CVE-2021-35531

Improper Input Validation vulnerability in a particular configuration setting field of Hitachi Energy TXpert Hub CoreTec 4 product, allows an attacker with access to an authorized user with ADMIN or ENGINEER role rights to inject an OS command that is executed by the system. This issue affects:...

Input validation

Improper Input Validation vulnerability in a particular configuration setting field of Hitachi Energy TXpert Hub CoreTec 4 product, allows an attacker with access to an authorized user with ADMIN or ENGINEER role rights to inject an OS command that is executed by the system. This issue affects:...

CVE-2021-35531

CVE-2021-35531 applies to Hitachi Energy TXpert Hub CoreTec 4. Affected versions: 2.0.0–2.2.1. Root cause: Improper Input Validation in a particular configuration setting field. Attack scenario: an attacker with access to an authorized user with ADMIN or ENGINEER rights can inject an OS command t...

CVE-2021-35531 Remote Code Execution in TXpert Hub CoreTec 4

Improper Input Validation vulnerability in a particular configuration setting field of Hitachi Energy TXpert Hub CoreTec 4 product, allows an attacker with access to an authorized user with ADMIN or ENGINEER role rights to inject an OS command that is executed by the system. This issue affects:...

Poly EagleEye Director II 2.2.1.1 Command Injection / Authentication Bypass Vulnerability

======================================================================= title: Multiple Critical Vulnerabilities product: Poly EagleEye Director II vulnerable version: 2.2.1.1 Jul 1, 2021 fixed version: 2.2.2.1 or higher CVE number: CVE-2022-26479, CVE-2022-26482 impact: critical homepage:...

OS Command Injection

es128 ssl-utils is vulnerable to os command injection. The vulnerability exists in createCertRequest and createCert functions in generate.js because the user inputs are not properly sanitized which allows an attacker to inject and execute arbitrary commands...

OS Command Injection

docker-tester is vulnerable to OS command injection. The vulnerability exists in the port attribute in the getExternalPort function of docker-compose.js, allowing an attacker to inject and execute malicious commands through the docker-compose.yml by providing shell meta characters...

Carrier LenelS2 HID Mercury access panels OS command injection vulnerability

Carrier LenelS2 HID Mercury access panels is a controller panel from Carrier, U.S.A. An operating system command injection vulnerability exists in Carrier LenelS2 HID Mercury access panels, which could be exploited by an attacker to pass specially crafted data to an application and execute...

CVE-2022-1703

CVE-2022-1703 affects the SonicWall SSL-VPN SMA100 series, specifically the management interface. The issue is an improper neutralization of special elements in the interface, enabling a remote authenticated attacker to inject OS commands and potentially achieve remote command execution or cause ...

OS Command Injection

gitsome is vulnerable to os command injection. The vulnerability exists when initializing an unsupported git repository which allows an attacker to inject and execute arbitrary commands via crafted tag names of the repository...

OS Command Injection

lifion-verify-deps is vulnerable to OS command injection. An attacker can inject and execute malicious commands through the getLatestVersions and getLatestTag functions of index.js by providing a maliciously crafted dependency name to the package.json...

GHSA-CV76-RV4H-4MQC OS Command Injection in proctree

OS Command Injection vulnerability in allenhwkim proctree through 0.1.1 and commit 0ac10ae575459457838f14e21d5996f2fa5c7593 for Node.js, allows attackers to execute arbitrary commands via the fix function...

OS Command Injection in proctree

OS Command Injection vulnerability in allenhwkim proctree through 0.1.1 and commit 0ac10ae575459457838f14e21d5996f2fa5c7593 for Node.js, allows attackers to execute arbitrary commands via the fix function...

GHSA-RPHM-C8GW-3R38 OS Command Injection in lifion-verify-deps

lifion-verify-dependencies through 1.1.0 is vulnerable to OS command injection via a crafted dependency name on the scanned project's package.json file...

GHSA-RJ88-4777-828H Command injection in docker-tester

OS Command injection vulnerability in Mintzo Docker-Tester through 1.2.1 allows attackers to execute arbitrary commands via shell metacharacters in the 'ports' entry of a crafted docker-compose.yml file...

Command injection in docker-tester

OS Command injection vulnerability in Mintzo Docker-Tester through 1.2.1 allows attackers to execute arbitrary commands via shell metacharacters in the 'ports' entry of a crafted docker-compose.yml file...

OS Command injection in ssl-utils

OS Command Injection vulnerability in es128 ssl-utils 1.0.0 for Node.js allows attackers to execute arbitrary commands via unsanitized shell metacharacters provided to the createCertRequest and the createCert functions...

OS Command Injection in lifion-verify-deps

lifion-verify-dependencies through 1.1.0 is vulnerable to OS command injection via a crafted dependency name on the scanned project's package.json file...

Telesquare SDT-CW3B1 1.1.0 Command Injection

!/usr/bin/python3 Exploit Title: Telesquare SDT-CW3B1 1.1.0 - OS Command Injection Date: 24th May 2022 Exploit Author: Bryan Leong Vendor Homepage: http://telesquare.co.kr/ CVE : CVE-2021-46422 Authentication Required: No import requests import argparse import sys from xml.etree import ElementTre...

Telesquare SDT-CW3B1 1.1.0 - OS Command Injection Exploit

!/usr/bin/python3 Exploit Title: Telesquare SDT-CW3B1 1.1.0 - OS Command Injection Date: 24th May 2022 Exploit Author: Bryan Leong Vendor Homepage: http://telesquare.co.kr/ CVE : CVE-2021-46422 Authentication Required: No import requests import argparse import sys from xml.etree import ElementTre...