F5 BIG-IQ 命令注入漏洞

F5 BIG-IQ is a software-based cloud management solution from F5 USA. The solution supports the deployment of application delivery and network services across public and private clouds, traditional data centers and hybrid environments. BIG-IQ Centralized Management suffers from a command injection...

Apache Dubbo Arbitrary Code Execution Vulnerability

Apache Dubbo is the Apache Foundation of a Java-based high-performance open source RPC framework . An arbitrary command execution vulnerability exists in several versions of Dubbo. An attacker can exploit this vulnerability by injecting malicious code into the routing scripts , the default...

IBM Security Guardium Remote Command Execution Vulnerability

IBM Security Guardium is a suite of platforms from IBM in the United States that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. A remote command execution vulnerability exists in IBM Security Guardi...

[ASA-202105-16] websvn: arbitrary command execution

Arch Linux Security Advisory ASA-202105-16 ========================================== Severity: High Date : 2021-05-25 CVE-ID : CVE-2021-32305 Package : websvn Type : arbitrary command execution Remote : Yes Link : https://security.archlinux.org/AVG-1969 Summary ======= The package websvn before...

Cisco DNA Spaces OS Command Injection Vulnerability (CNVD-2021-37122)

Cisco DNA Spaces is a set of indoor location services platform of the United States Cisco Cisco. An operating system command injection vulnerability exists in Cisco DNA Spaces Connector versions prior to 2.3.1, which can be exploited by an attacker to execute arbitrary operating system commands o...

CVE-2021-1487

A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Evolved Programmable Network EPN Manager could allow an authenticated, remote attacker to execute arbitrary commands on an affected system. The vulnerability is due to insufficient validation of user-supplied...

CVE-2021-1531

A vulnerability in the web UI of Cisco Modeling Labs could allow an authenticated, remote attacker to execute arbitrary commands with the privileges of the web application on the underlying operating system of an affected Cisco Modeling Labs server. This vulnerability is due to insufficient...

AMD Secure Encrypted Virtualization Command Injection Vulnerability

AMD Secure Encrypted Virtualization is a software application from AMD USA. Hardware-accelerated memory encryption to protect data in use. AMD Secure Encrypted Virtualization suffers from a command injection vulnerability that can be exploited by an attacker to execute arbitrary commands...

Low: ruby20

Issue Overview: RDoc before version 6.3.1 used to call Kernelopen to open a local file. If a Ruby project has a file whose name starts with "|" and ends with "tags", the command following the pipe character is executed. A malicious Ruby project could exploit it to run an arbitrary command executi...

Low: ruby24

Issue Overview: RDoc before version 6.3.1 used to call Kernelopen to open a local file. If a Ruby project has a file whose name starts with "|" and ends with "tags", the command following the pipe character is executed. A malicious Ruby project could exploit it to run an arbitrary command executi...

Cisco DNA Spaces Connector 操作系统命令注入漏洞

Cisco DNA Spaces is a set of indoor location services platform of the United States Cisco Cisco. An operating system command injection vulnerability exists in Cisco DNA Spaces Connector versions prior to 2.3.1, which can be exploited by an attacker to execute arbitrary operating system commands o...

Cisco DNA Spaces Connector 操作系统命令注入漏洞

Cisco DNA Spaces is a set of indoor location services platform of the United States Cisco Cisco. An operating system command injection vulnerability exists in Cisco DNA Spaces Connector versions prior to 2.0.519, which stems from improper input validation. An attacker could exploit this...

File Upload Vulnerability in PHPOK of Shenzhen Kunshuo Technology Co., Ltd (CNVD-2021-39278)

PHPOK is a website building content management system to achieve customized open source free website building cms system. PHPOK has a file upload vulnerability that can be exploited by attackers to execute arbitrary commands...

The vulnerability in the vManage web interface of the software-defined Cisco SD-WAN network allows a attacker to execute arbitrary commands or cause service interruptions.

The vulnerability of the vManage web interface of the Cisco SD-WAN software-defined network is related to the implementation or modification of arguments. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands or cause service failures...

AMD Secure Encrypted Virtualization 命令注入漏洞

AMD Secure Encrypted Virtualization is a software application from AMD USA. Hardware-accelerated memory encryption to protect data in use. AMD Secure Encrypted Virtualization suffers from a command injection vulnerability that can be exploited by an attacker to execute arbitrary commands...

GHSA-XFXF-QW26-HR33 Arbitrary command execution in roar-pidusage

This affects all current versions of package roar-pidusage. If attacker-controlled user input is given to the stat function of this package on certain operating systems, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without inpu...

Arbitrary command execution in roar-pidusage

This affects all current versions of package roar-pidusage. If attacker-controlled user input is given to the stat function of this package on certain operating systems, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without inpu...

CVE-2020-28026

Exim 4 before 4.94.2 contains a vulnerability (CVE-2020-28026) described as Improper Neutralization of Line Delimiters in DSN contexts. In non-default configurations using DSN, ORCPT= can insert a newline into a spool header file, enabling unauthenticated remote attackers to execute arbitrary com...

CVE-2020-28008

Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the spool directory owned by a non-root user, an attacker can write to a /var/spool/exim4/input spool header file, in which a crafted recipient address can indirectly lead to command execution...

RDoc -- command injection vulnerability

Alexandr Savca reports: RDoc used to call Kernelopen to open a local file. If a Ruby project has a file whose name starts with | and ends with tags, the command following the pipe character is executed. A malicious Ruby project could exploit it to run an arbitrary command execution against a user...