Exploit for OS Command Injection in Gnu Bash

HackTheBox: Shocker Writeup A structured and professional walk...

CVE-2021-47903

LiteSpeed Web Server Enterprise version 5.4.11 has an authenticated command injection vulnerability in the external app configuration interface. A user with administrative privileges can inject shell commands via the Command parameter, enabling remote code execution through path traversal and bas...

CVE-2021-47903 LiteSpeed Web Server Enterprise 5.4.11 - Command Injection

LiteSpeed Web Server Enterprise 5.4.11 contains an authenticated command injection vulnerability in the external app configuration interface. Authenticated administrators can inject shell commands through the 'Command' parameter in the server configuration, allowing remote code execution via path...

CVE-2021-47903

LiteSpeed Web Server Enterprise 5.4.11 contains an authenticated command injection vulnerability in the external app configuration interface. Authenticated administrators can inject shell commands through the 'Command' parameter in the server configuration, allowing remote code execution via path...

PT-2026-4516

Name of the Vulnerable Software and Affected Versions LiteSpeed Web Server Enterprise version 5.4.11 Description LiteSpeed Web Server Enterprise version 5.4.11 has an issue where a user with administrative privileges can inject commands into the system. This occurs through the 'Command' parameter...

EUVD-2024-55337

FreePBX 16 contains an authenticated remote code execution vulnerability in the API module that allows attackers with valid session credentials to execute arbitrary commands. Attackers can exploit the 'generatedocs' endpoint by crafting malicious POST requests with bash command injection to...

CVE-2024-58294

FreePBX 16 contains an authenticated remote code execution vulnerability in the API module that allows attackers with valid session credentials to execute arbitrary commands. Attackers can exploit the 'generatedocs' endpoint by crafting malicious POST requests with bash command injection to...

CVE-2024-58294 FreePBX 16 Authenticated Remote Code Execution via API Module

FreePBX 16 contains an authenticated remote code execution vulnerability in the API module that allows attackers with valid session credentials to execute arbitrary commands. Attackers can exploit the 'generatedocs' endpoint by crafting malicious POST requests with bash command injection to...

EUVD-2021-24593

Malware in sbrugna...

EUVD-2020-20051

Malware in sbrugna...

PT-2025-33340 · Unknown +2 · Homeassistant-Tapo-Control +3

Name of the Vulnerable Software and Affected Versions: HomeAssistant-Tapo-Control versions prior to commit 2a3b80f Description: HomeAssistant-Tapo-Control, a component offering control for Tapo cameras within Home Assistant, contained a code injection vulnerability in the GitHub Actions workflow...

CVE-2021-38120

A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper handling in provided command parameters. This issue affects NetIQ Advance Authentication version before 6.3.5.1...

NetIQ Advanced Authentication Command Execution Vulnerability

NetIQ Advanced Authentication is an application from NetIQ UK. It provides a more secure way to protect your sensitive information by moving away from usernames and passwords. A command execution vulnerability exists in NetIQ Advanced Authentication versions prior to 6.3.5.1, which can be exploit...

CVE-2021-38120

A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper handling in provided command parameters. This issue affects NetIQ Advance Authentication version before 6.3.5.1...

CVE-2021-38120 Remote Code Execution using Bash command Injection in backup scheduling functionality in NetIQ Advance Authentication

A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper handling in provided command parameters. This issue affects NetIQ Advance Authentication version before 6.3.5.1...

CVE-2021-38120 Remote Code Execution using Bash command Injection in backup scheduling functionality in NetIQ Advance Authentication

A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper handling in provided command parameters. This issue affects NetIQ Advance Authentication version before 6.3.5.1...

PT-2024-10988 · Netiq · Netiq Advance Authentication

Name of the Vulnerable Software and Affected Versions: NetIQ Advance Authentication versions prior to 6.3.5.1 Description: A vulnerability identified in Advance Authentication allows bash command injection in administrative controlled functionality of backup due to improper handling in provided...

CVE-2019-10095 bash command injection in spark interpreter

bash command injection vulnerability in Apache Zeppelin allows an attacker to inject system commands into Spark interpreter settings. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions...

PT-2021-8864 · Apache · Apache Zeppelin

Name of the Vulnerable Software and Affected Versions: Apache Zeppelin versions 0.9.0 and prior versions Description: A bash command injection issue in Apache Zeppelin allows an attacker to inject system commands into Spark interpreter settings. Recommendations: For Apache Zeppelin versions 0.9.0...

CVE-2020-27542

Rostelecom CS-C2SHW 5.0.082.1 is affected by: Bash command injection. The camera reads configuration from QR code including network settings. The static IP configuration from QR code is copied to the file /config/ip-static and after reboot data from this file is inserted into bash command without...