CVE-2019-14894

A flaw was found in the CloudForms management engine version 5.10 and CloudForms management version 5.11, which triggered remote code execution through NFS schedule backup. An attacker logged into the management console could use this flaw to execute arbitrary shell commands on the CloudForms...

Cisco IOS Software for Cisco Industrial Routers Virtual Device Server CLI Command Injection (cisco-sa-ios-iot-vds-cmd-inj-VfJtqGhE)

According to its self-reported version, IOS is affected by a vulnerability in the CLI parsers of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers Industrial ISRs and Cisco 1000 Series Connected Grid Routers CGR1000 could allow an authenticated, local attacker to...

D-Link DIR-865L Operating System Command Injection Vulnerability

The D-Link DIR-865L is a wireless router from AUO D-Link of Taiwan, China. An operating system command injection vulnerability exists in D-Link DIR-865L Ax version 1.20B01 Beta. An attacker can exploit the vulnerability by sending a specially crafted request to execute arbitrary shell commands...

Multiple Cisco Products Input Validation Error Vulnerability (CNVD-2020-31994)

Cisco 809 Industrial Integrated Services Routers are products of Cisco Corporation.Cisco 809 Industrial Integrated Services Routers are industrial integrated multi-service routers.Cisco 829 Industrial Integrated Services Routers are industrial integrated multi-service routers.Cisco 1000 Series...

Cayin Content Management Server 11.0 - Remote Command Injection (root)

Title: Cayin Content Management Server 11.0 - Remote Command Injection root Author:LiquidWorm Date: 2020-06-04 Vendor: https://www.cayintech.com CVE: N/A Cayin Content Management Server 11.0 Root Remote Command Injection Vendor: CAYIN Technology Co., Ltd. Product web page: https://www.cayintech.c...

CVE-2020-3210

A vulnerability in the CLI parsers of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers Industrial ISRs and Cisco 1000 Series Connected Grid Routers CGR1000 could allow an authenticated, local attacker to execute arbitrary shell commands on the Virtual Device Server...

CVE-2020-3205 Cisco IOS Software for Cisco Industrial Routers Virtual Device Server Inter-VM Channel Command Injection Vulnerability

A vulnerability in the implementation of the inter-VM channel of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers Industrial ISRs and Cisco 1000 Series Connected Grid Routers CGR1000 could allow an unauthenticated, adjacent attacker to execute arbitrary shell comman...

CVE-2020-3205

CVE-2020-3205 — Cisco IOS inter-VM channel injection involves Cisco IOS Software on Cisco 809/829 Industrial ISRs and CGR1000, where insufficient validation of signaling packets to the Virtual Device Server (VDS) allows an unauthenticated, adjacent attacker to execute arbitrary shell commands wit...

NewStart CGSL CORE 5.04 / MAIN 5.04 : ksh Vulnerability (NS-SA-2020-0024)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has ksh packages installed that are affected by a vulnerability: - In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environme...

CVE-2020-8149

Lack of output sanitization allowed an attack to execute arbitrary shell commands via the logkitty npm package before version 0.7.1...

CVE-2020-8149

Lack of output sanitization allowed an attack to execute arbitrary shell commands via the logkitty npm package before version 0.7.1...

Design/Logic Flaw

Lack of output sanitization allowed an attack to execute arbitrary shell commands via the logkitty npm package before version 0.7.1...

Apache CloudStack Input Validation Error Vulnerability

Apache CloudStack is a set of Infrastructure as a Service IaaS cloud computing platforms from the Apache Software Apache Software Foundation in the United States. The platform is primarily used for deploying and managing large networks of virtual machines. A buffer overflow vulnerability exists i...

Command injection

An OS Command Injection vulnerability in PAN-OS management server allows authenticated users to inject and execute arbitrary shell commands with root privileges. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7...

CVE-2020-2014

CVE-2020-2014 : PAN-OS contains an OS command injection vulnerability in the management server. Authenticated users can inject and execute arbitrary shell commands with root privileges. Affected: PAN-OS 7.1 and 8.0; PAN-OS 8.1 before 8.1.14; PAN-OS 9.0 before 9.0.7. References indicate a fix/patc...

PAN-OS: OS injection vulnerability in PAN-OS management server

An OS Command Injection vulnerability in PAN-OS management server allows authenticated users to inject and execute arbitrary shell commands with root privileges. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7...

Command Injection

radare2 is vulnerable to command injection. A command injection vulnerability exists in the function binsymbols in libr/core/cbin.c. An attacker is able to execute arbitrary shell commands using a malicious executable file due to improper handling of symbol names embedded in executables...

Improper access control

In BIG-IQ 6.0.0-7.0.0, a remote access vulnerability has been discovered that may allow a remote user to execute shell commands on affected systems using HTTP requests to the BIG-IQ user interface...

CVE-2020-5868

In BIG-IQ 6.0.0-7.0.0, a remote access vulnerability has been discovered that may allow a remote user to execute shell commands on affected systems using HTTP requests to the BIG-IQ user interface...

CVE-2019-20773

An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. Unprivileged applications can execute shell commands via the connectivity service. The LG ID is LVE-SMP-190008 August 2019...