Command injection in git-interface

A command injection vulnerability exists in git-interface in the GitHub repository yarkeev/git-interface prior to 2.1.2. If both the git remote and destination directory are provided by user input, then the use of an --upload-pack command-line argument feature of git is also supported for git...

Command injection

Command Injection vulnerability in email protected in GitHub repository yarkeev/git-interface prior to 2.1.2. If both are provided by user input, then the use of a --upload-pack command-line argument feature of git is also supported for git clone, which would then allow for any operating system...

CVE-2022-1440 Command Injection vulnerability in [email protected] in yarkeev/git-interface

Command Injection vulnerability in [email protected] in GitHub repository yarkeev/git-interface prior to 2.1.2. If both are provided by user input, then the use of a --upload-pack command-line argument feature of git is also supported for git clone, which would then allow for any operating syst...

ManageEngine ADSelfService Plus Custom Script Execution

This module exploits the "custom script" feature of ADSelfService Plus. The feature was removed in build 6122 as part of the patch for CVE-2022-28810. For purposes of this module, a "custom script" is arbitrary operating system command execution. This module uses an attacker provided "admin"...

Tukaani XZ Utils xzgrep Argument Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tukaani XZ Utils. Interaction with this script is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of...

CVE-2021-42324

The CVE-2021-42324 issue affects DCN S4600-10P-SI switches (pre-R0241.0470). Root cause: improper parameter validation in the console interface. An authenticated, low-privilege attacker can escape the sandbox and execute system commands as root via shell metacharacters in the capture command para...

CVE-2022-24803

CVE-2022-24803 concerns the Asciidoctor-include-ext extension (pre-0.4.0) that processes user-supplied input in AsciiDoc. The root cause is a command-injection risk in the include extension, allowing arbitrary system commands on the host OS, even when allow-uri-read is disabled. The issue is miti...

CVE-2022-24796

RaspberryMatic is a free and open-source operating system for running a cloud-free smart-home using the homematicIP / HomeMatic hardware line of IoT devices. A Remote Code Execution RCE vulnerability in the file upload facility of the WebUI interface of RaspberryMatic exists. Missing input...

Asciidoctor 操作系统命令注入漏洞

Asciidoctor is a text processor written in Ruby by the Asciidoctor organization. The product supports converting AsciiDoc content to HTML5, DocBook, and other formats. An operating system command injection vulnerability exists in versions prior to Asciidoctor-include-ext 0.4.0 that could allow an...

CVE-2022-26836

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability that exists in HandlerExport.ashx/Calendar. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

Sql injection

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability exists in HandlerTagKID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

Sql injection

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability that exists in DIAEdmdsetHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

CVE-2022-26887 Delta Electronics DIAEnergie SQL Injection in DIAE_HandlerTag_KID.ashx

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability exists in DIAEloopmapHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

CVE-2022-26059 Delta Electronics DIAEnergie SQL Injection in GetQueryData

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability that exists in GetQueryData. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

Exploit for Expression Language Injection in Vmware Spring_Cloud_Gateway

漏洞简介 Spring Cloud Gateway 是 Spring Cloud 的一个全新项目，该项目是基于 Spring 5.0，Spring Boot 2.0 和 Project Reactor 等技术开发的网关，它旨在为微服务架构提供一种简单有效的统一的API路由管理方式。 前段时间springCloud Gateway被爆致命RCE CVE ,cve信息显示当应用程序启用和暴露Spring Cloud Gateway的Gateway Actuator endpoint时，会受到远程代码注入攻击，攻击者发送恶意请求从而可远程执行任意代码。目前受影响的版本如下： 3.1.0 3.0...

Delta Electronics DIAEnergie SQL Injection Vulnerability (CNVD-2022-27555)

Delta Electronics DIAEnergie is an industrial energy management system used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency.Delta Electronics...

Delta Electronics DIAEnergie SQL Injection Vulnerability (CNVD-2022-27439)

Delta Electronics DIAEnergie is an industrial energy management system used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency.Delta Electronics...

Netcommunity OG410X and OG810X VoIP gateway/Hikari VoIP adapter for business offices vulnerable to OS command injection

Overview Netcommunity OG410X and OG810X series provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION and NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contain an OS command injection vulnerability CWE-78, CVE-2022-22986. Chuya Hayakawa of 00One, Inc. reported this vulnerability to NTT Eas...

多款 Nippon Telegraph and Telephone West Corporation 产品操作系统命令注入漏洞

Nippon Telegraph and Telephone West Corporation Netcommunity OG410Xa and others are a type of firmware from Nippon Telegraph and Telephone West Corporation, Japan. A security vulnerability exists in several Nippon Telegraph and Telephone West Corporation products that originates from a system...

Delta Electronics DIAEnergie SQL注入漏洞

Delta Electronics DIAEnergie is an industrial energy management system used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency.Delta Electronics...