CVE-2022-35131

Joplin v2.8.8 allows attackers to execute arbitrary commands via a crafted payload injected into the Node titles...

CVE-2022-35131

Joplin v2.8.8 allows attackers to execute arbitrary commands via a crafted payload injected into the Node titles...

CVE-2022-35131

Joplin v2.8.8 allows attackers to execute arbitrary commands via a crafted payload injected into the Node titles...

CVE-2022-35131

CVE-2022-35131 affects Joplin v2.8.8, enabling arbitrary command execution via a crafted payload injected into Node titles. The root cause is unsafe handling of user input in the UI, specifically unescaped input passed to dangerouslySetInnerHTML in GotoAnything.tsx. Several sources corroborate an...

PT-2022-8885 · Unknown · Git-Archive

Name of the Vulnerable Software and Affected Versions: git-archive versions all Description: The issue concerns Command Injection via the exports function. This allows for potential execution of arbitrary commands. Recommendations: For all versions, consider disabling the exports function as a...

The vulnerability of the config_rollback() function implementation in the Microprogrammed Software VPN Routers of Robustel R1510 allows a perpetrator to execute arbitrary commands.

The vulnerability of the configrollback function implementation in the Robustel R1510 VPN router software lies in the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands b...

CVE-2022-20857

Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack. For more information about these vulnerabilities, see the Details section of this...

CVE-2022-34866

CVE-2022-34866 affects Passage Drive and Passage Drive for Box: vulnerable components are interprocess communication data verification in Passage Drive v1.4.0–v1.5.1.0 and Passage Drive for Box v1.0.0. Root cause is insufficient data verification for IPC, allowing a malicious program to execute a...

The vulnerability of the command-line interface (CLI) implementation of Zyxel networking devices allows a perpetrator to execute arbitrary commands.

The vulnerability of CLI implementations for Zyxel network devices involves the failure to take measures to neutralize special elements used in operating system commands. Exploiting this vulnerability can allow an attacker to execute arbitrary commands...

CVE-2022-31208

An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The webserver contains an endpoint that can execute arbitrary commands by manipulating the cmdstring URL parameter...

Medium: git

Issue Overview: A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This allows the owner of the repository to cause arbitrary commands to be...

The vulnerability of the microprogrammed software of the SpaceLogic C-Bus Home Controller (5200WHC2) arises from the failure to take measures to neutralize the special elements used in the operating system’s commands. This vulnerability allows a intruder to execute arbitrary commands.

The vulnerability of the microprogrammed software of the SpaceLogic C-Bus Home Controller 5200WHC2 exists due to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary command...

The vulnerability in the web interface for diagnosing micro-program software in the Bosch PRA-ES8P2S Ethernet switch allows a hacker to execute arbitrary operating system commands.

The vulnerability of the web-based interface for diagnosing micro-programmed Ethernet switch software from Bosch, the PRA-ES8P2S, is related to insufficient verification of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary operating system commands using...

Tenda AX1803 WanParameterSetting function command injection vulnerability

Tenda AX1803 is a dual-band gigabit WIFI6 router from Tenda China.Tenda AX1803 v1.0.0.12890 version of the command injection vulnerability, which stems from the WanParameterSetting function fails to properly filter the construct command special characters, commands, etc.. An attacker could exploi...

Tenda AX1806 WanParameterSetting function command injection vulnerability

Tenda AX1806 is a WiFi6 wireless router from Tenda, China.A command injection vulnerability exists in Tenda AX1806 v1.0.0.1, which stems from the failure of the WanParameterSetting function to properly filter the construct command special characters, commands, etc. The vulnerability can be...

CVE-2021-35283

SQL Injection vulnerability in productadmin.php in atoms183 CMS 1.0, allows attackers to execute arbitrary commands via the Name, Fname, and ID parameters to search.php...

Wavlink WL-WN575A3 命令注入漏洞

Wavlink WL-WN575A3 is a wireless network signal extender from China RuiYin Technology Wavlink. A security vulnerability exists in the Wavlink WL-WN575A3 RPT75A3.V4300.201217 version, which stems from a command injection vulnerability discovered via the obtw function. An attacker could use this...

CVE-2022-34598

The udpserver in H3C Magic R100 V200R004 and V100R005 has the 9034 port opened, allowing attackers to execute arbitrary commands...

CVE-2022-34598

The udpserver in H3C Magic R100 V200R004 and V100R005 has the 9034 port opened, allowing attackers to execute arbitrary commands...

Tenda AX1806 操作系统命令注入漏洞

Tenda AX1806 is a WiFi6 wireless router from Tenda, China.A command injection vulnerability exists in Tenda AX1806 v1.0.0.1, which stems from the failure of the WanParameterSetting function to properly filter the construct command special characters, commands, etc. The vulnerability can be...