171 matches found
Commvault Command-Line Argument Injection to Traversal Remote Code Execution
This module exploits an unauthenticated remote code execution exploit chain for Commvault, tracked as CVE-2025-57790 and CVE-2025-57791. A command-line injection permits unauthenticated access to the 'localadmin' account, which then facilitates code execution via expression language injection...
📄 Commvault CLI Argument Injection / Traversal / Remote Code Execution
This Metasploit module exploits an unauthenticated remote code execution exploit chain for Commvault, tracked as CVE-2025-57790 and CVE-2025-57791. A command-line injection permits unauthenticated access to the localadmin account, which then facilitates code execution via expression language...
Linux Distros Unpatched Vulnerability : CVE-2022-39243
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NuProcess is an external process execution implementation for Java. In all the versions of NuProcess where it forks processes by using the JVM's...
Vulnerabilities fixed in Cisco NX-OS Software
Cisco has fixed vulnerabilities in Cisco NX-OS Software Specifically for Nexus 3000 and 9000 Series Switches. The vulnerabilities are in several features of the Cisco NX-OS Software. A vulnerability in the command-line interface CLI allows authenticated local malicious actors to perform command...
Commvault 参数注入漏洞
Commvault is a data backup and recovery software from Commvault, Inc. A parameter injection vulnerability exists in versions of Commvault prior to 11.36.60 that stems from insufficient input validation leading to command line parameter injection or manipulation, which could result in a...
Cisco Secure Firewall Management Center和Cisco Secure Firewall Threat Defense 操作系统命令注入漏洞
Cisco Secure Firewall Management Center and Cisco Secure Firewall Threat Defense are both products of Cisco Corporation.Cisco Secure Firewall Management Center is a powerful Cisco Secure Firewall Threat Defense is an integrated firewall platform. Cisco Secure Firewall Management Center and Cisco...
CVE-2021-43286
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker with privileges to create a new pipeline on a GoCD server can abuse a command-line injection in the Git URL "Test Connection" feature to execute arbitrary code...
CVE-2020-13167
Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php with certain Referer headers launches a command line with client-supplied parameters, and allows injection of shell metacharacters...
The vulnerability of the “Open Git Repository in Terminal” control element, a extension for the JupyterLab web-oriented interactive development environment, allows an attacker to gain access to and modify data, as well as execute arbitrary commands.
The vulnerability of the “Open Git Repository in Terminal” control element in the JupyterLab-Git web-oriented interactive development environment is related to the failure to implement measures to neutralize special elements used in the operating system command line. Exploiting this vulnerability...
CVE-2022-39243
NuProcess is an external process execution implementation for Java. In all the versions of NuProcess where it forks processes by using the JVM's JavajavalangUNIXProcessforkAndExec method 1.2.0+, attackers can use NUL characters in their strings to perform command line injection. Java's...
CVE-2024-45720
On Windows platforms, a "best fit" character encoding conversion of command line arguments to Subversion's executables e.g., svn.exe, etc. may lead to unexpected command line argument interpretation, including argument injection and execution of other programs, if a specially crafted command line...
CVE-2024-27980
Due to the improper handling of batch files in childprocess.spawn / childprocess.spawnSync, a malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled...
PT-2024-31739
Name of the Vulnerable Software and Affected Versions: Apache Subversion versions up to and including 1.14.3 Description: On Windows platforms, a "best fit" character encoding conversion of command line arguments to Subversion's executables may lead to unexpected command line argument...
PostgreSQL Database Name Command Line Flag Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'PostgreSQL Database Name Command Line Flag Injection', 'Description' = %q This module can identify PostgreSQL 9.0, 9.1, and 9.2 servers that are...
Debian dla-3838 : composer - security update
The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3838 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3838-1 [email protected]...
[SECURITY] [DLA 3838-1] composer security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3838-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb June 19, 2024 https://wiki.debian.org/LTS -...
D-Link DIR-2150 安全漏洞
D-Link DIR-2150 is a wireless router from China-based AUO D-Link. A security vulnerability exists in the D-Link DIR-2150 that stems from a cli command injection remote code execution vulnerability...
[SECURITY] [DLA 3773-1] freeipa security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3773-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb March 25, 2024 https://wiki.debian.org/LTS -...
Paessler PRTG Network Monitor Command Injection Vulnerability
Paessler PRTG Network Monitor is a full-featured network monitoring and management software from Paessler, Germany. A command injection vulnerability exists in Paessler PRTG Network Monitor version 23.2.83.1760, which stems from command line parameter injection and undocumented debug feature flag...
Bullied by Bugcrowd over Kape CyberGhost disclosure
TL;DR The CyberGhost VPN client suffers from an elevation of privilege vulnerability and is filed under CVE-2023-30237. A specially crafted JSON payload sent to the CyberGhost RPC service can lead to command line injection when the OpenVPN process is launched, leading to full system compromise. T...