CVE-2022-31874

ASUS RT-N53 3.0.0.4.376.3754 has a command injection vulnerability in the SystemCmd parameter of the apply.cgi interface...

Festo Controller CECC-X-M1 操作系统命令注入漏洞

The Festo Controller CECC-X-M1 is a series of controller devices from Festo, Germany. An operating system command injection vulnerability exists in the Festo Controller CECC-X-M1. An attacker could use this vulnerability to execute system commands with root privileges...

Zeroshell 操作系统命令注入漏洞

Zeroshell is a Linux distribution for servers and embedded systems. Zeroshell version 3.9.5 suffers from an operating system command injection vulnerability that stems from a command injection issue in the /cgi-bin/kerbynet IP parameter. An authenticated attacker can use this vulnerability to...

CVE-2022-1986

OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9...

GHSA-GWP3-F7MR-QPFV OS Command Injection in s3-uploader

OS command injection vulnerability in Turistforeningen node-s3-uploader through 2.0.3 for Node.js allows attackers to execute arbitrary commands via the metadata function...

Grav CMS Cross-Site Request Forgery (CSRF)

The Scheduler in Grav CMS through 1.7.0-rc.17 allows an attacker to execute a system command by tricking an admin into visiting a malicious website CSRF...

GHSA-79H8-7735-V3F9 System command execution vulnerability in Selection tasks Jenkins Plugin

Jenkins Selection tasks Plugin 1.0 and earlier executes a user-specified program on the Jenkins controller, allowing attackers with Job/Configure permission to execute an arbitrary system command on the Jenkins controller as the OS user that the Jenkins process is running as...

GHSA-J472-MCQ2-95P6 OS Command Injection in Jenkins

Jenkins 2.73.1 and earlier, 2.83 and earlier users with permission to create or configure agents in Jenkins could configure a launch method called 'Launch agent via execution of command on master'. This allowed them to run arbitrary shell commands on the master node whenever the agent was suppose...

CVE-2022-26420

An OS command injection vulnerability exists in the console infactoryport functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability...

CVE-2022-26518

An OS command injection vulnerability exists in the console infactorynet functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability...

Delta Electronics DIAEnergie SQL Injection Vulnerability (CNVD-2022-36026)

Delta Electronics DIAEnergie is an industrial energy management system for monitoring and analyzing energy consumption in real time, calculating energy consumption and load characteristics, optimizing equipment performance, improving production processes and maximizing energy efficiency. Delta...

CVE-2022-27903

An OS Command Injection vulnerability in the configuration parser of Eve-NG Professional through 4.0.1-65 and Eve-NG Community through 2.0.3-112 allows a remote authenticated attacker to execute commands as root by editing virtualization command parameters of imported UNL files...

Tenda AC15 操作系统命令注入漏洞

The Tenda AC15 is a wireless router from Tenda China. Tenda AC15 USAC15V1.0BRV15.03.05.20multiTDE01.bin device web suffers from an operating system command injection vulnerability, which stems from a command injection vulnerability in the /goform/setsambacfg interface, which can also be coupled...

CVE-2022-1375

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability exists in DIAEslogHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

CVE-2022-1366

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability exists in HandlerChart.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

CVE-2022-1377

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability exists in DIAErltHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

Delta Electronics DIAEnergie SQL注入漏洞

Delta Electronics DIAEnergie is an industrial energy management system for monitoring and analyzing energy consumption in real time, calculating energy consumption and load characteristics, optimizing equipment performance, improving production processes and maximizing energy efficiency. Delta...

Delta Electronics DIAEnergie SQL注入漏洞

Delta Electronics DIAEnergie is an industrial energy management system for monitoring and analyzing energy consumption in real time, calculating energy consumption and load characteristics, optimizing equipment performance, improving production processes and maximizing energy efficiency. Delta...

DEBIAN-CVE-2022-29078

The ejs aka Embedded JavaScript templates package 3.1.6 for Node.js allows server-side template injection in settingsview optionsoutputFunctionName. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command which is executed upon template...

UBUNTU-CVE-2022-29078

The ejs aka Embedded JavaScript templates package 3.1.6 for Node.js allows server-side template injection in settingsview optionsoutputFunctionName. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command which is executed upon template...