WWBN AVideo aVideoEncoder wget OS command injection vulnerability

Talos Vulnerability Report TALOS-2022-1548 WWBN AVideo aVideoEncoder wget OS command injection vulnerability August 16, 2022 CVE Number CVE-2022-32572 SUMMARY An os command injection vulnerability exists in the aVideoEncoder wget functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A...

WWBN AVideo aVideoEncoder chunkfile OS command injection vulnerability

Talos Vulnerability Report TALOS-2022-1546 WWBN AVideo aVideoEncoder chunkfile OS command injection vulnerability August 16, 2022 CVE Number CVE-2022-30534 SUMMARY An OS command injection vulnerability exists in the aVideoEncoder chunkfile functionality of WWBN AVideo 11.6 and dev master commit...

Nortek Linear eMerge E3-Series Command Injection

Exploit Title: Nortek Linear eMerge E3-Series - Blind OS Command Injection Exploit Author: Omar Hashim Version: 0.32-09c Vendor home page: https://www.nortekcontrol.com/access-control/ Vendor home page: https://linear-solutions.com/ Authentication Required: No CVE: CVE-2022-31499 POC:...

CVE-2022-22140

An os command injection vulnerability exists in the confsrv ucloudaddnode functionality of TCL LinkHub Mesh Wi-Fi MS1G0001.0014. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a malicious packet to trigger this vulnerability...

Command injection

An os command injection vulnerability exists in the confsrv ucloudaddnewnode functionality of TCL LinkHub Mesh Wifi MS1G0001.0014. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a malicious packet to trigger this vulnerability...

CVE-2022-22140

An os command injection vulnerability exists in the confsrv ucloudaddnode functionality of TCL LinkHub Mesh Wi-Fi MS1G0001.0014. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a malicious packet to trigger this vulnerability...

CVE-2022-22140

CVE-2022-22140 is a confirmed OS command injection affecting TCL LinkHub Mesh Wi‑Fi MS1G_00_01.00_14. The vulnerability occurs in confsrv ucloud_add_node, where ProtoBuffer data is parsed and the serialNum field is passed directly to doSystemCmd, resulting in arbitrary command execution via syste...

CVE-2022-21178

An os command injection vulnerability exists in the confsrv ucloudaddnewnode functionality of TCL LinkHub Mesh Wifi MS1G0001.0014. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a malicious packet to trigger this vulnerability...

CVE-2022-21178

CVE-2022-21178 affects TCL LinkHub Mesh Wifi MS1G_00_01.00_14. The Talos analysis shows a command-injection in the confsrv/ucloud_add_new_node path. A Protobuffer message is sent to port 9003, parsed by ucloud_add_node_new, and the code builds a command using data from the packet (pkt->serialN...

CVE-2022-34769

Michlol - rashim web interface exposes an IDOR issue (CVE-2022-34769). A logged-in attacker can alter the ptMsl parameter to access another user’s data, affecting confidentiality (CVE data cites HIGH/LOW impacts). Affected component is the Michlol rashim web interface; root cause is insecure obje...

OS Command Injection

Heroku-env is vulnerable to OS command injection. The vulnerability is due to the function get that executes a shell command with unsanitized user input. An attacker can inject shell code using the app parameter, using the control operator & or && followed by an arbitrary command...

Command Injection

curljs is vulnerable to command injection. The vulnerability exists due to a lack of sanitization of the input argument allowing an attacker to inject maliciously crafted OS command into the system...

Command Injection

s3-kilatstorage is vulnerable to command injection. The vulnerability exists due to a lack of sanitization of the input argument allowing an attacker to inject maliciously crafted OS command into the system...

CVE-2022-27616

Improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability in webapi component in Synology DiskStation Manager DSM before 7.0.1-42218-3 allows remote authenticated users to execute arbitrary commands via unspecified vectors...

CVE-2022-27616

Improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability in webapi component in Synology DiskStation Manager DSM before 7.0.1-42218-3 allows remote authenticated users to execute arbitrary commands via unspecified vectors...

Command injection

Improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability in webapi component in Synology DiskStation Manager DSM before 7.0.1-42218-3 allows remote authenticated users to execute arbitrary commands via unspecified vectors...

CVE-2022-27616

Improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability in webapi component in Synology DiskStation Manager DSM before 7.0.1-42218-3 allows remote authenticated users to execute arbitrary commands via unspecified vectors...

CVE-2022-27616

CVE-2022-27616 affects the webapi component of Synology DiskStation Manager (DSM). The issue is an OS command injection due to improper neutralization of special elements, allowing remote authenticated users to execute arbitrary commands via unspecified vectors in DSM builds prior to 7.0.1-42218-...

PT-2022-18521 · Synology · Synology Diskstation Manager

Name of the Vulnerable Software and Affected Versions: Synology DiskStation Manager DSM versions prior to 7.0.1-42218-3 Description: The issue is related to improper neutralization of special elements used in an OS command, also known as 'OS Command Injection'. This allows remote authenticated...

TCL LinkHub Mesh Wifi confsrv ucloud_add_node_new OS command injection vulnerability

Talos Vulnerability Report TALOS-2022-1457 TCL LinkHub Mesh Wifi confsrv ucloudaddnodenew OS command injection vulnerability August 1, 2022 CVE Number CVE-2022-21178 SUMMARY An os command injection vulnerability exists in the confsrv ucloudaddnewnode functionality of TCL LinkHub Mesh Wifi...