Improper Access Control in Elasticsearch

The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script...

OS Command Injection in Jenkins

Jenkins 2.73.1 and earlier, 2.83 and earlier users with permission to create or configure agents in Jenkins could configure a launch method called 'Launch agent via execution of command on master'. This allowed them to run arbitrary shell commands on the master node whenever the agent was suppose...

Missing permission checks in Jenkins Distributed Fork Plugin

It was found that there were no permission checks performed in the Distributed Fork plugin before and including 1.5.0 for Jenkins that provides the dist-fork CLI command beyond the basic check for Overall/Read permission, allowing anyone with that permission to run arbitrary shell commands on all...

GHSA-2CM5-F78C-H2C8 Missing permission checks in Jenkins Distributed Fork Plugin

It was found that there were no permission checks performed in the Distributed Fork plugin before and including 1.5.0 for Jenkins that provides the dist-fork CLI command beyond the basic check for Overall/Read permission, allowing anyone with that permission to run arbitrary shell commands on all...

VMware Workspace ONE Access Template Injection / Command Execution Exploit

This Metasploit module exploits CVE-2022-22954, an unauthenticated server-side template injection SSTI vulnerability in VMware Workspace ONE Access, to execute shell commands as the horizon user. This module requires Metasploit: https://metasploit.com/download Current source:...

VMware Workspace ONE Access CVE-2022-22954

This module exploits CVE-2022-22954, an unauthenticated server-side template injection SSTI in VMware Workspace ONE Access, to execute shell commands as the "horizon" user. Module Options msf use exploit/linux/http/vmwareworkspaceoneaccesscve202222954 msf exploitvmwareworkspaceoneaccesscve2022229...

VMware Workspace ONE Access Template Injection / Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMware Workspace ONE Access CVE-2022-22954', 'Description' = %q This module exploits CVE-2022-22954, an unauthenticated server-side template...

Apache Maven Command Injection Vulnerability

Apache Maven is an application from the Apache USA Foundation. A software project management and understanding tool. Apache Maven Shared Utils suffers from a command injection vulnerability that stems from improper input validation when handling double-quoted strings. A remote attacker could...

CVE-2021-34602

In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields that are executed with root privileges...

Command injection

In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields...

Command injection

In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields that are executed with root privileges...

CVE-2021-34602 Bender Charge Controller: Long URL could lead to webserver crash

In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields that are executed with root privileges...

CVE-2021-34602

The CVE-2021-34602 entry maps to Bender ebee Charge Controllers (CC612, CC613 series, ICC15xx, ICC16xx) with affected versions before 5.11.2, 5.12.5, 5.13.2, or 5.20.2. The vulnerability is an operating system command injection via the web interface, enabling an authenticated attacker to input sh...

CVE-2015-20107

In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input if they lack validation of user-provided...

Input validation

In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input if they lack validation of user-provided...

CVE-2015-20107

In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input if they lack validation of user-provided...

CVE-2015-20107

In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input if they lack validation of user-provided...

Fortinet Multiple Products Operating System Command Injection Vulnerability

Fortinet FortiManager, a centralized network security management platform, is a centralized network security reporting solution, Fortinet FortiAnalyzer. FortiPortal is an advanced, feature-rich hosted security analysis and management support tool for the FortiGate, FortiWiFi, and FortiAP product...

VMware Workspace ONE Access and Identity Manager远程代码执行漏洞

Vmware Workspace One Access is a U.S.-based Vmware company that combines user identity with device and network information, among other factors, to make intelligent, conditional access decisions for Workspace One-delivered applications. vmware Workspace ONE Access and Identity Manager has a remot...

CVE-2021-26104

Multiple OS command injection CWE-78 vulnerabilities in the command line interface of FortiManager 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, FortiAnalyzer 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, and FortiPortal 5.2.5 and belo...