CVE-2022-31138 OS Command Injection in mailcow

mailcow is a mailserver suite. Prior to mailcow-dockerized version 2022-06a, an extended privilege vulnerability can be exploited by manipulating the custom parameters regexmess, skipmess, regexflag, delete2foldersonly, delete2foldersbutnot, regextrans2, pipemess, or maxlinelengthcmd to execute...

FreeBSD : Node.js -- July 7th 2022 Security Releases (b9210706-feb0-11ec-81fa-1c697a616631)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the b9210706-feb0-11ec-81fa-1c697a616631 advisory. - AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation wil...

CVE-2022-33923

Dell PowerStore, versions prior to 3.0.0.0, contains an OS Command Injection vulnerability in PowerStore T environment. A locally authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS command on the PowerStore underlying OS. Exploiting may...

FortiAnalyzer & FortiManager - OS command injection vulnerability in CLI

An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in FortiAnalyzer & FortiManager may allow an authenticated attacker to execute arbitrary shell code as root user via diagnose system CLI commands...

CVE-2022-33948

HOME SPOT CUBE2 V102 contains an OS command injection vulnerability due to improper processing of data received from DHCP server. An adjacent attacker may execute an arbitrary OS command on the product if a malicious DHCP server is placed on the WAN side of the product...

CVE-2022-33948

HOME SPOT CUBE2 V102 contains an OS command injection vulnerability due to improper processing of data received from DHCP server. An adjacent attacker may execute an arbitrary OS command on the product if a malicious DHCP server is placed on the WAN side of the product...

CVE-2022-33948

HOME SPOT CUBE2 V102 contains an OS command injection vulnerability due to improper processing of data received from DHCP server. An adjacent attacker may execute an arbitrary OS command on the product if a malicious DHCP server is placed on the WAN side of the product...

CVE-2022-33948

HOME SPOT CUBE2 V102 contains an OS command injection vulnerability due to improper processing of data received from DHCP server. An adjacent attacker may execute an arbitrary OS command on the product if a malicious DHCP server is placed on the WAN side of the product...

CVE-2022-33948

CVE-2022-33948 affects KDDI/HOME SPOT CUBE2 V102 and earlier, where an OS command injection arises from improper processing of data received from a DHCP server. An adjacent attacker on the WAN side could trigger arbitrary OS commands on affected devices. Root cause: DHCP data handling flaw leadin...

Robustel R1510 OS Command Injection Vulnerability (CNVD-2022-51425)

The Robustel R1510 is an industrial VPN router from Robustel China.The Robustel R1510 is vulnerable to an operating system command injection vulnerability, which stems from the fact that specially crafted network packets can be subject to a command injection vulnerability in the /ajax/setsystime/...

Robustel R1510 OS Command Injection Vulnerability (CNVD-2022-51424)

Robustel R1510 is an industrial VPN router from Robustel China.Robustel R1510 is vulnerable to an operating system command injection vulnerability, which stems from the fact that specially crafted network packets can be affected by a command injection vulnerability in the /ajax/remove/ API, which...

Robustel R1510 OS Command Injection Vulnerability (CNVD-2022-51422)

The Robustel R1510 is an industrial VPN router from Robustel China.The Robustel R1510 is vulnerable to an operating system command injection vulnerability, which stems from the fact that specially crafted network packets can be subject to a command injection vulnerability in the...

CVE-2022-2253

CVE-2022-2253 affects Distributed Data Systems WebHMI 4.1.1.7662 (and possibly prior versions). It is an OS command injection (CWE-78) vulnerability caused by improper neutralization of input during web page generation, allowing a user with administrative privileges to send OS commands to execute...

CVE-2022-2253 Distributed Data Systems WebHMI OS Command Injection

A user with administrative privileges in Distributed Data Systems WebHMI 4.1.1.7662 may send OS commands to execute on the host server...

CVE-2022-2253 Distributed Data Systems WebHMI OS Command Injection

A user with administrative privileges in Distributed Data Systems WebHMI 4.1.1.7662 may send OS commands to execute on the host server...

CVE-2014-0156

Awesome spawn contains OS command injection vulnerability, which allows execution of additional commands passed to Awesome spawn as arguments. If untrusted input was included in command arguments, attacker could use this flaw to execute arbitrary command...

CVE-2014-0156

CVE-2014-0156 corresponds to an OS command injection in the Ruby gem awesome_spawn (ManageIQ). The vulnerability allows an attacker to execute arbitrary commands when untrusted input is passed as command arguments to AwesomeSpawn.run, via the underlying Kernel.spawn usage. The issue affects versi...

CVE-2014-0156

Awesome spawn contains OS command injection vulnerability, which allows execution of additional commands passed to Awesome spawn as arguments. If untrusted input was included in command arguments, attacker could use this flaw to execute arbitrary command...

Distributed Data Systems WebHMI

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Distributed Data Systems Equipment: WebHMI Vulnerabilities: Cross-site Scripting, OS Command Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities...

Robustel R1510 web_server ajax endpoints OS command injection vulnerabilities

Summary Multiple command injection vulnerabilities exist in the webserver ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities. Tested...