Command injection

A command injection vulnerability was discovered in Array Networks APV products. A remote attacker can send a crafted packet after logging into the affected appliance as an administrator, resulting in arbitrary shell code execution. This is fixed in 8.6.1.262 or newer and 10.4.2.93 or newer...

CVE-2023-28460

A command injection vulnerability was discovered in Array Networks APV products. A remote attacker can send a crafted packet after logging into the affected appliance as an administrator, resulting in arbitrary shell code execution. This is fixed in 8.6.1.262 or newer and 10.4.2.93 or newer...

CVE-2023-28460

A command injection vulnerability was discovered in Array Networks APV products. A remote attacker can send a crafted packet after logging into the affected appliance as an administrator, resulting in arbitrary shell code execution. This is fixed in 8.6.1.262 or newer and 10.4.2.93 or newer...

CVE-2023-28460

CVE-2023-28460 affects Array Networks APV products. A command injection vulnerability allows a remote attacker, after admin authentication, to send a crafted packet and achieve arbitrary shell code execution. Impact is described as high with network access and requires admin privileges. Remediati...

Debian: Security Advisory (DSA-2021-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-27635

debmany in debian-goodies 0.88.1 allows attackers to execute arbitrary shell commands because of an eval call via a crafted .deb file. The path is shown to the user before execution...

Debian debian-goodies 注入漏洞

debian Debian GUN/Linux is a Linux operating system from the Debian community in the United States. The system has faster and easier memory management, open source software support, good system security, and high stability. A security vulnerability exists in debian-goodies version 0.88.1, which...

Imperative CLI vulnerable to Command Injection

A vulnerability in Imperative framework which allows already-privileged local actors to execute arbitrary shell commands via plugin install/update commands, or maliciously formed environment variables. Impacts Zowe CLI...

CVE-2021-4326

A vulnerability in Imperative framework which allows already-privileged local actors to execute arbitrary shell commands via plugin install/update commands, or maliciously formed environment variables. Impacts Zowe CLI...

CVE-2021-4326

A vulnerability in Imperative framework which allows already-privileged local actors to execute arbitrary shell commands via plugin install/update commands, or maliciously formed environment variables. Impacts Zowe CLI...

CVE-2021-4326

A vulnerability in Imperative framework which allows already-privileged local actors to execute arbitrary shell commands via plugin install/update commands, or maliciously formed environment variables. Impacts Zowe CLI...

CVE-2021-4326

CVE-2021-4326 affects the Imperative framework used by Zowe CLI. Root cause: insecure usage of execSync and handling of environment variables enables a local, already-privileged actor to run arbitrary shell commands via plugin install/update commands or via maliciously formed environment variable...

Fortinet FortiADC Command Injection Vulnerability

Fortinet FortiADC is an application delivery controller from Fortinet, Inc. Fortinet FortiADC suffers from a command injection vulnerability, which stems from an improper neutralization of special elements used in os commands, that can be exploited by an attacker to execute arbitrary shell code a...

CVE-2022-30303

An improper neutralization of special elements used in an os command 'OS Command Injection' CWE-78 in FortiWeb 7.0.0 through 7.0.1, 6.3.0 through 6.3.19, 6.4 all versions may allow an authenticated attacker to execute arbitrary shell code as root user via crafted HTTP requests...

CVE-2022-27482

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiADC version 7.0.0 through 7.0.1, 6.2.0 through 6.2.2, 6.1.0 through 6.1.6, 6.0.x, 5.x.x allows attacker to execute arbitrary shell code as root via CLI commands...

Command injection

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiADC version 7.0.0 through 7.0.1, 6.2.0 through 6.2.2, 6.1.0 through 6.1.6, 6.0.x, 5.x.x allows attacker to execute arbitrary shell code as root via CLI commands...

Command injection

An improper neutralization of special elements used in an os command 'OS Command Injection' CWE-78 in FortiWeb 7.0.0 through 7.0.1, 6.3.0 through 6.3.19, 6.4 all versions may allow an authenticated attacker to execute arbitrary shell code as root user via crafted HTTP requests...

CVE-2022-27482

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiADC version 7.0.0 through 7.0.1, 6.2.0 through 6.2.2, 6.1.0 through 6.1.6, 6.0.x, 5.x.x allows attacker to execute arbitrary shell code as root via CLI commands...

CVE-2022-27482

Fortinet FortiADC is affected by CVE-2022-27482 due to improper neutralization of special elements in OS commands, enabling local attackers to run arbitrary shell code as root via CLI. Affected versions span 7.0.0–7.0.1, 6.2.0–6.2.2, 6.1.0–6.1.6, 6.0.x, and 5.x.x. The underlying issue is an OS co...

CVE-2022-30303

An improper neutralization of special elements used in an os command 'OS Command Injection' CWE-78 in FortiWeb 7.0.0 through 7.0.1, 6.3.0 through 6.3.19, 6.4 all versions may allow an authenticated attacker to execute arbitrary shell code as root user via crafted HTTP requests...