Apache Airflow Operating System Command Injection Vulnerability

Apache Airflow is an open source platform for creating, managing and monitoring workflows. Apache Airflow suffers from an operating system command injection vulnerability that allows remote attackers to exploit the vulnerability to submit a specially crafted malicious load to execute arbitrary...

Advantech WebAccess/SCADA has a Logic Flaw Vulnerability

Advantech WebAccess/SCADA is a suite of SCADA software based on a browser architecture. A logic flaw vulnerability exists in Advantech WebAccess/SCADA. The vulnerability can be exploited to gain access to modify the registry of a user's system and execute arbitrary commands on the user's system...

EthereumJ Code Issues

EthereumJ is a Java language implementation of the Ethernet protocol. A code issue vulnerability exists in the crypto/ECKey.java file's decoder.readObject and the mine/Ethash.java file's ois.readObject in EthereumJ version 1.8.2. An attacker could exploit this vulnerability to execute arbitrary...

CVE-2020-9413

The MFT Browser file transfer client and MFT Browser admin client components of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center and TIBCO Managed File Transfer Internet Server contain a vulnerability that theoretically allows an attacker to craft an URL that will execute arbitrar...

CVE-2020-9413

CVE-2020-9413 affects TIBCO Managed File Transfer Command Center (CC) and Internet Server (IS) up to version 8.2.1 and earlier. The vulnerability resides in the MFT Browser file transfer and MFT Browser admin client components, allowing an attacker to craft a URL that, when visited by an authenti...

CVE-2020-5601

Chrome Extension for e-Tax Reception System Ver1.0.0.0 allows remote attackers to execute an arbitrary command via unspecified vectors...

Chrome Extension for e-Tax Reception System vulnerable to arbitrary command execution

Overview Chrome Extension for e-Tax Reception System provided by National Tax Agency is an extension to use the e-Tax Reception System on Google Chrome and/or Chromium-based versions of Microsoft Edge. When a user runs a Chrome Extension for e-Tax Reception System, a specially crafted parameter b...

JVN#40039627: Chrome Extension for e-Tax Reception System vulnerable to arbitrary command execution

Chrome Extension for e-Tax Reception System provided by National Tax Agency is an extension to use the e-Tax Reception System on Google Chrome and/or Chromium-based versions of Microsoft Edge. When a user runs a Chrome Extension for e-Tax Reception System, a specially crafted parameter by an...

CVE-2020-14950

CVE-2020-14950 affects aaPanel (up to version 6.6.6 and earlier). The vulnerability allows remote authenticated users to execute arbitrary commands via shell metacharacters in a modified /system?action=ServiceAdmin request under the Software Store settings menu. Root cause: insufficient validatio...

aaPanel Remote Code Execution Vulnerability

aaPanel is a simple but powerful control panel for Linux servers. A remote code execution vulnerability exists in aaPanel 6.6.6 and earlier versions. A remote attacker can exploit this vulnerability to execute arbitrary commands via the Script Content box on the Add Cron Job interface...

Artica Pandora FMS Injection Vulnerability

Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. An injection vulnerability exists in the Events feature in Artica Pandora FMS version 7.44. An attacker can exploit this...

Palo Alto Networks PAN-OS Operating System Command Injection Vulnerability (CNVD-2021-22180)

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks for its firewall appliances. An operating system command injection vulnerability exists in the web management interface in Palo Alto Networks PAN-OS version 8.0 all versions, version 7.1 prior to 7.1.26, and version...

CVE-2020-9412 TIBCO Managed File Transfer Platform Server for IBM i Arbitrary Command Execution

The file transfer component of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i contains a vulnerability that theoretically allows execution of arbitrary commands at the privilege level of the affected system following a failed file transfer. Affected releases are TIBCO...

CloudBees Jenkins Play Framework Plugin OS Command Injection Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Play Framework Plugin is used in one of the...

CVE-2020-3210

A vulnerability in the CLI parsers of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers Industrial ISRs and Cisco 1000 Series Connected Grid Routers CGR1000 could allow an authenticated, local attacker to execute arbitrary shell commands on the Virtual Device Server...

CVE-2020-4180

IBM Security Guardium 11.1 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 174735...

Design/Logic Flaw

node-dns-sync npm module dns-sync through 0.2.0 allows execution of arbitrary commands . This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This has been fixed in 0.2.1...

UBUNTU-CVE-2019-20807

In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces e.g., Python, Ruby, or Lua...

CVE-2020-12393

The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command...

CVE-2020-12393

The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command...