CVE-2022-28557

There is a command injection vulnerability at the /goform/setsambacfg interface of Tenda AC15 USAC15V1.0BRV15.03.05.20multiTDE01.bin device web, which can also cooperate with CVE-2021-44971 to cause unconditional arbitrary command execution...

CVE-2022-28557

There is a command injection vulnerability at the /goform/setsambacfg interface of Tenda AC15 USAC15V1.0BRV15.03.05.20multiTDE01.bin device web, which can also cooperate with CVE-2021-44971 to cause unconditional arbitrary command execution...

CVE-2022-28557

There is a command injection vulnerability at the /goform/setsambacfg interface of Tenda AC15 USAC15V1.0BRV15.03.05.20multiTDE01.bin device web, which can also cooperate with CVE-2021-44971 to cause unconditional arbitrary command execution...

CVE-2022-28557

Affected product : Tenda AC15 (US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin) web interface. Vulnerability : command injection at the /goform/setsambacfg interface. Root cause / nature : vulnerability enables unconditional arbitrary command execution and can cooperate with CVE-2021-44971 to achieve ...

Tenda AC15 操作系统命令注入漏洞

The Tenda AC15 is a wireless router from Tenda China. Tenda AC15 USAC15V1.0BRV15.03.05.20multiTDE01.bin device web suffers from an operating system command injection vulnerability, which stems from a command injection vulnerability in the /goform/setsambacfg interface, which can also be coupled...

F5 BIG-IP AFM 代码问题漏洞

F5 BIG-IP AFM is an advanced firewall product from F5 USA for protection against DDos attacks. F5 BIG-IP AFM has a code issue vulnerability that can be exploited by attackers to upload maliciously crafted files and execute arbitrary commands...

WordPress plugin Import WP代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Import WP plugin is vulnerable to a file upload vulnerability, which stems from the plugin'...

git-pull-or-clone 参数注入漏洞

git-pull-or-clone is used to ensure that a git repository exists on disk and is up-to-date. A parameter injection vulnerability exists in git-pull-or-clone versions prior to 2.0.2, which can be exploited to cause arbitrary command injection...

The vulnerability of the _compile function in the Perl programming language allows attackers to execute arbitrary commands.

The vulnerability of the compile function in the Perl programming language is related to improper handling of code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

CVE-2022-26111

The BeanShell components of IRISNext through 9.8.28 allow execution of arbitrary commands on the target server by creating a custom search or editing an existing/predefined search of the documents. The search components permit adding BeanShell expressions that result in Remote Code Execution in t...

CVE-2022-26111

The BeanShell components of IRISNext through 9.8.28 allow execution of arbitrary commands on the target server by creating a custom search or editing an existing/predefined search of the documents. The search components permit adding BeanShell expressions that result in Remote Code Execution in t...

CVE-2022-26111

The CVE-2022-26111 entry concerns IRISNext (BeanShell components) up to version 9.8.28. The vulnerability arises when BeanShell expressions are added via the search functionality, allowing arbitrary commands to be executed on the target server within the IRISNext application user context (Remote ...

IRIS IrisNext 命令注入漏洞

IRIS IrisNext is a document management solution from IRIS Luxembourg designed to manage, protect and use your company's information. A security vulnerability exists in IRISNext version 9.8.28 and prior versions of the BeanShell component, which originates from a BeanShell component that allows...

Missing input validation can lead to command execution in composer

The Composer method VcsDriver::getFileContent with user-controlled $file or $identifier arguments is susceptible to an argument injection vulnerability. It can be leveraged to gain arbitrary command execution if the Mercurial or the Git driver are used. This led to a vulnerability on Packagist.or...

The vulnerability in the web interface for managing microprogrammed software routers of Cisco Small Business RV340, RV340W, RV345, and RV345P allows a perpetrator to execute arbitrary commands.

The vulnerability of the web-based management interface for Cisco Small Business RV340, RV340W, RV345, and RV345P microprogramming systems exists due to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a...

The vulnerability of the Open Plug and Play (PnP) microprogramming software module of Cisco Small Business routers such as RV160, RV160W, RV260, RV260P, RV260W, RV340, RV340W, RV345, and RV345P allows attackers to execute arbitrary commands.

The vulnerability of the Open Plug and Play PnP microprogramming software for Cisco Small Business routers such as RV160, RV160W, RV260, RV260P, RV260W, RV340, RV340W, RV345, and RV345P exists due to the failure to take measures to neutralize the special elements used in the operating system...

The vulnerability in the web interface for managing microprogrammed software routers of Cisco Small Business RV340, RV340W, RV345, and RV345P allows a perpetrator to execute arbitrary commands.

The vulnerability of the web-based management interface for Cisco Small Business RV340, RV340W, RV345, and RV345P microprogramming systems exists due to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a...

CVE-2022-28810

Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary operating OS commands as SYSTEM via the policy custom script feature. Due to the use of a default administrator password, attackers may be able to abuse this functionality with...

CVE-2022-27188

OS command injection vulnerability exists in CENTUM VP R4.01.00 to R4.03.00, CENTUM VP Small R4.01.00 to R4.03.00, CENTUM VP Basic R4.01.00 to R4.03.00, and B/M9000 VP R6.01.01 to R6.03.02, which may allow an attacker who can access the computer where the affected product is installed to execute ...

npm-dependency-versions command injection vulnerability

npm-dependency-versions is a dependency plugin for nmap. npm-dependency-versions is vulnerable to a command injection vulnerability that can be exploited by attackers to cause arbitrary command execution...