Lucene search
K

457 matches found

Prion
Prion
added 2023/11/30 2:15 a.m.23 views

Input validation

The improper neutralization of special elements in the CGI program of the Zyxel NAS326 firmware version V5.21AAZF.14C0 and NAS542 firmware version V5.21ABAG.11C0 could allow an authenticated attacker to execute some operating system OS commands by sending a crafted URL to a vulnerable device...

6.5CVSS7.5AI score0.602EPSS
Exploits0References2Affected Software2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/11/17 5:22 a.m.3 views

Multiple vulnerabilities in CubeCart

Overview CubeCart provided by CubeCart Limited contains multiple vulnerabilities listed below. Cross-site request forgery CWE-352 - CVE-2023-38130 Directory traversal CWE-22 - CVE-2023-42428 Directory traversal CWE-22 - CVE-2023-47283 OS command injection CWE-78 - CVE-2023-47675 Gen Sato of Mitsu...

9.1CVSS7.9AI score0.01286EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2023/10/22 12:0 a.m.5 views

PT-2023-29948 · Netmodule · Netmodule Router

Name of the Vulnerable Software and Affected Versions: NetModule Router Software versions 4.6 through 4.6.0.105 NetModule Router Software versions 4.8 through 4.8.0.100 Description: The web administration interface in NetModule Router Software executes an OS command, potentially leading to remote...

8.4CVSS7.8AI score0.00961EPSS
Exploits0References8
Cvelist
Cvelist
added 2023/10/10 2:25 p.m.23 views

CVE-2023-30805 Sangfor Next-Gen Application Firewall Login Un Param Command Injection

The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /LogInOut.php endpoint. This is due to mishandling ...

9.8CVSS10AI score0.65799EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/10/10 12:0 a.m.4 views

Fortinet FortiManager and FortiAnalyzer and FortiADC Operating System Command Injection Vulnerability

Fortinet FortiManager and others are products of Fortinet, Inc.Fortinet FortiManager is a centralized network security management platform.Fortinet FortiAnalyzer is a centralized network security reporting solution.Fortinet FortiADC is an application delivery controller. Fortinet FortiADC is an...

7.8CVSS7.9AI score0.01498EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/10/10 12:0 a.m.4 views

Fortinet FortiWLM Operating System Command Injection Vulnerability

Fortinet FortiWLM is a wireless manager from Fortinet. A security vulnerability exists in Fortinet FortiWLM that stems from the presence of an operating system command injection vulnerability. The vulnerability allows an attacker to execute unauthorized code or commands via specially crafted http...

9.8CVSS7.9AI score0.02108EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2023/10/09 10:49 a.m.51 views

High-Severity Flaws in ConnectedIO's 3G/4G Routers Raise Concerns for IoT Security

Multiple high-severity security vulnerabilities have been disclosed in ConnectedIO's ER2000 edge routers and the cloud-based management platform that could be exploited by malicious actors to execute malicious code and access sensitive data. "An attacker could have leveraged these flaws to fully...

9.8CVSS9.2AI score0.01505EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2023/09/19 12:47 p.m.21 views

CVE-2022-47555 Improper Neutralization of Special Elements in Ormazabal products

Operating system command injection in ekorCCP and ekorRCI, which could allow an authenticated attacker to execute commands, create new users with elevated privileges or set up a backdoor...

9.3CVSS7.5AI score0.00984EPSS
Exploits0References1
NVD
NVD
added 2023/07/11 3:15 a.m.18 views

CVE-2023-36922

Due to programming error in function module and report, IS-OIL component in SAP ECC and SAP S/4HANA allows an authenticated attacker to inject an arbitrary operating system command into an unprotected parameter in a common default extension. On successful exploitation, the attacker can read or...

9.1CVSS9.2AI score0.007EPSS
Exploits0References2
Prion
Prion
added 2023/07/11 3:15 a.m.26 views

Design/Logic Flaw

Due to programming error in function module and report, IS-OIL component in SAP ECC and SAP S/4HANA allows an authenticated attacker to inject an arbitrary operating system command into an unprotected parameter in a common default extension. On successful exploitation, the attacker can read or...

6.5CVSS8.5AI score0.007EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/07/11 2:56 a.m.145 views

CVE-2023-36922

The CVE-2023-36922 entry concerns SAP ECC/SAP S/4HANA IS-OIL with a programming error in the function module and report that permits an authenticated attacker to inject an arbitrary operating system command into an unprotected parameter of a common extension. Exploitation can allow reading/modify...

9.1CVSS8.7AI score0.007EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2023/07/06 7:24 p.m.21 views

Apache Kylin vulnerable to remote code execution

Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of “-- conf=” to inject any operating system command into the comma...

9.8CVSS7.4AI score0.84777EPSS
Exploits0References5Affected Software3
BDU FSTEC
BDU FSTEC
added 2023/06/28 12:0 a.m.4 views

The vulnerability of the software for processing, transforming, and generating documents using Ghostscript exists due to the lack of measures taken to eliminate the special elements used in the operating system command. This allows a perpetrator to execute arbitrary code.

The vulnerability of the software for processing, transforming, and generating Ghostscript documents exists because measures are not taken to eliminate the special elements used in the operating system command. Exploiting this vulnerability allows an attacker to execute arbitrary code by using th...

8.4CVSS7.9AI score0.03236EPSS
Exploits3References7Affected Software3
Positive Technologies
Positive Technologies
added 2023/06/12 12:0 a.m.6 views

PT-2023-3349 · Fortinet · Fortiadc

Name of the Vulnerable Software and Affected Versions: FortiADC versions 6.0 through 7.1.0 Description: The issue is related to an improper neutralization of special elements used in an OS command, which may allow a local and authenticated attacker to execute unauthorized commands via specificall...

7.8CVSS7.6AI score0.00205EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/06/09 12:0 a.m.5 views

PT-2023-3350 · Fortinet · Fortiadcmanager +1

Name of the Vulnerable Software and Affected Versions: FortiADC Manager versions prior to 7.1.0 FortiADC versions 7.0.0 through 7.1.2 FortiADC version 7.2.0 Description: The issue is related to the improper neutralization of special elements used in an operating system command, which can be...

7.8CVSS7.6AI score0.00496EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/06/05 12:0 a.m.5 views

KylinSoft kylin-software-properties 操作系统命令注入漏洞

KylinSoft kylin-software-properties is an application from KylinSoft China. An OS command injection vulnerability exists in KylinSoft kylin-software-properties versions prior to 0.0.1-130. An attacker could exploit this vulnerability to perform os command injection attacks...

7.8CVSS6.3AI score0.0213EPSS
Exploits1References4
CVE
CVE
added 2023/04/27 10:11 p.m.52 views

CVE-2023-28716

CVE-2023-28716 affects mySCADA myPRO 8.26.0 and earlier. Affected component: parameters handling in myPRO that allow an authenticated user to inject arbitrary operating system commands (OS command injection). Root cause: improper validation/handling of command-related parameters leading to code e...

8.8CVSS8.7AI score0.04502EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/04/18 9:15 p.m.18 views

Command injection

A CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that allows a local privilege escalation on the appliance when a maliciously crafted Operating System command is entered on the device. Affected products: StruxureWare Data Cent...

4.3CVSS7.8AI score0.00609EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/04/18 8:34 p.m.19 views

CVE-2023-25554

A CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that allows a local privilege escalation on the appliance when a maliciously crafted Operating System command is entered on the device. Affected products: StruxureWare Data Cent...

7.8CVSS8.1AI score0.00609EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/03/21 12:0 a.m.8 views

InsightCloudSec 代码注入漏洞

InsightCloudSec is a fully integrated cloud-native security platform from InsightCloudSec. A security vulnerability exists in versions of InsightCloudSec prior to 23.3.21 that stems from an attacker being able to execute OS commands via a Jinja template utilizing the publicly available getattr...

8.8CVSS8AI score0.01079EPSS
Exploits1References3
Rows per page
Query Builder