7636 matches found
CVE-2022-21187
The package libvcs before 0.11.1 are vulnerable to Command Injection via argument injection. When calling the updaterepo function when using hg, the url parameter is passed to the hg clone command. By injecting some hg options it was possible to get arbitrary command execution...
PYSEC-2022-163
The package libvcs before 0.11.1 are vulnerable to Command Injection via argument injection. When calling the updaterepo function when using hg, the url parameter is passed to the hg clone command. By injecting some hg options it was possible to get arbitrary command execution...
Command injection
The package libvcs before 0.11.1 are vulnerable to Command Injection via argument injection. When calling the updaterepo function when using hg, the url parameter is passed to the hg clone command. By injecting some hg options it was possible to get arbitrary command execution...
PYSEC-2022-163
The package libvcs before 0.11.1 are vulnerable to Command Injection via argument injection. When calling the updaterepo function when using hg, the url parameter is passed to the hg clone command. By injecting some hg options it was possible to get arbitrary command execution...
CVE-2022-21187
The CVE-2022-21187 issue affects the libvcs package prior to version 0.11.1. The vulnerability arises in the update_repo path (when using Mercurial via hg), where the url parameter is passed to the hg clone command, enabling command injection and potential arbitrary command execution. Available c...
CVE-2022-21187 Command Injection
The package libvcs before 0.11.1 are vulnerable to Command Injection via argument injection. When calling the updaterepo function when using hg, the url parameter is passed to the hg clone command. By injecting some hg options it was possible to get arbitrary command execution...
GHSA-3F95-R44V-8MRG Command injection in simple-git
The package simple-git before 3.3.0 is vulnerable to Command Injection via argument injection. When calling the .fetchremote, branch, handlerFn function, both the remote and branch parameters are passed to the git fetch subcommand. By injecting some git options, it was possible to get arbitrary...
Command injection in simple-git
The package simple-git before 3.3.0 is vulnerable to Command Injection via argument injection. When calling the .fetchremote, branch, handlerFn function, both the remote and branch parameters are passed to the git fetch subcommand. By injecting some git options, it was possible to get arbitrary...
CVE-2022-24433 Command Injection
The package simple-git before 3.3.0 are vulnerable to Command Injection via argument injection. When calling the .fetchremote, branch, handlerFn function, both the remote and branch parameters are passed to the git fetch subcommand. By injecting some git options it was possible to get arbitrary...
JVN#72801744: UNIVERGE WA Series vulnerable to OS command injection
Remote system maintenance feature of UNIVERGE WA series "Local maintenance console/Remote maintenance console/Web based remote console maintenance" contains an OS command injection vulnerability CWE-78. Impact If an attacker who can access the product sends specific character strings or a special...
The vulnerability of the embedded software of NETGEAR routers such as R7850, R7900P, R7960P, R8000, R8000P, RAX200, RAX75, RAX80, RBK752, RBK852, RBR750, RBR850, RBS750, and RBS850 lies in the absence of measures to sanitize input data. This allows attackers to execute arbitrary commands.
The vulnerability of NETGEAR’s integrated routing software devices such as R7850, R7900P, R7960P, R8000, R8000P, RAX200, RAX75, RAX80, RBK752, RBK852, RBR750, RBR850, RBS750, and RBS850 lies in the lack of measures to sanitize input data. Exploiting this vulnerability allows a remote attacker to...
The vulnerability of the embedded software of NETGEAR routers such as R7900P, R7960P, R8000, R8000P, MR60, RAX20, RAX45, RAX80, MS60, RAX15, RAX50, RAX75 lies in the lack of measures to sanitize input data. This allows a hacker to execute arbitrary commands.
The vulnerability of NETGEAR R7900P, R7960P, R8000, R8000P, MR60, RAX20, RAX45, RAX80, MS60, RAX15, RAX50, and RAX75 router software lies in the lack of measures for cleaning input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
Arbitrary Command Execution
Overview mc-kill-port is a package allowing termination of ports. Affected versions of this package are vulnerable to Arbitrary Command Execution via the kill function, due to missing sanitization of the port argument. PoC js const kill = require"mc-kill-port"; kill"abc|echo rce newFile.txt"...
VulnCheck KEV: CVE-2022-20700
A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or...
Remote Code Execution (RCE)
Overview ungit is a version control library. Affected versions of this package are vulnerable to Remote Code Execution RCE via argument injection. The issue occurs when calling the /api/fetch endpoint. User controlled values remote and ref are passed to the git fetch command. By injecting some gi...
Zyxel NWA-1100-NH 命令注入漏洞
The Zyxel NWA-1100-NH is a remote Poe access point from China's Heqin Technology Zyxel. The Zyxel NWA-1100-NH suffers from a command injection vulnerability that originates in the web interface of the Zyxel NWA-1100-NH firmware that could allow an attacker to execute arbitrary operating system...
rubygem-rdoc: Command injection vulnerability in RDoc
An operating system command injection flaw was found in RDoc. Using the rdoc command to generate documentation for a malicious Ruby source code could lead to execution of arbitrary commands with the privileges of the user running rdoc...
The vulnerabilities of the DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin microprogramming systems of D-Link DIR-846 allow a hacker to execute arbitrary commands.
The vulnerability of the DIR846A1FW100A43.bin and DIR846enFW100A53DLA-Retail.bin microprogramming systems of D-Link DIR-846 routers is related to insufficient checking of arguments passed in commands. Exploiting this vulnerability can allow a malicious actor to execute arbitrary commands using a...
The vulnerabilities of the DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin microprogramming systems of D-Link DIR-846 allow a hacker to execute arbitrary commands.
The vulnerability of the DIR846A1FW100A43.bin and DIR846enFW100A53DLA-Retail.bin microprogramming systems of D-Link DIR-846 routers is related to insufficient checking of arguments passed in commands. Exploiting this vulnerability can allow a malicious actor to execute arbitrary commands using a...
TotoLink A800R 操作系统命令注入漏洞
TOTOLink A860R is a wireless router from TotoLink, China.TOTOLink A860R V4.1.2cu.5182B20201027 is vulnerable to command injection, which can be exploited by attackers to execute arbitrary commands via the QUERYSTRING parameter...