FortiWeb - Multiple command injection vulnerabilities

Multiple command injection vulnerabilities CWE-78 in the command line interpreter of FortiWeb may allow an authenticated attacker to execute arbitrary commands on the underlying system shell via specially crafted command arguments...

CVE-2021-24023

An improper input validation in FortiAI v1.4.0 and earlier may allow an authenticated user to gain system shell access via a malicious payload in the "diagnose" command...

Input validation

An improper input validation in FortiAI v1.4.0 and earlier may allow an authenticated user to gain system shell access via a malicious payload in the "diagnose" command...

CVE-2021-24023

An improper input validation in FortiAI v1.4.0 and earlier may allow an authenticated user to gain system shell access via a malicious payload in the "diagnose" command...

CVE-2021-24023

FortiAI (Fortinet) systems running v1.4.0 and earlier are affected by an improper input validation in the diagnose command, which may allow an authenticated user to obtain a system shell through a malicious payload. The vulnerability stems from input validation flaws and is listed with high sever...

CVE-2021-24023

An improper input validation in FortiAI v1.4.0 and earlier may allow an authenticated user to gain system shell access via a malicious payload in the "diagnose" command...

CVE-2019-25029

In Versa Director, the command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes unsafe user supplied data forms, cookies, HTTP headers etc. to a...

CVE-2019-25029

In Versa Director, the command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes unsafe user supplied data forms, cookies, HTTP headers etc. to a...

Versa Director 命令注入漏洞

Versa Networks Versa Director is a virtualization and service creation platform from Versa Networks, USA. It simplifies the creation, automation and delivery of services using Versa FlexVNF. A command injection vulnerability exists in Versa Director, which stems from a failure to make valid...

FortiNDR - OS command injection due to improper input sanitization

An improper input validation in FortiNDR v1.4.0 may allow an authenticated user to gain system shell access via a malicious payload in the "diagnose" command...

Command Injection

async-git is vulnerable to command injection. An attacker is able to inject malicious OS command to the system shell via the getter function in the index.js file...

Command Injection

async-git is vulnerable to command injection. An attacker is able to inject malicious OS command to the system shell via the getter function in the index.js file...

File upload vulnerability in freeCMS v1.5 (CNVD-2020-24737)

FreeCMS is an open source free CMS system. FreeCMS v1.5 has a file upload vulnerability that can be exploited by an attacker to upload arbitrary files to obtain a system shell...

File Upload Vulnerability in freeCMS v1.5

FreeCMS is an open source free CMS system. FreeCMS v1.5 has a file upload vulnerability that can be exploited by an attacker to upload arbitrary files to obtain a system shell...

Remote code execution

An issue was discovered in ASUSTOR exFAT Driver through 1.0.0.r20. When conducting license validation, exfat.cgi and exfatctl fail to properly validate server responses and pass unsanitized text to the system shell, resulting in code execution as root...

Plantronics Hub 3.13.2 - Local Privilege Escalation

Plantronics Hub 3.13.2 - Local Privilege Escalation Exploit Title: Plantronics Hub 3.13.2 - Local Privilege Escalation Date: 2020-01-2 Exploit Author: Markus Krell - @MarkusKrell Vendor Homepage:...

Plantronics Hub 3.13.2 - Local Privilege Escalation

Exploit Title: Plantronics Hub 3.13.2 - Local Privilege Escalation Date: 2020-01-2 Exploit Author: Markus Krell - @MarkusKrell Vendor Homepage: https://support.polycom.com/content/dam/polycom-support/global/documentation/plantronics-hub-local-privilege-escalation-vulnerability.pdf Software Link:...

Plantronics Hub 3.13.2 Local Privilege Escalation

Exploit Title: Plantronics Hub 3.13.2 - Local Privilege Escalation Date: 2020-01-2 Exploit Author: Markus Krell - @MarkusKrell Vendor Homepage: https://support.polycom.com/content/dam/polycom-support/global/documentation/plantronics-hub-local-privilege-escalation-vulnerability.pdf Software Link:...

Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability

ManageEngine ADSelfService Plus is a web-based self-service application that enables end-users to perform tasks such as password reset, account unlock, profile information update, etc. without relying on a help desk. An authentication bypass vulnerability exists in the password reset feature of...

CVE-2019-12476

An authentication bypass vulnerability in the password reset functionality in Zoho ManageEngine ADSelfService Plus before 5.0.6 allows an attacker with physical access to gain a shell with SYSTEM privileges via the restricted thick client browser. The attack uses a long sequence of crafted keyboa...