28 matches found
EUVD-2020-17430
Malware in sbrugna...
CVE-2024-50367
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection'" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G = 1.6.3, EKI-6333AC-2GD = v1.6.3 and EKI-6333AC-1GPO = v1.2.1. The source of the vulnerability relies on...
CVE-2024-50367
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection'" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G = 1.6.3, EKI-6333AC-2GD = v1.6.3 and EKI-6333AC-1GPO = v1.2.1. The source of the vulnerability relies on...
CVE-2024-50362
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection'" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G = 1.6.3, EKI-6333AC-2GD = v1.6.3 and EKI-6333AC-1GPO = v1.2.1. The source of the vulnerability relies on...
CVE-2024-50360
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection'" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G = 1.6.3, EKI-6333AC-2GD = v1.6.3 and EKI-6333AC-1GPO = v1.2.1. The source of the vulnerability relies on...
Command injection
OS Command Injection in TripleData Reporting Engine in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated users to run unprivileged OS level commands via a crafted request payload...
CVE-2023-25759
OS Command Injection in TripleData Reporting Engine in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated users to run unprivileged OS level commands via a crafted request payload...
CVE-2023-25759
The CVE-2023-25759 issue affects the Tripleplay Platform’s TripleData Reporting Engine prior to Caveman 3.4.0, where OS command injection is possible via a crafted request payload. The vulnerability allows authenticated users to execute unprivileged OS commands, with the impact described as limit...
D-Link DNR-322L Command Injection Vulnerability
The D-Link DNR-322L is a surveillance memory from D-Link. A command injection vulnerability exists in D-Link DNR-322L version 2.60B15 and earlier, which stems from a data integrity failure in the backup configuration and can be exploited by an authenticated attacker to execute OS-level commands o...
Command injection
Data Integrity Failure in 'Backup Config' in D-Link DNR-322L = 2.60B15 allows an authenticated attacker to execute OS level commands on the device...
CVE-2022-40799
Data Integrity Failure in 'Backup Config' in D-Link DNR-322L = 2.60B15 allows an authenticated attacker to execute OS level commands on the device...
CVE-2021-37531
SAP NetWeaver Knowledge Management XML Forms versions - 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, contains an XSLT vulnerability which allows a non-administrative authenticated attacker to craft a malicious XSL stylesheet file containing a script with OS-level commands, copy it into a location to be...
Design/Logic Flaw
SAP NetWeaver Knowledge Management XML Forms versions - 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, contains an XSLT vulnerability which allows a non-administrative authenticated attacker to craft a malicious XSL stylesheet file containing a script with OS-level commands, copy it into a location to be...
CVE-2021-37531
SAP NetWeaver Knowledge Management XML Forms versions - 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, contains an XSLT vulnerability which allows a non-administrative authenticated attacker to craft a malicious XSL stylesheet file containing a script with OS-level commands, copy it into a location to be...
CVE-2020-24719
Exposed Erlang Cookie could lead to Remote Command Execution RCE attack. Communication between Erlang nodes is done by exchanging a shared secret aka "magic cookie". There are cases where the magic cookie is included in the content of the logs. An attacker can use the cookie to attach to an Erlan...
Command injection
Exposed Erlang Cookie could lead to Remote Command Execution RCE attack. Communication between Erlang nodes is done by exchanging a shared secret aka "magic cookie". There are cases where the magic cookie is included in the content of the logs. An attacker can use the cookie to attach to an Erlan...
Semrush: Persistent CSV injection
Hi Team, https://www.semrush.com/notes is vulnerable to persistent csv injection stored csv injection POC: 1 Login into application and open https://www.semrush.com/notes 2 click on "Add note" button 3 And enter csv injection payloads like =4+4, =HYPERLINK"http://evil.com", "EVIL" and click on sa...
Command Injection in git-dummy-commit
A command injection in git-dummy-commit v1.3.0 allows os level commands to be executed due to an unescaped parameter...
CVE-2018-3785
A command injection in git-dummy-commit v1.3.0 allows os level commands to be executed due to an unescaped parameter...
CVE-2018-3785
A command injection in git-dummy-commit v1.3.0 allows os level commands to be executed due to an unescaped parameter...