CVE-2021-42561

An issue was discovered in CALDERA 2.8.1. When activated, the Human plugin passes the unsanitized name parameter to a python "os.system" function. This allows attackers to use shell metacharacters e.g., backticks "" or dollar parenthesis "$" in order to escape the current command and execute...

CVE-2021-23154 Command injection in Lens causes arbitrary shell command execution when malicious custom helm chart configuration provided

In Lens prior to 5.3.4, custom helm chart configuration creates helm commands from string concatenation of provided arguments which are then executed in the user's shell. Arguments can be provided which cause arbitrary shell commands to run on the system...

IBM Spectrum Copy Data Management Input Validation Error Vulnerability

IBM Spectrum Copy Data Management, an IBM company that modernizes, streamlines and automates data center copy management processes, has a security vulnerability that stems from the fact that the Spectrum Copy Data Management management console login and upload credentials function incorrectly...

CVE-2021-26614

iusget.cgi in IpTime C200 camera allows remote code execution. A remote attacker may send a crafted parameters to the exposed vulnerable web service interface which invokes the arbitrary shell command...

Remote code execution

iusget.cgi in IpTime C200 camera allows remote code execution. A remote attacker may send a crafted parameters to the exposed vulnerable web service interface which invokes the arbitrary shell command...

CVE-2021-26614 IpTime C200 IP camera remote code execution vulnerability

iusget.cgi in IpTime C200 camera allows remote code execution. A remote attacker may send a crafted parameters to the exposed vulnerable web service interface which invokes the arbitrary shell command...

Efm Networks IpTime C200 Camera 安全漏洞

The Efm Networks IpTime C200 Camera is a webcam from the Korean company Efm Networks. The Efm Networks IpTime C200 Camera suffers from a security vulnerability that allows a remote attacker to send crafted parameters to an exposed web service interface that can invoke arbitrary shell commands...

The vulnerability of the microprogrammed Wi-Fi router NETGEAR R6020 allows a intruder to execute arbitrary shell commands.

The vulnerability of the Wi-Fi router software of NETGEAR R6020 is related to the lack of measures to clean incoming data containing metasymbols. Exploiting this vulnerability can allow a remote attacker to execute arbitrary shell commands...

CVE-2021-42372

A shell command injection in the HW Events SNMP community in XoruX LPAR2RRD and STOR2RRD before 7.30 allows authenticated remote attackers to execute arbitrary shell commands as the user running the service...

LPAR2RRD 操作系统命令注入漏洞

Xorux LPAR2RRD is a server monitoring tool from the Czech company Xorux. A security vulnerability in the HW Events SNMP community in XoruX LPAR2RRD and STOR2RRD versions prior to 7.30 can be exploited by an attacker to execute arbitrary shell commands while a user is running a service...

CVE-2021-31357

A command injection vulnerability in tcpdump command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be able to bypass configured access protections to execute arbitrary shell commands within the context of the current user. The vulnerability...

Command injection

A command injection vulnerability in tcpdump command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be able to bypass configured access protections to execute arbitrary shell commands within the context of the current user. The vulnerability...

FortiManager, FortiAnalyzer and FortiPortal - Multiple OS command injection vulnerabilities

Multiple OS command injection CWE-78 vulnerabilities in the command line interface of FortiManager, FortiAnalyzer, and FortiPortal may allow a local authenticated and unprivileged user to execute arbitrary shell commands as root via specifically crafted CLI command parameters...

CVE-2020-5322

Dell EMC OpenManage Enterprise-Modular OME-M versions prior to 1.10.00 contain a command injection vulnerability. A remote authenticated malicious user with high privileges could potentially exploit the vulnerability to execute arbitrary shell commands on the affected system...

Command injection

Dell EMC OpenManage Enterprise-Modular OME-M versions prior to 1.10.00 contain a command injection vulnerability. A remote authenticated malicious user with high privileges could potentially exploit the vulnerability to execute arbitrary shell commands on the affected system...

CVE-2021-26471

In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1, the http API located at /sgwebserviceo.php accepts a command argument. Using this command argument an unauthenticated attacker can execute arbitrary shell commands...

CVE-2021-32090

The dashboard component of StackLift LocalStack 0.12.6 allows attackers to inject arbitrary shell commands via the functionName parameter...

Command injection

The dashboard component of StackLift LocalStack 0.12.6 allows attackers to inject arbitrary shell commands via the functionName parameter...

PYSEC-2021-101

The dashboard component of StackLift LocalStack 0.12.6 allows attackers to inject arbitrary shell commands via the functionName parameter...

CVE-2021-32090

The dashboard component of StackLift LocalStack 0.12.6 allows attackers to inject arbitrary shell commands via the functionName parameter...