1216 matches found
CVE-2021-36100
Specially crafted string in OTRS system configuration can allow the execution of any system command...
CVE-2021-36100
Specially crafted string in OTRS system configuration can allow the execution of any system command...
Command injection
Specially crafted string in OTRS system configuration can allow the execution of any system command...
CVE-2021-36100
Specially crafted string in OTRS system configuration can allow the execution of any system command...
PT-2022-10485 · Otrs +3 · Otrs +3
Name of the Vulnerable Software and Affected Versions: OTRS versions affected versions not specified OTRS ITSM versions affected versions not specified OTRS Storm versions affected versions not specified Description: The issue allows the execution of any system command through a specially crafted...
PT-2022-15319 · Unknown +1 · Sma 100 Series +1
Name of the Vulnerable Software and Affected Versions: SRA versions 8.x through 9.0.0.5-19sv SMA 100 series products versions 9.0.0.9-26sv and earlier Description: The issue is related to improper neutralization of special elements, leading to an OS Command Injection. This affects end-of-life...
CVE-2020-12775
Hicos citizen certificate client-side component does not filter special characters for command parameters in specific web URLs. An unauthenticated remote attacker can exploit this vulnerability to perform command injection attack to execute arbitrary system command, disrupt system or terminate...
CVE-2020-12775 Hicos citizen certificate client-side component - Command Injection
Hicos citizen certificate client-side component does not filter special characters for command parameters in specific web URLs. An unauthenticated remote attacker can exploit this vulnerability to perform command injection attack to execute arbitrary system command, disrupt system or terminate...
jenkins-2-plugins/docker-commons: does not sanitize the name of an image or a tag which could result in an OS command execution
An OS command execution vulnerability was found in the Jenkins Docker Commons plugin. Due to a lack of sanitization in the name of an image or a tag, an attacker with Item/Configure permission or the ability to control the contents of a previously configured job’s SCM repository may be able to...
The vulnerability of the libsal.so file in Zyxel GS1900 series switch software allows a hacker to execute arbitrary commands.
The vulnerability of the libsal.so file in Zyxel GS1900 series switch software lies in the lack of measures taken to neutralize special elements. Exploiting this vulnerability allows an attacker to execute arbitrary OS commands through the graphical interface...
jenkins-2-plugins/docker-commons: does not sanitize the name of an image or a tag which could result in an OS command execution
An OS command execution vulnerability was found in the Jenkins Docker Commons plugin. Due to a lack of sanitization in the name of an image or a tag, an attacker with Item/Configure permission or the ability to control the contents of a previously configured job’s SCM repository may be able to...
Jenkins Pipeline: Multibranch Plugin 操作系统命令注入漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. Jenkins Pipeline:...
CVE-2022-23340
Joplin 2.6.10 allows remote attackers to execute system commands through malicious code in user search results...
Joplin 代码问题漏洞
Joplin is an open source notes and to-do list application. A code issue vulnerability exists in Joplin, which arises from a product that allows execution of system commands via malicious code in user search results. The following products and versions are affected: Joplin version 2.6.10...
CVE-2021-29393
The CVE-2021-29393 entry concerns Northstar Club Management 6.3. Affected component: web interfaces cominput.jsp and comoutput.jsp. Root cause: unsanitized user-controlled parameters command and commandvalues enable an OS command injection, allowing remote unauthenticated users to inject and exec...
CVE-2021-40410
An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.13620121102. At 4 the dnsdata-dns1 variable, that has the value of the dns1 parameter provided through the SetLocal API, is not validated properly. This would lead to an OS command...
gegl: shell expansion via a crafted pathname
Due to the use of the system command in the Magick-Load op used by gegl an attacker is able to craft a command line path that is able to lead to the execution of arbitrary shell commands that impacts availability, confidentiality and integrity...
Security Bulletin: IBM FileNet Content Manager Operating System command injection security vulnerability
Summary FileNet Content Manager component Administration Console for Content Platform Engine ACCE user Operating System command injection security vulnerability Vulnerability Details CVEID: CVE-2021-38965 DESCRIPTION: IBM FileNet Content Manager could allow a remote authenticated attacker to...
Lantronix PremierWave 2050 OS Command Injection Vulnerability (CNVD-2022-04975)
The Lantronix PremierWave 2050 is an embedded Wi-Fi module manufactured by Lantronix. The Lantronix PremierWave 2050 is vulnerable to an operating system command injection vulnerability that could be exploited by an attacker to cause arbitrary command execution in the "EC keypasswd" parameter wit...
SAP NetWeaver AS 操作系统命令注入漏洞
SAP NetWeaver AS is a SAP network application server from SAP. It not only provides network services, but is also the basic platform for SAP software. SAP NetWeaver AS ABAP suffers from an operating system command injection vulnerability that originates from allowing an attacker with elevated...