CVE-2020-2261

Jenkins Perfecto Plugin 1.17 and earlier executes a command on the Jenkins controller, allowing attackers with Job/Configure permission to run arbitrary commands on the Jenkins controller...

Command Injection in wizard-syncronizer

All versions of wizard-syncronizer are vulnerable to Command Injection. The package does not validate input on the cloneAndSync function and concatenates it to an exec call. This can be abused through a malicious widget containing the payload in the gitURL value or through a MITM attack since the...

CVE-2020-10050

SIMATIC RTLS Locating Manager (Siemens) versions prior to 2.10.2 are affected by CVE-2020-10050. The vulnerability arises from the directory of service executables, enabling a local attacker to include arbitrary commands that execute with SYSTEM privileges on system restart. Impact is local privi...

Siemens SIMATIC RTLS Locating Manager Elevation of Privilege Vulnerability (CNVD-2020-51249)

SIMATIC RTLS is a real-time wireless positioning system for locating solutions.Siemens SIMATIC RTLS Locating Manager is used for the configuration, operation and maintenance of SIMATIC RTLS installations. An elevation of privilege vulnerability exists in Siemens SIMATIC RTLS Locating Manager. An...

Siemens SIMATIC RTLS Locating Manager Elevation of Privilege Vulnerability

SIMATIC RTLS is a real-time wireless positioning system for locating solutions.Siemens SIMATIC RTLS Locating Manager is used for the configuration, operation and maintenance of SIMATIC RTLS installations. An elevation of privilege vulnerability exists in Siemens SIMATIC RTLS Locating Manager. An...

CVE-2020-24986

Concrete5 (CMS) up to and including 8.5.2 is vulnerable to an Unrestricted Upload of a dangerous file type (e.g., .php) via the File Manager, enabling execution of arbitrary commands. Affected: Concrete5 8.5.2 and earlier. Root cause: file-type upload not sufficiently restricted. Impact: potentia...

CVE-2020-3451

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 Series Routers could allow an authenticated, remote attacker with administrative credentials to execute arbitrary commands on the underlying operating system OS as a restricted user. For more information...

D-Link DCS-2530L and DCS-2670L Command Injection Vulnerability

The DCS-2530L and DCS-2670L are Full HD 180-degree Wi-Fi cameras from D-Link. A command injection vulnerability exists in cgi-bin/ddnsenc.cgi in the D-Link DCS-2530L and DCS-2670L. The vulnerability stems from a network system or product not properly filtering specific elements of externally...

CVE-2020-24364

MineTime through 1.8.5 allows arbitrary command execution via the notes field in a meeting. Could lead to RCE via meeting invite...

CVE-2020-24364

MineTime through 1.8.5 allows arbitrary command execution via the notes field in a meeting. Could lead to RCE via meeting invite...

CVE-2020-24364

MineTime (version 1.8.5 and earlier) is affected by CVE-2020-24364. The vulnerability allows arbitrary command execution via the notes field in a meeting invitation, potentially leading to remote code execution. The CVSS metrics indicate a high-severity impact (CVSSv3.1 HR, network attack vector,...

CVE-2020-24054

The CVE-2020-24054 issue affects Moog EXO Series EXVF5C-2 and EXVP7C2-3 administration consoles. The vulnerability arises from a privileged “statusbroadcast” feature that can spawn a specified binary repeatedly at set intervals as root. Although the feature accepts only a binary path without argu...

CVE-2020-7710

This affects all versions of package safe-eval. It is possible for an attacker to run an arbitrary command on the host machine...

CVE-2020-7710 Sandbox Escape

This affects all versions of package safe-eval. It is possible for an attacker to run an arbitrary command on the host machine...

CVE-2020-13826

A CSV injection aka Excel Macro Injection or Formula Injection issue in i-doit 1.14.2 allows an attacker to execute arbitrary commands via a Title parameter that is mishandled in a CSV export...

Design/Logic Flaw

In Nim 1.2.4, the standard library browsers mishandles the URL argument to browsers.openDefaultBrowser. This argument can be a local file path that will be opened in the default explorer. An attacker can pass one argument to the underlying open command to execute arbitrary registered system...

Arbitrary Command Execution

spamassassin is vulnerable to command execution. The vulnerability exists as crafted nefarious Configuration .cf files can be configured to run system commands similar to CVE-2018-11805...

Nagios XI Arbitrary Command Execution Vulnerability (CNVD-2020-64267)

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems and more. An arbitrary command execution vulnerability exists in the ajaxhelper.php file in Nagios XI versions prior ...

Grandstream GWN7000 Arbitrary OS Command Execution Vulnerability

The Grandstream GWN7000 is an enterprise-class multi-WAN Gigabit VPN router. An arbitrary OS command execution vulnerability exists in the Grandstream GWN7000 version 1.0.9.4 and earlier. The vulnerability stems from the fact that the product allows an authenticated remote user to modify the...

The vulnerability of the command-line interface (CLI) of the vManage web interface for programmatically defined Cisco SD-WAN networks allows a malicious actor to execute arbitrary commands with root privileges.

The vulnerability of the command-line interface CLI of the vManage web interface for the Cisco SD-WAN network is due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to execute arbitrary commands with root privileges...