457 matches found
CVE-2022-33923
Dell PowerStore, versions prior to 3.0.0.0, contains an OS Command Injection vulnerability in PowerStore T environment. A locally authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS command on the PowerStore underlying OS. Exploiting may...
Robustel R1510 OS Command Injection Vulnerability (CNVD-2022-51429)
The Robustel R1510 is an industrial VPN router from Robustel China.The Robustel R1510 is vulnerable to an operating system command injection vulnerability, which stems from the fact that specially crafted network packets can be affected by a command injection vulnerability in the...
Robustel R1510 操作系统命令注入漏洞
The Robustel R1510 is an industrial VPN router from Robustel China.The Robustel R1510 is vulnerable to an operating system command injection vulnerability, which stems from the fact that specially crafted network packets can be subject to a command injection vulnerability in the /ajax/setsystime/...
Robustel R1510 操作系统命令注入漏洞
The Robustel R1510 is an industrial VPN router from Robustel China.The Robustel R1510 is vulnerable to an operating system command injection vulnerability, which stems from the fact that specially crafted network packets can be affected by a command injection vulnerability in the...
Festo Controller CECC-X-M1 操作系统命令注入漏洞
The Festo Controller CECC-X-M1 is a series of controller devices from Festo, Germany. An operating system command injection vulnerability exists in the Festo Controller CECC-X-M1. An attacker could use this vulnerability to execute system commands with root privileges...
CVE-2022-1986
OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9...
GHSA-GWP3-F7MR-QPFV OS Command Injection in s3-uploader
OS command injection vulnerability in Turistforeningen node-s3-uploader through 2.0.3 for Node.js allows attackers to execute arbitrary commands via the metadata function...
GHSA-J472-MCQ2-95P6 OS Command Injection in Jenkins
Jenkins 2.73.1 and earlier, 2.83 and earlier users with permission to create or configure agents in Jenkins could configure a launch method called 'Launch agent via execution of command on master'. This allowed them to run arbitrary shell commands on the master node whenever the agent was suppose...
CVE-2022-26518
An OS command injection vulnerability exists in the console infactorynet functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability...
CVE-2022-26420
An OS command injection vulnerability exists in the console infactoryport functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability...
Tenda AC15 操作系统命令注入漏洞
The Tenda AC15 is a wireless router from Tenda China. Tenda AC15 USAC15V1.0BRV15.03.05.20multiTDE01.bin device web suffers from an operating system command injection vulnerability, which stems from a command injection vulnerability in the /goform/setsambacfg interface, which can also be coupled...
DEBIAN-CVE-2022-29078
The ejs aka Embedded JavaScript templates package 3.1.6 for Node.js allows server-side template injection in settingsview optionsoutputFunctionName. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command which is executed upon template...
UBUNTU-CVE-2022-29078
The ejs aka Embedded JavaScript templates package 3.1.6 for Node.js allows server-side template injection in settingsview optionsoutputFunctionName. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command which is executed upon template...
Command injection in git-interface
A command injection vulnerability exists in git-interface in the GitHub repository yarkeev/git-interface prior to 2.1.2. If both the git remote and destination directory are provided by user input, then the use of an --upload-pack command-line argument feature of git is also supported for git...
Command injection
Command Injection vulnerability in email protected in GitHub repository yarkeev/git-interface prior to 2.1.2. If both are provided by user input, then the use of a --upload-pack command-line argument feature of git is also supported for git clone, which would then allow for any operating system...
CVE-2022-1440 Command Injection vulnerability in [email protected] in yarkeev/git-interface
Command Injection vulnerability in [email protected] in GitHub repository yarkeev/git-interface prior to 2.1.2. If both are provided by user input, then the use of a --upload-pack command-line argument feature of git is also supported for git clone, which would then allow for any operating syst...
ManageEngine ADSelfService Plus Custom Script Execution
This module exploits the "custom script" feature of ADSelfService Plus. The feature was removed in build 6122 as part of the patch for CVE-2022-28810. For purposes of this module, a "custom script" is arbitrary operating system command execution. This module uses an attacker provided "admin"...
CVE-2022-24796
RaspberryMatic is a free and open-source operating system for running a cloud-free smart-home using the homematicIP / HomeMatic hardware line of IoT devices. A Remote Code Execution RCE vulnerability in the file upload facility of the WebUI interface of RaspberryMatic exists. Missing input...
Netcommunity OG410X and OG810X VoIP gateway/Hikari VoIP adapter for business offices vulnerable to OS command injection
Overview Netcommunity OG410X and OG810X series provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION and NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contain an OS command injection vulnerability CWE-78, CVE-2022-22986. Chuya Hayakawa of 00One, Inc. reported this vulnerability to NTT Eas...
jenkins-2-plugins/docker-commons: does not sanitize the name of an image or a tag which could result in an OS command execution
An OS command execution vulnerability was found in the Jenkins Docker Commons plugin. Due to a lack of sanitization in the name of an image or a tag, an attacker with Item/Configure permission or the ability to control the contents of a previously configured job’s SCM repository may be able to...