CVE-2021-41016

A improper neutralization of special elements used in a command 'command injection' in Fortinet FortiExtender version 7.0.1 and below, 4.2.3 and below, 4.1.7 and below allows an authenticated attacker to execute privileged shell commands via CLI commands including special characters...

Mageia: Security Advisory (MGASA-2020-0024)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Caldera Arbitrary Code Execution Vulnerability

Caldera is a suite of software from the French company Caldera that provides color management, imaging and processing solutions for printer devices. An arbitrary code execution vulnerability exists in Caldera version 2.8.1. The vulnerability stems from the Human plugin passing an unfiltered name...

CVE-2021-42561

An issue was discovered in CALDERA 2.8.1. When activated, the Human plugin passes the unsanitized name parameter to a python "os.system" function. This allows attackers to use shell metacharacters e.g., backticks "" or dollar parenthesis "$" in order to escape the current command and execute...

Design/Logic Flaw

An issue was discovered in CALDERA 2.8.1. When activated, the Human plugin passes the unsanitized name parameter to a python "os.system" function. This allows attackers to use shell metacharacters e.g., backticks "" or dollar parenthesis "$" in order to escape the current command and execute...

CVE-2021-42561

An issue was discovered in CALDERA 2.8.1. When activated, the Human plugin passes the unsanitized name parameter to a python "os.system" function. This allows attackers to use shell metacharacters e.g., backticks "" or dollar parenthesis "$" in order to escape the current command and execute...

Caldera 注入漏洞

Caldera is a suite of software from the French company Caldera that provides color management, imaging and processing solutions for printer devices. An arbitrary code execution vulnerability exists in Caldera version 2.8.1. The vulnerability stems from the Human plugin passing an unfiltered name...

CVE-2021-23154

In Lens prior to 5.3.4, custom helm chart configuration creates helm commands from string concatenation of provided arguments which are then executed in the user's shell. Arguments can be provided which cause arbitrary shell commands to run on the system...

CVE-2021-45463

Due to the use of the system command in the Magick-Load op used by gegl an attacker is able to craft a command line path that is able to lead to the execution of arbitrary shell commands that impacts availability, confidentiality and integrity...

Command Injection

node-windows is vulnerable to command injection. The vulnerability exists because the PID parameter is not sanitized, which allows a remote attacker to inject arbitrary shell commands...

IBM Spectrum Copy Data Management Input Validation Error Vulnerability

IBM Spectrum Copy Data Management, an IBM company that modernizes, streamlines and automates data center copy management processes, has a security vulnerability that stems from the fact that the Spectrum Copy Data Management management console login and upload credentials function incorrectly...

CVE-2021-39065

IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input by the Spectrum Copy Data Management Admin Console login and uploadcertificate function . A remote attacker could...

GHSA-49VV-6Q7Q-W5CF Duplicate Advisory: OS Command Injection in Strapi

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-9p2w-rmx4-9mw7. This link is maintained to preserve external references. Original Description The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugi...

IBM Spectrum Copy Data Management 操作系统命令注入漏洞

IBM Spectrum Copy Data Management, an IBM company that modernizes, streamlines and automates data center copy management processes, has a security vulnerability that stems from the fact that the Spectrum Copy Data Management management console login and upload credentials function incorrectly...

CVE-2021-36195

Multiple command injection vulnerabilities in the command line interpreter of FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, and 6.1.0 through 6.1.2 may allow an authenticated attacker to execute arbitrary commands on the underlying system shell via specially crafted...

Victure WR1200 OS Command Injection Vulnerability

The Victure WR1200 is a router. The Victure WR1200 1.0.3 and prior versions are vulnerable to OS command injection, which can be exploited by attackers to inject arbitrary shell commands using valid credentials...

Efm Networks IpTime C200 Camera 安全漏洞

The Efm Networks IpTime C200 Camera is a webcam from the Korean company Efm Networks. The Efm Networks IpTime C200 Camera suffers from a security vulnerability that allows a remote attacker to send crafted parameters to an exposed web service interface that can invoke arbitrary shell commands...

The vulnerability of the microprogrammed Wi-Fi router NETGEAR R6020 allows a intruder to execute arbitrary shell commands.

The vulnerability of the Wi-Fi router software of NETGEAR R6020 is related to the lack of measures to clean incoming data containing metasymbols. Exploiting this vulnerability can allow a remote attacker to execute arbitrary shell commands...

UBUNTU-CVE-2021-42375

An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input...

UBUNTU-CVE-2021-42377

An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered command input...