1216 matches found
VulnCheck KEV: CVE-2020-8269
An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9...
北京坤豆 Mubu 授权问题漏洞
Mubu is a platform for online writing from Mubu, a company based in Beijing, China. An authorization issue vulnerability exists in Mubu version 2.2.1, which stems from its failure to strictly limit user privileges and can be exploited by a local attacker to execute system commands...
TP-Link TL-WR840N OS Command Injection Vulnerability
The TP-LINK TL-WR840N is a wireless router with a channel count of 13 and VPN support. An OS command injection vulnerability exists in oaliptaddBridgeIsolationRules in TP-Link TL-WR840N 6EU0.9.14.16. The vulnerability stems from raw strings entered from the web interface being used to call system...
KLog Server OS Command Injection Vulnerability
KLog is ZhaoKaiQiang KLog individual developers of a logging tool for Android development . The tool's main functions are to print line numbers, function calls, Json parsing, XML parsing, click to jump, Log information saved and other functions. KLog Server 2.4.1 suffers from an OS command...
The vulnerability of the Ansible configuration management system lies in its lack of mechanisms to neutralize special elements used in operating system commands. This allows attackers to escalate their privileges and execute arbitrary code.
The vulnerability of the Ansible configuration management system is related to the lack of measures to neutralize special elements used in the OS command. Exploiting this vulnerability can allow an attacker to enhance their privileges and execute arbitrary code...
CVE-2020-25757
A lack of input validation and access controls in Lua CGIs on D-Link DSR VPN routers may result in arbitrary input being passed to system command APIs, resulting in arbitrary command execution with root privileges. This affects DSR-150, DSR-250, DSR-500, and DSR-1000AC with firmware 3.14 and 3.17...
CVE-2020-25757
CVE-2020-25757 affects D-Link DSR-series VPN routers (DSR-150, DSR-250, DSR-500, DSR-1000AC) running firmware 3.14 and 3.17. The root cause is inadequate input validation and access controls in Lua CGI handlers, allowing user-supplied data to reach system command APIs (os.popen) and enabling arbi...
CVE-2020-5639
Directory traversal vulnerability in FileZen versions from V3.0.0 to V4.2.2 allows remote attackers to upload an arbitrary file in a specific directory via unspecified vectors. As a result, an arbitrary OS command may be executed...
Command Execution Vulnerability in the ad***_ip***.php File in SeaCMS-v10.9 (SeaCMS)
Ocean CMS, also known as SeaCMS, using php + mysql development, completely open source and free of charge, adaptive to computers, cell phones, tablets, APP multi-terminal, no encryption, more secure, is a very good tool to build the station! Ocean CMS-v10.9 SeaCMS adip.php file has a command...
CVE-2020-29390
Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet StartSessionSubmit parameter that could allow an unauthenticated attacker to execute a system command by using shell metacharacters and the %0a character...
CVE-2020-29390
Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet StartSessionSubmit parameter that could allow an unauthenticated attacker to execute a system command by using shell metacharacters and the %0a character...
TotoLink A850r-v1 安全漏洞
TOTOLINK A850R-V1 is a wireless dual-band router.TOTOLINK A850R-V1 version 1.0.1-B20150707.1612 and F1-V2 version 1.1-B20150708.1646 contain a security vulnerability that could be exploited by attackers to execute remote code via the formSysCmd sysCmd parameter in the management interface to...
VulnCheck KEV: CVE-2018-13023
System command injection vulnerability in wifiaccess in Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute system commands via the "timeout" URL parameter...
CVE-2020-2276
Jenkins Selection tasks Plugin 1.0 and earlier executes a user-specified program on the Jenkins controller, allowing attackers with Job/Configure permission to execute an arbitrary system command on the Jenkins controller as the OS user that the Jenkins process is running as...
CVE-2020-2276
Jenkins Selection tasks Plugin 1.0 and earlier executes a user-specified program on the Jenkins controller, allowing attackers with Job/Configure permission to execute an arbitrary system command on the Jenkins controller as the OS user that the Jenkins process is running as...
CVE-2020-2276
CVE-2020-2276 affects the Jenkins Selection tasks Plugin (version 1.0 and earlier). The issue allows attackers with Job/Configure permission to run an arbitrary system command on the Jenkins controller by executing a user-specified program, effectively substituting the OS user that the Jenkins pr...
CVE-2020-15692
In Nim 1.2.4, the standard library browsers mishandles the URL argument to browsers.openDefaultBrowser. This argument can be a local file path that will be opened in the default explorer. An attacker can pass one argument to the underlying open command to execute arbitrary registered system...
Command injection
DKIM key management page vulnerability on Micro Focus Secure Messaging Gateway SMG. Affecting all SMG Appliance running releases prior to July 2020. The vulnerability could allow a logged in user with rights to generate DKIM key information to inject system commands into the call to the DKIM syst...
CVE-2020-11852
CVE-2020-11852 is a command-injection vulnerability in Micro Focus Secure Messaging Gateway (SMG) affecting the DKIM key management page. The issue allows a logged-in user with rights to generate DKIM key information to inject system commands into the DKIM system command call. Affected are SMG Ap...
CVE-2020-7352
The GalaxyClientService component of GOG Galaxy runs with elevated SYSTEM privileges in a Windows environment. Due to the software shipping with embedded, static RSA private key, an attacker with this key material and local user permissions can effectively send any operating system command to the...