The vulnerability of Zyxel Ethernet switches with microprogrammed software in the ATP, USG FLEX, and USG FLEX 50(W)/USG20(W)-VPN series lies in the lack of measures to neutralize special elements used in the operating commands. This allows attackers to execute arbitrary commands.

The vulnerability of Zyxel Ethernet switches with microprogrammed software in the ATP, USG FLEX, and USG FLEX 50W/USG20W-VPN series is related to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker...

CVE-2024-5181 Command Injection in mudler/localai

A command injection vulnerability exists in the mudler/localai version 2.14.0. The vulnerability arises from the application's handling of the backend parameter in the configuration file, which is used in the name of the initialized process. An attacker can exploit this vulnerability by...

CVE-2024-0520

A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command 'Command Injection' within the mlflow.data.httpdatasetsource.py module. Specifically, when loading a dataset from a source URL with an HTTP...

CVE-2024-2359

The CVE concerns parisneo/lollms-webui v9.3. An OS command injection stems from improper neutralization, enabling remote code execution. Affected component: the host/config handling in the runtime; attacker-controlled host via the /update_setting endpoint bypasses the intended protection on /exec...

CVE-2024-1601 SQL Injection in parisneo/lollms-webui

An SQL injection vulnerability exists in the deletediscussion function of the parisneo/lollms-webui application, allowing an attacker to delete all discussions and message data. The vulnerability is exploitable via a crafted HTTP POST request to the /deletediscussion endpoint, which internally...

The vulnerability of the setAction function (/itbox_pi/networksafe.php?a=set) in the Ruijie RG-EG series of router microprogramming software allows a attacker to execute arbitrary commands.

The vulnerability of the setAction function /itbox.pi.networksafe.php?a=set in the Ruijie RG-EG series of router microprogramming systems is related to the failure to take measures to neutralize special elements used in operating system commands. Exploiting this vulnerability allows a remote...

PT-2023-9518 · Openlink +4 · Openlink Virtuoso-Opensource +4

Name of the Vulnerable Software and Affected Versions: openlink virtuoso-opensource version 7.2.9 Description: The issue is related to the IO default xsputn component and involves improper neutralization of special elements used in SQL commands. This can be exploited by a remote attacker to cause...

The vulnerability of the Cisco IOx software platform arises from the failure to take measures to neutralize special elements used in the operating system’s command set. This allows attackers to execute arbitrary commands on the operating system with root privileges.

The vulnerability of the Cisco IOx software platform exists due to the lack of measures taken to neutralize special elements used in the operating system’s commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands in the operating system with root privileges...

GitHub Enterprise Server 参数注入漏洞

GitHub Enterprise Server is a U.S. GitHub open source application. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server versions prior to 3.7.1, which...

Protect

An improper neutralization of special elements used in an os command CWE-78 vulnerability in FortiOS may allow an authenticated attacker to execute privileged commands on a linked FortiSwitch via diagnostic CLI commands...

PT-2022-7694 · Drawio +1 · Drawio +1

Name of the Vulnerable Software and Affected Versions: drawio versions prior to 20.3.0 Description: The issue is related to the incorrect neutralization of special elements used in an OS command, which can allow a remote attacker to execute arbitrary commands. Recommendations: For versions prior ...

The vulnerability of the software responsible for creating, monitoring, and orchestrating data processing scripts in Airflow lies in the failure to take measures to neutralize special elements used in the OS commands. This allows a malicious actor to execute arbitrary commands with superuser privileges.

The vulnerability of the software used for creating, monitoring, and orchestrating data processing scripts in Airflow is related to the lack of measures taken to neutralize special elements used in the OS commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary comman...

CVE-2021-21595

Dell EMC PowerScale OneFS versions 8.2.x - 9.1.1.x contain an improper neutralization of special elements used in an OS command. This vulnerability could allow the compadmin user to elevate privileges. This only impacts Smartlock WORM compliance mode clusters as a critical vulnerability and Dell...

CVE-2021-24015

An improper neutralization of special elements used in an OS Command vulnerability in the administrative interface of FortiMail before 6.4.4 may allow an authenticated attacker to execute unauthorized commands via specifically crafted HTTP requests...

PT-2021-3340 · 3S Smart Software Solutions · Codesys V2 Runtime System

Name of the Vulnerable Software and Affected Versions: CODESYS V2 runtime system SP versions prior to 2.4.7.55 Description: The issue arises from the improper neutralization of special elements used in an OS command, potentially allowing an attacker to impact the confidentiality, integrity, and...

The vulnerability of Cisco Remote PHY device’s software lies in the lack of measures taken to neutralize special elements used in the operating system commands. This allows attackers to execute arbitrary commands in the Linux shell with root privileges.

The vulnerability of Cisco Remote PHY device software relates to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows an attacker to execute arbitrary commands in the Linux shell with root privileges...

The vulnerability of the External Port component of the TP-Link M7350 microprogramming system’s route blocker lies in its lack of measures to neutralize special elements used in the operating system commands. This allows a hacker to execute arbitrary commands.

The vulnerability of the External Port component of the TP-Link M7350 microprogramming system controller exists due to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary...