9 matches found
PT-2026-5713
Name of the Vulnerable Software and Affected Versions Signal K Server versions prior to 1.5.0 Signal K Set-System-Time plugin versions prior to 1.5.0 Description A command injection issue exists in the Signal K Server and its Set-System-Time plugin. Authenticated users with write permissions can...
CVE-2018-25122
Nagios XI versions prior to 5.4.13 contain a remote code execution vulnerability in the Component Download page. The download/import handler used unsafe command construction with attacker-controlled input and lacked sufficient validation and output encoding, allowing an authenticated user to inje...
CVE-2018-25122
Nagios XI versions prior to 5.4.13 contain a remote code execution vulnerability in the Component Download page. The download/import handler used unsafe command construction with attacker-controlled input and lacked sufficient validation and output encoding, allowing an authenticated user to inje...
CVE-2018-25122
Nagios XI versions prior to 5.4.13 contain a remote code execution vulnerability in the Component Download page. The download/import handler used unsafe command construction with attacker-controlled input and lacked sufficient validation and output encoding, allowing an authenticated user to inje...
CVE-2018-25122
Nagios XI
PT-2025-44545
Nagios XI versions prior to 5.4.13 contain a remote code execution vulnerability in the Component Download page. The download/import handler used unsafe command construction with attacker-controlled input and lacked sufficient validation and output encoding, allowing an authenticated user to inje...
OS Command Injection
@wong2/mcp-cli is vulnerable to OS command injection. The vulnerability is due to unsafe command construction/execution because redirectToAuthorization in /src/oauth/provider.js uses attacker-controlled input in an OS command context, allowing remote command execution...
Command Injection
Thor is vulnerable to Command Injection. The vulnerability is due to unsafe command construction caused by the library forming shell commands directly from user-controlled input...
NETGEAR D3600, D6000 and XR500 OS Command Injection Vulnerability (CNVD-2020-27258)
NETGEAR D3600 and others are products of NETGEAR Corporation.NETGEAR D3600 is a wireless modem.NETGEAR D6000 is a wireless modem.NETGEAR XR500 is a wireless router.NETGEAR XR500 is a wireless router. An operating system command injection vulnerability exists in the NETGEAR D3600 prior to version...