457 matches found
Input validation
The improper neutralization of special elements in the CGI program of the Zyxel NAS326 firmware version V5.21AAZF.14C0 and NAS542 firmware version V5.21ABAG.11C0 could allow an authenticated attacker to execute some operating system OS commands by sending a crafted URL to a vulnerable device...
Multiple vulnerabilities in CubeCart
Overview CubeCart provided by CubeCart Limited contains multiple vulnerabilities listed below. Cross-site request forgery CWE-352 - CVE-2023-38130 Directory traversal CWE-22 - CVE-2023-42428 Directory traversal CWE-22 - CVE-2023-47283 OS command injection CWE-78 - CVE-2023-47675 Gen Sato of Mitsu...
PT-2023-29948 · Netmodule · Netmodule Router
Name of the Vulnerable Software and Affected Versions: NetModule Router Software versions 4.6 through 4.6.0.105 NetModule Router Software versions 4.8 through 4.8.0.100 Description: The web administration interface in NetModule Router Software executes an OS command, potentially leading to remote...
CVE-2023-30805 Sangfor Next-Gen Application Firewall Login Un Param Command Injection
The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /LogInOut.php endpoint. This is due to mishandling ...
Fortinet FortiManager and FortiAnalyzer and FortiADC Operating System Command Injection Vulnerability
Fortinet FortiManager and others are products of Fortinet, Inc.Fortinet FortiManager is a centralized network security management platform.Fortinet FortiAnalyzer is a centralized network security reporting solution.Fortinet FortiADC is an application delivery controller. Fortinet FortiADC is an...
Fortinet FortiWLM Operating System Command Injection Vulnerability
Fortinet FortiWLM is a wireless manager from Fortinet. A security vulnerability exists in Fortinet FortiWLM that stems from the presence of an operating system command injection vulnerability. The vulnerability allows an attacker to execute unauthorized code or commands via specially crafted http...
High-Severity Flaws in ConnectedIO's 3G/4G Routers Raise Concerns for IoT Security
Multiple high-severity security vulnerabilities have been disclosed in ConnectedIO's ER2000 edge routers and the cloud-based management platform that could be exploited by malicious actors to execute malicious code and access sensitive data. "An attacker could have leveraged these flaws to fully...
CVE-2022-47555 Improper Neutralization of Special Elements in Ormazabal products
Operating system command injection in ekorCCP and ekorRCI, which could allow an authenticated attacker to execute commands, create new users with elevated privileges or set up a backdoor...
CVE-2023-36922
Due to programming error in function module and report, IS-OIL component in SAP ECC and SAP S/4HANA allows an authenticated attacker to inject an arbitrary operating system command into an unprotected parameter in a common default extension. On successful exploitation, the attacker can read or...
Design/Logic Flaw
Due to programming error in function module and report, IS-OIL component in SAP ECC and SAP S/4HANA allows an authenticated attacker to inject an arbitrary operating system command into an unprotected parameter in a common default extension. On successful exploitation, the attacker can read or...
CVE-2023-36922
The CVE-2023-36922 entry concerns SAP ECC/SAP S/4HANA IS-OIL with a programming error in the function module and report that permits an authenticated attacker to inject an arbitrary operating system command into an unprotected parameter of a common extension. Exploitation can allow reading/modify...
Apache Kylin vulnerable to remote code execution
Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of “-- conf=” to inject any operating system command into the comma...
The vulnerability of the software for processing, transforming, and generating documents using Ghostscript exists due to the lack of measures taken to eliminate the special elements used in the operating system command. This allows a perpetrator to execute arbitrary code.
The vulnerability of the software for processing, transforming, and generating Ghostscript documents exists because measures are not taken to eliminate the special elements used in the operating system command. Exploiting this vulnerability allows an attacker to execute arbitrary code by using th...
PT-2023-3349 · Fortinet · Fortiadc
Name of the Vulnerable Software and Affected Versions: FortiADC versions 6.0 through 7.1.0 Description: The issue is related to an improper neutralization of special elements used in an OS command, which may allow a local and authenticated attacker to execute unauthorized commands via specificall...
PT-2023-3350 · Fortinet · Fortiadcmanager +1
Name of the Vulnerable Software and Affected Versions: FortiADC Manager versions prior to 7.1.0 FortiADC versions 7.0.0 through 7.1.2 FortiADC version 7.2.0 Description: The issue is related to the improper neutralization of special elements used in an operating system command, which can be...
KylinSoft kylin-software-properties 操作系统命令注入漏洞
KylinSoft kylin-software-properties is an application from KylinSoft China. An OS command injection vulnerability exists in KylinSoft kylin-software-properties versions prior to 0.0.1-130. An attacker could exploit this vulnerability to perform os command injection attacks...
CVE-2023-28716
CVE-2023-28716 affects mySCADA myPRO 8.26.0 and earlier. Affected component: parameters handling in myPRO that allow an authenticated user to inject arbitrary operating system commands (OS command injection). Root cause: improper validation/handling of command-related parameters leading to code e...
Command injection
A CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that allows a local privilege escalation on the appliance when a maliciously crafted Operating System command is entered on the device. Affected products: StruxureWare Data Cent...
CVE-2023-25554
A CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that allows a local privilege escalation on the appliance when a maliciously crafted Operating System command is entered on the device. Affected products: StruxureWare Data Cent...
InsightCloudSec 代码注入漏洞
InsightCloudSec is a fully integrated cloud-native security platform from InsightCloudSec. A security vulnerability exists in versions of InsightCloudSec prior to 23.3.21 that stems from an attacker being able to execute OS commands via a Jinja template utilizing the publicly available getattr...