The vulnerability of the mySCADA myPRO industrial process visualization and control system lies in insufficient validation of the arguments transmitted in commands, allowing a hacker to execute arbitrary code in the operating system.

The vulnerability of the mySCADA myPRO industrial process visualization and control system is related to insufficient verification of the arguments sent in commands. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code in the operating system...

CVE-2023-0978

A command injection vulnerability in Trellix Intelligent Sandbox CLI for version 5.2 and earlier, allows a local user to inject and execute arbitrary operating system commands using specially crafted strings. This vulnerability is due to insufficient validation of arguments that are passed to...

SUSE CVE-2021-26321

Insufficient ID command validation in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP...

CVE-2022-40277

Joplin version 2.8.8 allows an external attacker to execute arbitrary commands remotely on any client that opens a link in a malicious markdown file, via Joplin. This is possible because the application does not properly validate the schema/protocol of existing links in the markdown file before...

Design/Logic Flaw

Joplin version 2.8.8 allows an external attacker to execute arbitrary commands remotely on any client that opens a link in a malicious markdown file, via Joplin. This is possible because the application does not properly validate the schema/protocol of existing links in the markdown file before...

CVE-2022-1357 Cambium Networks cnMaestro OS Command Injection

The affected On-Premise cnMaestro allows an unauthenticated attacker to access the cnMaestro server and execute arbitrary code in the privileges of the web server. This lack of validation could allow an attacker to append arbitrary data to the logger command...

The vulnerability in the web interface for managing microprogrammed software routers of Cisco Small Business RV340, RV340W, RV345, and R345P allows a hacker to execute arbitrary commands.

The vulnerability of the web-based management interface for Cisco Small Business RV340, RV340W, RV345, and R345P microprogramming devices is related to insufficient checking of arguments passed in commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands...

The vulnerability of the API of the Cisco Expressway Series and Cisco Telepresence VCS conference communication devices allows a hacker to re-record arbitrary files on the host operating system as the root user.

The vulnerability of the API of the Cisco Expressway Series and Cisco Telepresence VCS conference communication devices relates to insufficient validation of command arguments entered by users. Exploiting this vulnerability allows a malicious actor to re-write any files on the underlying operatin...

CVE-2021-26321

Insufficient ID command validation in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP...

CVE-2021-26321

Insufficient ID command validation in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP...

CVE-2021-26321

CVE-2021-26321 corresponds to an insufficient ID command validation in the AMD SEV Firmware that can allow a local authenticated attacker to cause a denial of service of the Platform Security Processor (PSP). The vulnerability affects AMD EPYC platforms (1st–3rd Gen) with SEV/ASP components; the ...

The vulnerability of the management tools for VMware vRealize Business for Cloud lies in insufficient validation of the commands passed to the system, allowing attackers to execute arbitrary commands.

The vulnerability of the management tools for VMware vRealize Business for Cloud relates to insufficient verification of the arguments passed in commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands on the target system remotely...

The vulnerability in the web interface for managing microprogrammed software on Cisco Small Business 100, 300, 500 Series Wireless Access Points allows a hacker to execute arbitrary commands.

The vulnerability of the web-based management interface for Cisco Small Business 100, 300, 500 Series Wireless Access Points relates to insufficient validation of commands sent to the system. Exploiting this vulnerability allows an attacker to execute arbitrary commands on the target system...

CVE-2021-1532 Cisco TelePresence Collaboration Endpoint and RoomOS Software Arbitrary File Read Vulnerability

A vulnerability in the video endpoint API xAPI of Cisco TelePresence Collaboration Endpoint CE Software and Cisco RoomOS Software could allow an authenticated, remote attacker to read arbitrary files from the underlying operating system. This vulnerability is due to insufficient path validation o...

CVE-2021-1434

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying file system. This vulnerability is due to insufficient validation of the parameters of a specific CLI command. An attacker could exploit this...

Improper access control

Improper access and command validation in the Nagios Docker Config Wizard before 1.1.2, as used in Nagios XI through 5.7, allows an unauthenticated attacker to execute remote code as the apache user...

CVE-2021-3193

CVE-2021-3193 affects the Nagios Docker Config Wizard (before 1.1.2) as used in Nagios XI up to v5.7. The issue is improper access and command validation, allowing an unauthenticated attacker to execute remote code as the apache user. The connected documents confirm the vulnerable component and t...

The vulnerability of the application control tool. Windows Defender Application Control (WDAC), a PowerShell Core automation tool, allows a hacker to execute arbitrary code.

The vulnerability of the application control tool, Windows Defender Application Control WDAC, a PowerShell Core automation tool, is related to errors during command validation. Exploiting this vulnerability allows an attacker to execute arbitrary code...

Security Bulletin: Insufficient command validation in IBM Security Information Queue (CVE-2020-4282)

Summary IBM Security Information Queue ISIQ does not implement encoding or escaping of command requests that originate in the web UI. For example, it would be possible to intercept a product configuration request, and replace the product name with illegal characters. As of v1.0.6, ISIQ performs...

Command injection

push-dir through 0.4.1 allows execution of arbritary commands. Arguments provided as part of the variable "opt.branch" is not validated before being provided to the "git" command within "index.jsL139". This could be abused by an attacker to inject arbitrary commands...