adb-driver injection vulnerability

adb-driver is a universal Android USB driver. An injection vulnerability exists in adb-driver. The vulnerability can be exploited to execute arbitrary commands with the help of the 'command' parameter...

The vulnerability of the command-line interface of the Cisco FXOS operating system, allowing a hacker to execute arbitrary commands

The vulnerability of the Cisco FXOS operating system’s command-line interface relates to the lack of measures taken to neutralize special elements used in operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands with root privileges...

XAMPP Arbitrary Command Execution Vulnerability

XAMPP is a free open source cross-platform Web server solution stack package developed by Apache Friends. An arbitrary command execution vulnerability exists in XAMPP. An attacker can exploit this vulnerability by changing the .exe configuration in xampp-contol.ini for all users including...

CVE-2020-7624

effect through 1.0.4 is vulnerable to Command Injection. It allows execution of arbitrary command via the options argument...

Command injection

effect through 1.0.4 is vulnerable to Command Injection. It allows execution of arbitrary command via the options argument...

CVE-2020-7624

effect through 1.0.4 is vulnerable to Command Injection. It allows execution of arbitrary command via the options argument...

CVE-2020-7623

jscover through 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary command via the source argument...

CVE-2020-11107

An issue was discovered in XAMPP before 7.2.29, 7.3.x before 7.3.16 , and 7.4.x before 7.4.4 on Windows. An unprivileged user can change a .exe configuration in xampp-contol.ini for all users including admins to enable arbitrary command execution...

Command injection

An issue was discovered in XAMPP before 7.2.29, 7.3.x before 7.3.16 , and 7.4.x before 7.4.4 on Windows. An unprivileged user can change a .exe configuration in xampp-contol.ini for all users including admins to enable arbitrary command execution...

CVE-2020-11107

An issue was discovered in XAMPP before 7.2.29, 7.3.x before 7.3.16 , and 7.4.x before 7.4.4 on Windows. An unprivileged user can change a .exe configuration in xampp-contol.ini for all users including admins to enable arbitrary command execution...

Command Injection Vulnerability in Multiple NETGEAR Products (CNVD-2020-35517)

NETGEAR WC7500 and others are a wireless LAN controller from NETGEAR. An injection vulnerability exists in the requesthandler.php file in several NETGEAR products. A remote attacker can exploit this vulnerability by sending a specially crafted request to execute arbitrary commands...

EulerOS Virtualization for ARM 64 3.0.6.0 : git (EulerOS-SA-2020-1361)

According to the versions of the git packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before...

Command Injection

Overview op-browser is a module that open browser window and set proxy. Affected versions of this package are vulnerable to Command Injection. The url parameter can be controlled by users without any sanitization. PoC var root = require"op-browser"; root.open'chrome','& touch Song','',''; Details...

Huawei EulerOS: Security Advisory for git (EulerOS-SA-2020-1361)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Input validation

X-Plane before 11.41 has multiple improper path validations that could allow reading and writing files from/to arbitrary paths or a leak of OS credentials to a remote system via crafted network packets. This could be used to execute arbitrary commands on the system...

CVE-2019-19606

X-Plane prior to 11.41 contains an OS command injection due to multiple improper path validations. A crafted network packet could cause reading/writing files to arbitrary paths and potentially leak credentials, enabling execution of arbitrary commands. Affected: X-Plane 11.x

CVE-2020-5858

On BIG-IP 15.0.0-15.0.1.2, 14.1.0-14.1.2.2, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1 and BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, users with non-administrator roles for example, Guest or Resource Administrator with tmsh shell access can execute arbitrary commands with elevated...

CVE-2020-6811

The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as Curl' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command...

CVE-2020-6811

The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as Curl' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command...

Command injection

The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as Curl' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command...