OS Command Injection

sbt is vulnerable to OS Command Injection. The vulnerability is due to the lack of validation of the URI fragment, where a malicious fragment can execute arbitrary commands because cmd /c interprets &, |, and ; as command separators...

The vulnerability of the device management platform for heating, ventilation, and air conditioning systems, lighting, and energy consumption control within the Niagara Framework, along with the Niagara Enterprise Security tools for access control and security, can be exploited due to improper handling of argument separators in commands. This allows attackers to trigger service failures.

The vulnerability of the device management platform for heating, ventilation, and air conditioning systems, lighting, and energy consumption control within the Niagara Framework, along with the access control and security measures, is related to improper elimination of argument separators in the...

os_commanding

This plugin will find OS commanding vulnerabilities. The detection is performed using two different techniques: Time delays Writing a known file to the HTML output With time delays, the plugin sends specially crafted requests that, if the vulnerability is present, will delay the response for 5...

PT-1996-1035 · Gnu · Bash

Name of the Vulnerable Software and Affected Versions: Bash affected versions not specified Description: The issue concerns how Bash handles characters with a value of 255, treating them as command separators. Recommendations: At the moment, there is no information about a newer version that...