JVN#17625382: Multiple vulnerabilities in Nintendo Wi-Fi Network Adaptor WAP-001

Nintendo Wi-Fi Network Adaptor provided by Nintendo Co.,Ltd. contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2022-36381 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H| Base Score: 6.8 CVSS v2| AV:A/AC:L/Au:S/C:P/I:P/A:P|...

The vulnerability of the `import_sdk_file()` function implementation in the microprogramming software for VPN routers of the Robustel R1510 allows a hacker to execute arbitrary commands.

The vulnerability of the importsdkfile function in the Microprogramming Software for VPN Routers of Robustel R1510 relates to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrar...

Schneider Electric SpaceLogic C-Bus Home Controller (5200WHC2) - Remote Code Execution

Exploit Title: Schneider Electric SpaceLogic C-Bus Home Controller 5200WHC2 - Remote Code Execution Exploit Author: LiquidWorm SpaceLogic.ps1 Schneider Electric SpaceLogic C-Bus Home Controller 5200WHC2 Remote Root Exploit Vendor: Schneider Electric SE Product web page: https://www.se.com...

CVE-2022-22684

Improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability in task management component in Synology DiskStation Manager DSM before 6.2.4-25553 allows remote authenticated users to execute arbitrary commands via unspecified vectors...

CVE-2022-22684

Improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability in task management component in Synology DiskStation Manager DSM before 6.2.4-25553 allows remote authenticated users to execute arbitrary commands via unspecified vectors...

Command injection

Improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability in task management component in Synology DiskStation Manager DSM before 6.2.4-25553 allows remote authenticated users to execute arbitrary commands via unspecified vectors...

CVE-2022-22684

CVE-2022-22684 affects Synology DiskStation Manager (DSM) prior to 6.2.4-25553, in the task management component, due to improper neutralization of certain OS command elements. This OS Command Injection allows remote authenticated users to execute arbitrary commands via unspecified vectors. Remed...

CVE-2022-22684

Improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability in task management component in Synology DiskStation Manager DSM before 6.2.4-25553 allows remote authenticated users to execute arbitrary commands via unspecified vectors...

CVE-2022-2550

OS Command Injection in GitHub repository hestiacp/hestiacp prior to 1.6.5...

CVE-2022-2550

CVE-2022-2550 : OS Command Injection in the GitHub repository hestiacp/hestiacp prior to 1.6.5. The Red Hat/NVD/CVE records, Huntr advisory, and PT-Security note describe an OS command injection vulnerability in the HestiaCP project, stemming from the DokuWiki installation flow (DokuWikiSetup.php...

CVE-2022-23100

OX App Suite through 7.10.6 allows OS Command Injection via Documentconverter e.g., through an email attachment...

CVE-2022-24405

OX App Suite through 7.10.6 allows OS Command Injection via a serialized Java class to the Documentconverter API...

CVE-2022-23100

OX App Suite through 7.10.6 allows OS Command Injection via Documentconverter e.g., through an email attachment...

Command injection

OX App Suite through 7.10.6 allows OS Command Injection via a serialized Java class to the Documentconverter API...

CVE-2022-24405

OX App Suite through 7.10.6 allows OS Command Injection via a serialized Java class to the Documentconverter API...

CVE-2022-24405

OX App Suite (Open-Xchange) vulnerable through 7.10.6: OS command injection via a serialized Java class in the Documentconverter API. Affected versions are 7.10.6 and earlier; exploitation occurs when a Java-serialized object is processed by the documentconverter endpoint, enabling command execut...

CVE-2022-23100

OX App Suite through 7.10.6 allows OS Command Injection via Documentconverter e.g., through an email attachment...

CVE-2022-23100

CVE-2022-23100 affects Open-Xchange OX App Suite up to version 7.10.6, where the vulnerability exists in the Documentconverter component allowing OS command injection. An authenticated OX App Suite user can trigger a document conversion (e.g., via an email attachment or OX Drive content) and exec...

PT-2022-16675 · Open Xchange · Ox App Suite

Name of the Vulnerable Software and Affected Versions: OX App Suite versions 7.10.6 and earlier Description: The issue allows OS Command Injection via a serialized Java class to the "Documentconverter API" endpoint. This enables potential attackers to execute system commands. No information is...

ffmpeg-sdk vulnerable to OS Command Injection

A command injection vulnerability affects all versions of package ffmpeg-sdk. The injection point is located in line 9 in index.js...