and Affected Versions: UDP Technology camera devices affected versions not specified Geutebrück camera devices affected versions not specified Description: The issue concerns command injection, which may allow an attacker to remotely execute arbitrary code on...

CVE-2021-1580

Multiple vulnerabilities in the web UI and API endpoints of Cisco Application Policy Infrastructure Controller APIC or Cisco Cloud APIC could allow a remote attacker to perform a command injection or file upload attack on an affected system. For more information about these vulnerabilities, see t...

VulnCheck KEV: CVE-2021-22899

Ivanti Pulse Connect Secure contains a command injection vulnerability that allows remote authenticated users to perform remote code execution via Windows File Resource Profiles...

PT-2021-19453 · Unknown · Open Plc Webserver

Name of the Vulnerable Software and Affected Versions: Open PLC Webserver version 3 Description: Command Injection in Open PLC Webserver allows remote attackers to execute arbitrary code via the Hardware Layer Code Box component on the "/hardware" page of the application. Recommendations: As a...

PT-2021-8205 · Draytek · Draytek Vigor300B +2

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor 2960 version 1.5.1.3 DrayTek Vigor 3900 version 1.5.1.3 DrayTek Vigor 300B version 1.5.1.3 Description: A Remote Command Injection issue exists in the mainfunction.cgi script of the DrayTek Vigor web interface due to inadequate...

Dell OpenManage Enterprise 操作系统命令注入漏洞

Dell OpenManage Enterprise is an easy-to-use, one-to-many systems management console for IT infrastructure management from Dell, Inc. The software supports cost-effective, comprehensive lifecycle management of Dell EMC PowerEdge servers from a single console. An operating system command injection...

CVE-2021-32533

The QSAN SANOS setting page does not filter special parameters. Remote attackers can use this vulnerability to inject and execute arbitrary commands without permissions. The referred vulnerability has been solved with the updated version of QSAN SANOS v2.1.0...

CVE-2021-32529

Command injection vulnerability in QSAN XEVO, SANOS allows remote unauthenticated attackers to execute arbitrary commands. Suggest contacting with QSAN and refer to recommendations in QSAN Document...