PT-2023-24683 · Unknown · Taosdata/Grafanaplugin

Name of the Vulnerable Software and Affected Versions: taosdata/grafanaplugin affected versions not specified Description: The issue concerns a command injection vulnerability in the Release PR Merged workflow. This vulnerability allows for arbitrary code execution within the GitHub action contex...

Internet Bug Bounty: CVE-2022-38362: Apache Airflow Docker Provider <3.0 RCE vulnerability in example dag

Apache Airflow Docker's Provider shipped with an example DAG that was vulnerable to authenticated remote code exploit of code on the Airflow worker host. Vulnerability summary: In DAG script of airflow 2.3.3, there is a command injection vulnerability RCE in the script exampledockercopydata.py of...

Exploit for Missing Authentication for Critical Function in F5 Big-Ip_Access_Policy_Manager

Nuclei Template Exploit F5 BIG-IP iControl REST Auth Bypass RC...

CVE-2022-24552

A flaw was found in the REST API in StarWind Stack. REST command, which manipulates a virtual disk, doesn’t check input parameters. Some of them go directly to bash as part of a script. An attacker with non-root user access can inject arbitrary data into the command that will be executed with roo...

Command injection

An issue was discovered in OpenGamePanel OGP-Agent-Linux through 2021-08-14. An authenticated attacker could inject OS commands by starting a Counter-Strike server and using the map field to enter a Bash command...

CVE-2021-37158

An issue was discovered in OpenGamePanel OGP-Agent-Linux through 2021-08-14. An authenticated attacker could inject OS commands by starting a Counter-Strike server and using the map field to enter a Bash command...

CVE-2019-10095 bash command injection in spark interpreter

bash command injection vulnerability in Apache Zeppelin allows an attacker to inject system commands into Spark interpreter settings. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions...

PT-2021-8864 · Apache · Apache Zeppelin

Name of the Vulnerable Software and Affected Versions: Apache Zeppelin versions 0.9.0 and prior versions Description: A bash command injection issue in Apache Zeppelin allows an attacker to inject system commands into Spark interpreter settings. Recommendations: For Apache Zeppelin versions 0.9.0...

CVE-2020-27542

Rostelecom CS-C2SHW 5.0.082.1 is affected by: Bash command injection. The camera reads configuration from QR code including network settings. The static IP configuration from QR code is copied to the file /config/ip-static and after reboot data from this file is inserted into bash command without...

Command injection

Rostelecom CS-C2SHW 5.0.082.1 is affected by: Bash command injection. The camera reads configuration from QR code including network settings. The static IP configuration from QR code is copied to the file /config/ip-static and after reboot data from this file is inserted into bash command without...

CVE-2020-27542

Rostelecom CS-C2SHW 5.0.082.1 is affected by: Bash command injection. The camera reads configuration from QR code including network settings. The static IP configuration from QR code is copied to the file /config/ip-static and after reboot data from this file is inserted into bash command without...

CVE-2020-27542

CVE-2020-27542 affects Rostelecom CS-C2SHW 5.0.082.1. The camera reads configuration from a QR code (including network settings). The static IP config is written to /config/ip-static and, after reboot, its contents are inserted into a bash command without escaping, enabling a Bash command injecti...

Valve: Shell command injection in https://partner.steamgames.com/admin/game/publish/ via screenshot URL

Shell command injection in https://partner.steamgames.com/admin/game/publish/ via screenshot URL The vulnerability allowed insufficient validation of parameters, which permitted the injection of shell metacharacters into values used to construct a Bash command...

Valve: Shell command injection in https://partner.steamgames.com/bundles/savestore/ via overwriting asset_path_identifier

Shell command injection in https://partner.steamgames.com/bundles/savestore/ via overwriting assetpathidentifier. Insufficient validation of parameters allowed injecting shell metacharacters into values used to construct a Bash command...

Centreo 19.10.8 - DisplayServiceStatus Remote Code Execution

Centreo 19.10.8 - DisplayServiceStatus Remote Code Execution Exploit Title: Centreo 19.10.8 - 'DisplayServiceStatus' Remote Code Execution Date: 2020-03-25 Exploit Author: Engin Demirbilek Vendor Homepage: https://www.centreon.com/ Version: 19.10.8 Tested on: CentOS Advisory link:...

Design/Logic Flaw

A denial of service issue in HTTPD was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker without authorization can upload a file to upload.php with a filename longer than 256 bytes. This will be placed in the updownload area. It will not be deleted, because...

CVE-2017-6900

An issue was discovered in Riello NetMan 204 14-2 and 15-2. The issue is with the login script and wrongpass Python script used for authentication. When calling wrongpass, the variables $VAL0 and $VAL1 should be enclosed in quotes to prevent the potential for Bash command injection. Further to...

CVE-2019-1730

A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to bypass the limited command set of the restricted Guest Shell and execute commands at the privilege level of a network-admin user outside of the Guest Shell. The attacker must...

Infoblox NetMRI Administration Shell Escape and Privilege Escalation

Vulnerability Details Affected Vendor: Infoblox Affected Product: NetMRI Affected Version: 7.1.2 - 7.1.4 Platform: Embedded Linux CWE Classification: CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection', CWE-272: Least Privilege Violation Impact: Root...

Witbe Remote Code Execution

!/usr/bin/python Exploit Title: Witbe RCE Remote Code Execution Exploit Author: BeLmar Date: 05/10/2016 DEMO : https://youtu.be/ooUFXfUfIs0 Contact : [email protected] Vendor Homepage: http://www.witbe.net Tested on: Windows7/10 & BackBox Category: Remote Exploits import urllib import urllib2...