CVE-2022-24720 Improper Input Validation in image_processing

imageprocessing is an image processing wrapper for libvips and ImageMagick/GraphicsMagick. Prior to version 1.12.2, using the apply method from imageprocessing to apply a series of operations that are coming from unsanitized user input allows the attacker to execute shell commands. This method is...

FortiWLM - command Injection in script handlers

An improper neutralization of special elements used in an OS command 'OS Command Injection' CWE-78 vulnerability in FortiWLM may allow an authenticated attacker to execute arbitrary shell commands via crafted HTTP requests to the alarm dashboard and controller config handlers...

CVE-2022-24720 Improper Input Validation in image_processing

imageprocessing is an image processing wrapper for libvips and ImageMagick/GraphicsMagick. Prior to version 1.12.2, using the apply method from imageprocessing to apply a series of operations that are coming from unsanitized user input allows the attacker to execute shell commands. This method is...

GHSA-WGX7-JWWM-CGJV Improper Authentication in Apache Spark

In Apache Spark 2.4.5 and earlier, a standalone resource manager's master may be configured to require authentication spark.authenticate via a shared secret. When enabled, however, a specially-crafted RPC to the master can succeed in starting an application's resources on the Spark cluster, even...

CVE-2022-0365

The affected product is vulnerable to an authenticated OS command injection, which may allow an attacker to inject and execute arbitrary shell commands as the Admin root user...

CVE-2021-41016

A improper neutralization of special elements used in a command 'command injection' in Fortinet FortiExtender version 7.0.1 and below, 4.2.3 and below, 4.1.7 and below allows an authenticated attacker to execute privileged shell commands via CLI commands including special characters...

Command injection

A improper neutralization of special elements used in a command 'command injection' in Fortinet FortiExtender version 7.0.1 and below, 4.2.3 and below, 4.1.7 and below allows an authenticated attacker to execute privileged shell commands via CLI commands including special characters...

CVE-2021-41016

A improper neutralization of special elements used in a command 'command injection' in Fortinet FortiExtender version 7.0.1 and below, 4.2.3 and below, 4.1.7 and below allows an authenticated attacker to execute privileged shell commands via CLI commands including special characters...

Mageia: Security Advisory (MGASA-2020-0024)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Caldera Arbitrary Code Execution Vulnerability

Caldera is a suite of software from the French company Caldera that provides color management, imaging and processing solutions for printer devices. An arbitrary code execution vulnerability exists in Caldera version 2.8.1. The vulnerability stems from the Human plugin passing an unfiltered name...

CVE-2021-42561

An issue was discovered in CALDERA 2.8.1. When activated, the Human plugin passes the unsanitized name parameter to a python "os.system" function. This allows attackers to use shell metacharacters e.g., backticks "" or dollar parenthesis "$" in order to escape the current command and execute...

Design/Logic Flaw

An issue was discovered in CALDERA 2.8.1. When activated, the Human plugin passes the unsanitized name parameter to a python "os.system" function. This allows attackers to use shell metacharacters e.g., backticks "" or dollar parenthesis "$" in order to escape the current command and execute...

CVE-2021-42561

An issue was discovered in CALDERA 2.8.1. When activated, the Human plugin passes the unsanitized name parameter to a python "os.system" function. This allows attackers to use shell metacharacters e.g., backticks "" or dollar parenthesis "$" in order to escape the current command and execute...

Caldera 注入漏洞

Caldera is a suite of software from the French company Caldera that provides color management, imaging and processing solutions for printer devices. An arbitrary code execution vulnerability exists in Caldera version 2.8.1. The vulnerability stems from the Human plugin passing an unfiltered name...

CVE-2021-23154

In Lens prior to 5.3.4, custom helm chart configuration creates helm commands from string concatenation of provided arguments which are then executed in the user's shell. Arguments can be provided which cause arbitrary shell commands to run on the system...

CVE-2021-45463

Due to the use of the system command in the Magick-Load op used by gegl an attacker is able to craft a command line path that is able to lead to the execution of arbitrary shell commands that impacts availability, confidentiality and integrity...

Command Injection

node-windows is vulnerable to command injection. The vulnerability exists because the PID parameter is not sanitized, which allows a remote attacker to inject arbitrary shell commands...

IBM Spectrum Copy Data Management Input Validation Error Vulnerability

IBM Spectrum Copy Data Management, an IBM company that modernizes, streamlines and automates data center copy management processes, has a security vulnerability that stems from the fact that the Spectrum Copy Data Management management console login and upload credentials function incorrectly...

CVE-2021-39065

IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input by the Spectrum Copy Data Management Admin Console login and uploadcertificate function . A remote attacker could...

GHSA-49VV-6Q7Q-W5CF Duplicate Advisory: OS Command Injection in Strapi

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-9p2w-rmx4-9mw7. This link is maintained to preserve external references. Original Description The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugi...