多款 Nippon Telegraph and Telephone West Corporation 产品操作系统命令注入漏洞

Nippon Telegraph and Telephone West Corporation Netcommunity OG410Xa and others are a type of firmware from Nippon Telegraph and Telephone West Corporation, Japan. A security vulnerability exists in several Nippon Telegraph and Telephone West Corporation products that originates from a system...

PT-2022-15319 · Unknown +1 · Sma 100 Series +1

Name of the Vulnerable Software and Affected Versions: SRA versions 8.x through 9.0.0.5-19sv SMA 100 series products versions 9.0.0.9-26sv and earlier Description: The issue is related to improper neutralization of special elements, leading to an OS Command Injection. This affects end-of-life...

CVE-2021-40410

An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.13620121102. At 4 the dnsdata-dns1 variable, that has the value of the dns1 parameter provided through the SetLocal API, is not validated properly. This would lead to an OS command...

Security Bulletin: IBM FileNet Content Manager Operating System command injection security vulnerability

Summary FileNet Content Manager component Administration Console for Content Platform Engine ACCE user Operating System command injection security vulnerability Vulnerability Details CVEID: CVE-2021-38965 DESCRIPTION: IBM FileNet Content Manager could allow a remote authenticated attacker to...

Lantronix PremierWave 2050 OS Command Injection Vulnerability (CNVD-2022-04975)

The Lantronix PremierWave 2050 is an embedded Wi-Fi module manufactured by Lantronix. The Lantronix PremierWave 2050 is vulnerable to an operating system command injection vulnerability that could be exploited by an attacker to cause arbitrary command execution in the "EC keypasswd" parameter wit...

SAP NetWeaver AS 操作系统命令注入漏洞

SAP NetWeaver AS is a SAP network application server from SAP. It not only provides network services, but is also the basic platform for SAP software. SAP NetWeaver AS ABAP suffers from an operating system command injection vulnerability that originates from allowing an attacker with elevated...

Lantronix PremierWave 2050 OS Command Injection Vulnerability (CNVD-2022-04980)

The Lantronix PremierWave 2050 is an embedded enterprise Wi-Fi module from Lantronix, Inc. The Lantronix PremierWave 2050 is vulnerable to an operating system command injection vulnerability that could be exploited by attackers to cause arbitrary command execution...

Lantronix PremierWave 2050 OS Command Injection Vulnerability

The Lantronix PremierWave 2050 is an embedded enterprise Wi-Fi module from Lantronix, Inc. The Lantronix PremierWave 2050 is vulnerable to an operating system command injection vulnerability that could be exploited by attackers to cause arbitrary command execution...

Open Game Panel 操作系统命令注入漏洞

Open Game Panel is an open source game server control panel. It uses a web interface PHP/MySQL to control the agent Perl running on the server hosting the game. It is used to start/stop/monitor game server instances. A security vulnerability exists in Open Game Panel OGP-Agent-Linux, which stems...

Fortinet FortiClient 操作系统命令注入漏洞

Fortinet FortiClient is a structured agent from Fortinet, Inc. It is used to provide protection, compliance, and secure access in a single modular lightweight client. Fortinet FortiClient suffers from an operating system command injection vulnerability that can be exploited by an unauthenticated,...

DRK Odenwaldkreis Testerfassung 操作系统命令注入漏洞

DRK Odenwaldkreis Testerfassung is an open source solution for obtaining and documenting corona antigen rapid test results. DRK Odenwaldkreis Testerfassung March-2021 An operating system command injection vulnerability, which originates in the application's results.php Shell metacharacter injecti...

CVE-2021-36982

AIMANAGER before B115 on MONITORAPP Application Insight Web Application Firewall AIWAF devices with Manager 2.1.0 allows OS Command Injection because of missing input validation on one of the parameters of an HTTP request...

GHSA-H86X-MV66-GR5Q OS Command Injection in Locutus

php/exec/escapeshellarg in Locutus PHP through 2.0.11 allows an attacker to achieve code execution...

MDT AutoSave 操作系统操作系统命令注入漏洞

MDT AutoSave is a software application. It provides an automated change management function. An operating system command injection vulnerability exists in MDT AutoSave, which stems from the application's API not validating data data effectively, allowing an attacker to execute system commands by...

SonicWall NSM On-Prem 操作系统命令注入漏洞

SonicWall NSM On-Prem is an application from Sonicwall USA, Inc. It provides unlimited scalability to support thousands of SonicWall security appliances under its management. SonicWall NSM On-Prem suffers from an operating system command injection vulnerability that can be exploited by an attacke...

China Mobile An Lianbao WF-1 router 操作系统命令注入漏洞

China Mobile An Lianbao WF-1 router is a router from China Mobile China. China Mobile An Lianbao WF-1 router 1.0.1 suffers from an operating system command injection vulnerability, which originates in the api/ZRFirmware/settimezone set time zone interface, that can be exploited by remote attacker...

VulnCheck KEV: CVE-2021-27104

Accellion FTA contains an OS command injection vulnerability exploited via a crafted POST request to various admin endpoints...

CVE-2021-25297

Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command...

Nagios XI 安全漏洞

Nagios XI is a commercial monitoring solution built on Nagios Core, including dashboards, web-based configuration, advanced reporting and rich data visualization. An OS command injection vulnerability exists in /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php in Nagio...

DELL EMC PowerScale 操作系统命令注入漏洞

Dell EMC PowerScale OneFS is an API-powered file system. An OS command injection vulnerability exists in Dell EMC PowerScale OneFS 8.1.0 - 9.1.0. An attacker with the ISIPRIVCLUSTER privilege could exploit this vulnerability to execute arbitrary OS commands on the underlying OS of an application...