CVE-2022-33891

A flaw was found in Apache Spark. This flaw allows a malicious user to impersonate another user and jeopardize the environment by executing shell commands...

DEBIAN-CVE-2023-26039

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an OS Command Injection via daemonControl in /web/api/app/Controller/HostController.php. Any authenticated user can...

UBUNTU-CVE-2023-26039

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an OS Command Injection via daemonControl in /web/api/app/Controller/HostController.php. Any authenticated user can...

CVE-2023-26039 ZoneMinder vulnerable to OS Command injection in daemonControl() API

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an OS Command Injection via daemonControl in /web/api/app/Controller/HostController.php. Any authenticated user can...

CVE-2021-4326 Imperative Local Command Injection allows Activity Masking

A vulnerability in Imperative framework which allows already-privileged local actors to execute arbitrary shell commands via plugin install/update commands, or maliciously formed environment variables. Impacts Zowe CLI...

CVE-2021-4326

CVE-2021-4326 affects the Imperative framework used by Zowe CLI. Root cause: insecure usage of execSync and handling of environment variables enables a local, already-privileged actor to run arbitrary shell commands via plugin install/update commands or via maliciously formed environment variable...

PT-2023-12422 · Zowe Cli +1 · Zowe Cli +1

Name of the Vulnerable Software and Affected Versions: Imperative framework affected versions not specified Zowe CLI affected versions not specified Description: A vulnerability in the Imperative framework allows already-privileged local actors to execute arbitrary shell commands via plugin...

K03585731: F5 secure shell vulnerability CVE-2020-5873

Security Advisory Description A user associated with the Resource Administrator role who has access to the secure copy scp utility but does not have access to Advanced Shell bash can execute arbitrary commands using a maliciously crafted scp request. CVE-2020-5873 Impact An authenticated user wit...

K37130415: BIG-IQ Grafana vulnerability CVE-2020-5868

Security Advisory Description A remote access vulnerability has been discovered that may allow a remote user to run shell commands on affected systems using HTTP requests to the BIG-IQ user interface. CVE-2020-5868 Impact A remote attacker may be able to leverage the Grafana component to run loca...

K7164: Execution of UNIX shell commands from a URL without authentication

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

SUSE CVE-2007-2438

The sandbox for vim allows dangerous functions such as 1 writefile, 2 feedkeys, and 3 system, which might allow user-assisted attackers to execute shell commands and write files via modelines...

SUSE CVE-2009-4025

Argument injection vulnerability in the traceroute function in Traceroute.php in the NetTraceroute package before 0.21.2 for PEAR allows remote attackers to execute arbitrary shell commands via the host parameter. NOTE: some of these details are obtained from third party information...

SUSE CVE-2017-2652

It was found that there were no permission checks performed in the Distributed Fork plugin before and including 1.5.0 for Jenkins that provides the dist-fork CLI command beyond the basic check for Overall/Read permission, allowing anyone with that permission to run arbitrary shell commands on all...

SUSE CVE-2017-16667

backintime aka Back in Time before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft...

Command injection

IPython Interactive Python is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Versions prior to 8.1.0 are subject to a command injection vulnerability with very specific prerequisites. This vulnerability requir...

CVE-2023-24816

CVE-2023-24816 concerns IPython (versions before 8.1.0). The vulnerability arises when the function IPython.utils.terminal.set_term_title is called on Windows in a Python environment where ctypes is not available. The dependency on ctypes in IPython.utils._process_win32 can prevent the vulnerable...

CVE-2023-24816 set_term_title command injection in ipython

IPython Interactive Python is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Versions prior to 8.1.0 are subject to a command injection vulnerability with very specific prerequisites. This vulnerability requir...

Command injection

Acemanager in ALEOS before version 4.16 allows a user with valid credentials to manipulate the IP logging operation to execute arbitrary shell commands on the device...

CVE-2022-46649

Acemanager in ALEOS before version 4.16 allows a user with valid credentials to manipulate the IP logging operation to execute arbitrary shell commands on the device...

Rocky Linux 8 : python39:3.9 and python39-devel:3.9 (RLSA-2022:7592)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:7592 advisory. - In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow...