Lucene search
K

457 matches found

OSV
OSV
added 2022/07/21 4:15 a.m.6 views

CVE-2022-33923

Dell PowerStore, versions prior to 3.0.0.0, contains an OS Command Injection vulnerability in PowerStore T environment. A locally authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS command on the PowerStore underlying OS. Exploiting may...

7.8CVSS6AI score0.0038EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/04 12:0 a.m.20 views

Robustel R1510 OS Command Injection Vulnerability (CNVD-2022-51429)

The Robustel R1510 is an industrial VPN router from Robustel China.The Robustel R1510 is vulnerable to an operating system command injection vulnerability, which stems from the fact that specially crafted network packets can be affected by a command injection vulnerability in the...

9.8CVSS5.1AI score0.04251EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/06/30 12:0 a.m.5 views

Robustel R1510 操作系统命令注入漏洞

The Robustel R1510 is an industrial VPN router from Robustel China.The Robustel R1510 is vulnerable to an operating system command injection vulnerability, which stems from the fact that specially crafted network packets can be subject to a command injection vulnerability in the /ajax/setsystime/...

9.8CVSS6AI score0.04251EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/06/30 12:0 a.m.6 views

Robustel R1510 操作系统命令注入漏洞

The Robustel R1510 is an industrial VPN router from Robustel China.The Robustel R1510 is vulnerable to an operating system command injection vulnerability, which stems from the fact that specially crafted network packets can be affected by a command injection vulnerability in the...

9.8CVSS6.1AI score0.04251EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/06/13 12:0 a.m.5 views

Festo Controller CECC-X-M1 操作系统命令注入漏洞

The Festo Controller CECC-X-M1 is a series of controller devices from Festo, Germany. An operating system command injection vulnerability exists in the Festo Controller CECC-X-M1. An attacker could use this vulnerability to execute system commands with root privileges...

10CVSS8.7AI score0.02779EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/06/09 5:15 p.m.3 views

CVE-2022-1986

OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9...

10CVSS7.3AI score0.04483EPSS
Exploits1References3
OSV
OSV
added 2022/06/03 12:0 a.m.4 views

GHSA-GWP3-F7MR-QPFV OS Command Injection in s3-uploader

OS command injection vulnerability in Turistforeningen node-s3-uploader through 2.0.3 for Node.js allows attackers to execute arbitrary commands via the metadata function...

10CVSS6.1AI score0.02979EPSS
Exploits1References3
OSV
OSV
added 2022/05/14 1:4 a.m.4 views

GHSA-J472-MCQ2-95P6 OS Command Injection in Jenkins

Jenkins 2.73.1 and earlier, 2.83 and earlier users with permission to create or configure agents in Jenkins could configure a launch method called 'Launch agent via execution of command on master'. This allowed them to run arbitrary shell commands on the master node whenever the agent was suppose...

8.8CVSS7.5AI score0.0261EPSS
Exploits0References5
OSV
OSV
added 2022/05/12 5:15 p.m.2 views

CVE-2022-26518

An OS command injection vulnerability exists in the console infactorynet functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability...

8.8CVSS7.6AI score
Exploits0References2
OSV
OSV
added 2022/05/12 5:15 p.m.3 views

CVE-2022-26420

An OS command injection vulnerability exists in the console infactoryport functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability...

8.8CVSS7.6AI score0.05762EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/05/04 12:0 a.m.7 views

Tenda AC15 操作系统命令注入漏洞

The Tenda AC15 is a wireless router from Tenda China. Tenda AC15 USAC15V1.0BRV15.03.05.20multiTDE01.bin device web suffers from an operating system command injection vulnerability, which stems from a command injection vulnerability in the /goform/setsambacfg interface, which can also be coupled...

9.8CVSS8.3AI score0.2197EPSS
Exploits1References2
OSV
OSV
added 2022/04/25 3:15 p.m.2 views

DEBIAN-CVE-2022-29078

The ejs aka Embedded JavaScript templates package 3.1.6 for Node.js allows server-side template injection in settingsview optionsoutputFunctionName. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command which is executed upon template...

9.8CVSS7.1AI score0.32386EPSS
Exploits5References1
OSV
OSV
added 2022/04/25 3:15 p.m.1 views

UBUNTU-CVE-2022-29078

The ejs aka Embedded JavaScript templates package 3.1.6 for Node.js allows server-side template injection in settingsview optionsoutputFunctionName. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command which is executed upon template...

9.8CVSS6.8AI score0.32386EPSS
Exploits5References4
Github Security Blog
Github Security Blog
added 2022/04/23 12:3 a.m.28 views

Command injection in git-interface

A command injection vulnerability exists in git-interface in the GitHub repository yarkeev/git-interface prior to 2.1.2. If both the git remote and destination directory are provided by user input, then the use of an --upload-pack command-line argument feature of git is also supported for git...

10CVSS3.2AI score0.03816EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2022/04/22 6:15 p.m.20 views

Command injection

Command Injection vulnerability in email protected in GitHub repository yarkeev/git-interface prior to 2.1.2. If both are provided by user input, then the use of a --upload-pack command-line argument feature of git is also supported for git clone, which would then allow for any operating system...

10CVSS9.8AI score0.03816EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2022/04/22 5:30 p.m.23 views

CVE-2022-1440 Command Injection vulnerability in [email protected] in yarkeev/git-interface

Command Injection vulnerability in [email protected] in GitHub repository yarkeev/git-interface prior to 2.1.2. If both are provided by user input, then the use of a --upload-pack command-line argument feature of git is also supported for git clone, which would then allow for any operating syst...

9.8CVSS9.7AI score0.03816EPSS
Exploits1References4
Metasploit
Metasploit
added 2022/04/21 5:42 p.m.439 views

ManageEngine ADSelfService Plus Custom Script Execution

This module exploits the "custom script" feature of ADSelfService Plus. The feature was removed in build 6122 as part of the patch for CVE-2022-28810. For purposes of this module, a "custom script" is arbitrary operating system command execution. This module uses an attacker provided "admin"...

7.1CVSS7.5AI score0.70419EPSS
Exploits4
NVD
NVD
added 2022/03/31 11:15 p.m.23 views

CVE-2022-24796

RaspberryMatic is a free and open-source operating system for running a cloud-free smart-home using the homematicIP / HomeMatic hardware line of IoT devices. A Remote Code Execution RCE vulnerability in the file upload facility of the WebUI interface of RaspberryMatic exists. Missing input...

10CVSS0.03517EPSS
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/03/23 3:8 a.m.4 views

Netcommunity OG410X and OG810X VoIP gateway/Hikari VoIP adapter for business offices vulnerable to OS command injection

Overview Netcommunity OG410X and OG810X series provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION and NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contain an OS command injection vulnerability CWE-78, CVE-2022-22986. Chuya Hayakawa of 00One, Inc. reported this vulnerability to NTT Eas...

8.8CVSS7.5AI score0.00709EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/02/25 1:4 a.m.4 views

jenkins-2-plugins/docker-commons: does not sanitize the name of an image or a tag which could result in an OS command execution

An OS command execution vulnerability was found in the Jenkins Docker Commons plugin. Due to a lack of sanitization in the name of an image or a tag, an attacker with Item/Configure permission or the ability to control the contents of a previously configured job’s SCM repository may be able to...

8.8CVSS5.9AI score0.02277EPSS
Exploits0References5
Rows per page
Query Builder