Command injection

pimcore is vulnerable to Improper Neutralization of Special Elements used in an SQL Command...

CVE-2021-23154

In Lens prior to 5.3.4, custom helm chart configuration creates helm commands from string concatenation of provided arguments which are then executed in the user's shell. Arguments can be provided which cause arbitrary shell commands to run on the system...

Remote code execution

A remote code execution issue in the ping command on Poly Trio 8800 5.7.1.4145 devices allows remote authenticated users to execute commands via unspecified vectors...

Command injection

An OS command injection vulnerability exists in the Web Manager SslGenerateCSR functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

Palo Alto Networks PAN-OS Operating System Command Injection Vulnerability (CNVD-2021-93380)

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks for its firewall appliances.Palo Alto Networks PAN-OS is vulnerable to a command injection vulnerability in the management interface, which stems from an OS command injection vulnerability in the system management...

Microsoft OMI Management Interface Authentication Bypass Exploit

By removing the authentication header, an attacker can issue an HTTP request to the OMI management endpoint that will cause it to execute an operating system command as the root user. This vulnerability was patched in OMI version 1.6.8-1 released September 8th 2021. This module requires Metasploi...

Command injection

Nagios XI Switch Wizard before version 2.5.7 is vulnerable to remote code execution through improper neutralisation of special elements used in an OS Command OS Command injection...

Command injection

An improper neutralization of special elements used in an OS Command vulnerability in FortiSandbox 3.2.0 through 3.2.2, 3.1.0 through 3.1.4, and 3.0.0 through 3.0.6 may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTT...

CVE-2021-26097

FortiSandbox has an OS command injection flaw (CVE-2021-26097) affecting 3.2.0–3.2.2, 3.1.0–3.1.4, and 3.0.0–3.0.6. The issue arises from improper neutralization of special elements in OS command handling, enabling an authenticated attacker with web GUI access to execute unauthorized code or comm...

FortiSandbox - Command injection in web interface

An improper neutralization of special elements used in an OS Command vulnerability in FortiSandbox may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTTP requests...

CVE-2021-24015

FortiMail before 6.4.4 exposes an OS command injection in its administrative interface. An authenticated attacker can craft specific HTTP requests to execute commands on the device (CWE-78). Impact is user-controlled command execution with high risk; no exploitation details are provided in the do...

CVE-2021-24015

An improper neutralization of special elements used in an OS Command vulnerability in the administrative interface of FortiMail before 6.4.4 may allow an authenticated attacker to execute unauthorized commands via specifically crafted HTTP requests...

CVE-2021-26106

An improper neutralization of special elements used in an OS Command vulnerability in FortiAP's console 6.4.1 through 6.4.5 and 6.2.4 through 6.2.5 may allow an authenticated attacker to execute unauthorized commands by running the kdbg CLI command with specifically crafted arguments...

Command injection

An improper neutralization of special elements used in an OS Command vulnerability in FortiAP's console 6.4.1 through 6.4.5 and 6.2.4 through 6.2.5 may allow an authenticated attacker to execute unauthorized commands by running the kdbg CLI command with specifically crafted arguments...

CVE-2021-26106

Fortinet FortiAP OS command injection (CVE-2021-26106) affects FortiAP console versions 6.4.1–6.4.5 and 6.2.4–6.2.5. The vulnerability is due to improper neutralization of special elements in an OS command, enabling an authenticated, local attacker to execute unauthorized commands by issuing the ...

Command injection

OS command injection vulnerability in Array function in QSAN XEVO allows remote unauthenticated attackers to execute arbitrary commands via status parameter. The referred vulnerability has been solved with the updated version of QSAN XEVO v2.1.0...

FortiMail - OS Command injection

An improper neutralization of special elementsused in an OS Command vulnerability CWE-78 in FortiMail's administrative interface may allow an authenticated attacker to execute unauthorized commands via specifically crafted HTTP requests...

CVE-2021-21550

Dell EMC PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. This vulnerability can allow an authenticated user with ISIPRIVLOGINSSH or ISIPRIVLOGINCONSOLE privileges to escalate privileges...

Command injection

Dell EMC PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. This vulnerability can allow an authenticated user with ISIPRIVLOGINSSH or ISIPRIVLOGINCONSOLE privileges to escalate privileges...

CVE-2021-25162

A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and...