1216 matches found
PT-2021-15419
Name of the Vulnerable Software and Affected Versions Atlassian Confluence versions prior to 7.4.11 Atlassian Confluence versions 7.3.0 through 7.3.6 Atlassian Confluence versions 7.0.0 through 7.0.14 Atlassian Confluence versions 6.13.0 through 6.15.9 Description The issue allows authenticated...
Lantronix PremierWave 2050 OS Command Injection Vulnerability (CNVD-2022-04980)
The Lantronix PremierWave 2050 is an embedded enterprise Wi-Fi module from Lantronix, Inc. The Lantronix PremierWave 2050 is vulnerable to an operating system command injection vulnerability that could be exploited by attackers to cause arbitrary command execution...
Lantronix PremierWave 2050 OS Command Injection Vulnerability
The Lantronix PremierWave 2050 is an embedded enterprise Wi-Fi module from Lantronix, Inc. The Lantronix PremierWave 2050 is vulnerable to an operating system command injection vulnerability that could be exploited by attackers to cause arbitrary command execution...
PT-2021-22546
Name of the Vulnerable Software and Affected Versions: ohmyzsh affected versions not specified Description: The issue concerns Improper Neutralization of Special Elements used in an OS Command. Recommendations: At the moment, there is no information about a newer version that contains a fix for...
VulnCheck KEV: CVE-2016-11021
setSystemCommand on D-Link DCS-930L devices allows a remote attacker to execute code via an OS command...
Open Game Panel 操作系统命令注入漏洞
Open Game Panel is an open source game server control panel. It uses a web interface PHP/MySQL to control the agent Perl running on the server hosting the game. It is used to start/stop/monitor game server instances. A security vulnerability exists in Open Game Panel OGP-Agent-Linux, which stems...
Microsoft OMI Management Interface Authentication Bypass
By removing the authentication exchange, an attacker can issue requests to the local OMI management socket that will cause it to execute an operating system command as the root user. This vulnerability was patched in OMI version 1.6.8-1 released September 8th 2021. Module Options msf use...
Microsoft OMI Management Interface Authentication Bypass Exploit
By removing the authentication header, an attacker can issue an HTTP request to the OMI management endpoint that will cause it to execute an operating system command as the root user. This vulnerability was patched in OMI version 1.6.8-1 released September 8th 2021. This module requires Metasploi...
CVE-2021-22037
Under certain circumstances, when manipulating the Windows registry, InstallBuilder uses the reg.exe system command. The full path to the command is not enforced, which results in a search in the search path until a binary can be identified. This makes the installer/uninstaller vulnerable to Path...
Microsoft OMI Management Interface Authentication Bypass
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/SCXOperatingSystem' .freeze def initializeinfo = super updateinfo info, 'Name' = 'Microsoft OMI...
Code Injection in zoujingli/thinkadmin
Description remote code execution Proof of Concept Bellow request is vulnerable to arbitary system command injection .\ During file upload it does not properly check file upload which allow to upload php file and this php file will execute system command POST /admin/api.upload/file.html HTTP/2...
Fortinet FortiClient 操作系统命令注入漏洞
Fortinet FortiClient is a structured agent from Fortinet, Inc. It is used to provide protection, compliance, and secure access in a single modular lightweight client. Fortinet FortiClient suffers from an operating system command injection vulnerability that can be exploited by an unauthenticated,...
Aruba Networks Aruba Operating System 命令注入漏洞
Aruba Operating System is the operating system for Aruba Controller-managed wireless LANs and Aruba Mobility Controllers from Aruba Networks, Inc. A command injection vulnerability exists in the Aruba Operating System that can be exploited by an attacker to trigger remote command execution via th...
CVE-2021-34066
An issue was discovered in EdgeGallery/developer before v1.0. There is a "Deserialization of yaml file" vulnerability that can allow attackers to execute system command through uploading the malicious constructed YAML file...
CVE-2021-34066
An issue was discovered in EdgeGallery/developer before v1.0. There is a "Deserialization of yaml file" vulnerability that can allow attackers to execute system command through uploading the malicious constructed YAML file...
Deserialization of untrusted data
An issue was discovered in EdgeGallery/developer before v1.0. There is a "Deserialization of yaml file" vulnerability that can allow attackers to execute system command through uploading the malicious constructed YAML file...
CVE-2021-34066
An issue was discovered in EdgeGallery/developer before v1.0. There is a "Deserialization of yaml file" vulnerability that can allow attackers to execute system command through uploading the malicious constructed YAML file...
DRK Odenwaldkreis Testerfassung 操作系统命令注入漏洞
DRK Odenwaldkreis Testerfassung is an open source solution for obtaining and documenting corona antigen rapid test results. DRK Odenwaldkreis Testerfassung March-2021 An operating system command injection vulnerability, which originates in the application's results.php Shell metacharacter injecti...
CVE-2021-28634
Acrobat Reader DC versions 2021.005.20054 and earlier, 2020.004.30005 and earlier and 2017.011.30197 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command. An authenticated attacker could leverage this vulnerability to achieve arbitrary code execution on...
ProLink PRC2402M Command Injection Vulnerability (CNVD-2021-68447)
ProLink PRC2402M is a router from ProLink Singapore. A command injection vulnerability exists in the setsyscmd function in the adm.cgi binary file of ProLink PRC2402M 1.0.18 and prior versions. An attacker could exploit this vulnerability to cause command injection by passing the command paramete...