Lucene search
K

459 matches found

Cvelist
Cvelist
added 2023/04/18 8:34 p.m.19 views

CVE-2023-25554

A CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that allows a local privilege escalation on the appliance when a maliciously crafted Operating System command is entered on the device. Affected products: StruxureWare Data Cent...

7.8CVSS8.1AI score0.00609EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/03/21 12:0 a.m.8 views

InsightCloudSec 代码注入漏洞

InsightCloudSec is a fully integrated cloud-native security platform from InsightCloudSec. A security vulnerability exists in versions of InsightCloudSec prior to 23.3.21 that stems from an attacker being able to execute OS commands via a Jinja template utilizing the publicly available getattr...

8.8CVSS8AI score0.01079EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2023/03/15 12:0 a.m.5 views

The vulnerability of FortiWeb web applications’ network firewalls stems from the lack of measures taken to neutralize special elements used in the operating system’s command set. This allows attackers to execute arbitrary commands.

The vulnerability of FortiWeb web applications’ network firewalls is related to the failure to take measures to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands by sending specially crafted...

9CVSS8AI score0.01755EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2023/03/13 12:0 a.m.23 views

Fortinet FortiWeb OS Command Injection Vulnerability (CNVD-2023-18291)

Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures web applications and protects sensitive database content. An operating system command injection...

8.8CVSS9.3AI score0.01755EPSS
Exploits0References1
CVE
CVE
added 2023/02/14 3:17 a.m.63 views

CVE-2023-24523

Summary: CVE-2023-24523 affects SAP Host Agent (Start Service) version 7.21 and 7.22. A non-admin user with local access can trigger ConfigureOutsideDiscovery to execute an OS command with administrator privileges, enabling read/modify of any user or system data and potentially making the system ...

8.8CVSS8.2AI score0.00185EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/02/14 12:0 a.m.6 views

PT-2023-1391 · Schneider Electric · Struxureware Data Center Expert

Name of the Vulnerable Software and Affected Versions: StruxureWare Data Center Expert versions 7.9.2 and prior Description: A CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could allow a user that knows the credentials t...

8.1CVSS8.2AI score0.0085EPSS
Exploits0References7
OSV
OSV
added 2023/01/26 10:15 p.m.5 views

CVE-2022-42491

Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is...

9.8CVSS5.9AI score0.03233EPSS
Exploits0References2
hivepro
hivepro
added 2023/01/23 3:53 a.m.17 views

Control Web Panel OS Command Injection Exploitation Increases After POC Release

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary On January 3, 2023, a security researcher published a proof-of-concept exploit for a vulnerability in Control Web Panel CWP that allows unauthenticated remote code execution. By January 6, the...

4.9AI score
Exploits0
OSV
OSV
added 2023/01/17 5:15 p.m.4 views

CVE-2022-3091

RONDS EPM version 1.19.5 has a vulnerability in which a function could allow unauthenticated users to leak credentials. In some circumstances, an attacker can exploit this vulnerability to execute operating system OS commands...

7.5CVSS5.9AI score0.00629EPSS
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/01/12 5:50 a.m.3 views

Multiple vulnerabilities in PIXELA PIX-RT100

Overview PIX-RT100 provided by PIXELA CORPORATION contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2023-22304 Backdoor access issue CWE-912 - CVE-2023-22316 MASAHIRO IIDA of LAC Co.,Ltd. reported these vulnerabilities to IPA. JPCERT/CC coordinated with the develop...

8.8CVSS7.8AI score0.00893EPSS
Exploits0References8
OSV
OSV
added 2023/01/11 2:15 a.m.4 views

CVE-2022-48252

The jokob-sk/Pi.Alert fork before 22.12.20 of Pi.Alert allows Remote Code Execution via nmapscan.php scan parameter OS Command Injection...

9.8CVSS5.9AI score0.02724EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/01/11 12:0 a.m.3 views

MAHO-PBX NetDevancer series 操作系统命令注入漏洞

The MAHO-PBX NetDevancer series is an IP-PBX system from MAHO-PBX Japan. A security vulnerability exists in the MAHO-PBX NetDevancer, which is caused by an operating system command injection in the Management screen, and can be exploited by a remote attacker to execute arbitrary operating system...

9.8CVSS8.9AI score0.01127EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/12/02 5:57 a.m.4 views

Multiple vulnerabilities in UNIMO Technology digital video recorders

Overview Multiple digital video recorders provided by UNIMO Technology Co., Ltd contain multiple vulnerabilities listed below. Improper Authentication CWE-287 - CVE-2022-44620 OS Command Injection CWE-78 - CVE-2022-44606 Hidden Functionality CWE-912 - CVE-2022-43464 The reporter states that attac...

8.8CVSS7.8AI score0.0147EPSS
Exploits0References11
ICS
ICS
added 2022/11/15 12:0 a.m.61 views

Mitsubishi Electric GT SoftGOT2000

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Corporation Equipment: GT SoftGOT2000 Vulnerability: Operating System OS Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...

10CVSS9.8AI score0.95764EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/11/03 12:0 a.m.5 views

IBM InfoSphere Information Server 操作系统命令注入漏洞

IBM InfoSphere Information Server is a data integration platform from International Business Machines IBM, Inc. IBM InfoSphere Information Server version 11.7 contains an operating system command injection vulnerability that can be exploited by a locally authenticated attacker to execute arbitrar...

7.8CVSS7.8AI score0.00564EPSS
Exploits0References2
Veracode
Veracode
added 2022/10/14 9:35 a.m.29 views

Command Injection

kylin is vulnerable to command injection. The vulnerability exists when overwriting system parameters in the configuration overwrites menu which allows an attacker to send a specially crafted request using the value parameter and inject any operating system command into the system...

9.8CVSS9.1AI score0.84777EPSS
Exploits0References4Affected Software4
OSV
OSV
added 2022/10/13 1:15 p.m.22 views

CVE-2022-24697

Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of “-- conf=” to inject any operating system command into the comma...

9.8CVSS7.1AI score
Exploits0References2
CNNVD
CNNVD
added 2022/09/20 12:0 a.m.3 views

Aruba Networks ClearPass Policy Manager 操作系统命令注入漏洞

Aruba Networks ClearPass Policy Manager is an Aruba Networks application that provides a secure access management system for wireless networks. An operating system command injection vulnerability exists in Aruba Networks ClearPass Policy Manager versions 6.10.6 and earlier, 6.9.11 and earlier,...

7.2CVSS7.4AI score0.01307EPSS
Exploits0References2
CNVD
CNVD
added 2022/09/19 12:0 a.m.40 views

D-Link DIR-2150 OS Command Injection Vulnerability (CNVD-2023-21660)

The D-Link DIR-2150 is a wireless router device from D-Link.The D-Link DIR-2150 is vulnerable to an operating system command injection vulnerability that could be exploited by attackers to execute code in the context of a service account...

8.8CVSS9AI score0.0087EPSS
Exploits0References1
OSV
OSV
added 2022/09/13 9:15 p.m.3 views

CVE-2022-39815

In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities occurs. This vulnerability allow unauthenticated users to execute commands on the operating system...

9.8CVSS5.9AI score0.02079EPSS
Exploits0References1
Rows per page
Query Builder