Telesquare SDT-CW3B1 1.1.0 - OS Command Injection

!/usr/bin/python3 Exploit Title: Telesquare SDT-CW3B1 1.1.0 - OS Command Injection Date: 24th May 2022 Exploit Author: Bryan Leong Vendor Homepage: http://telesquare.co.kr/ CVE : CVE-2021-46422 Authentication Required: No import requests import argparse import sys from xml.etree import ElementTre...

OS Command Injection in gogs

Impact The malicious user is able to upload a crafted config file into repository's .git directory with to gain SSH access to the server. All Windows installations with repository upload enabled default are affected. Patches Repository file uploads are prohibited to its .git directory. Users shou...

CVE-2021-34078

lifion-verify-dependencies through 1.1.0 is vulnerable to OS command injection via a crafted dependency name on the scanned project's package.json file...

Command injection

A Command Injection vulnerability in httpd web server setup.cgi in SerComm h500s, FW: lowi-h500s-v3.4.22 allows logged in administrators to arbitrary OS commands as root in the device via the connectiontype parameter of the statussupportdiagnostictracing.json endpoint...

Command injection

lifion-verify-dependencies through 1.1.0 is vulnerable to OS command injection via a crafted dependency name on the scanned project's package.json file...

Command injection

OS Command Injection vulnerability in es128 ssl-utils 1.0.0 for Node.js allows attackers to execute arbitrary commands via unsanitized shell metacharacters provided to the createCertRequest and the createCert functions...

lifion-verify-dependencies 操作系统命令注入漏洞

lifion-verify-dependencies is lifion's way of checking that the installed NPM module is the latest version currently available. A security vulnerability exists in lifion-verify-dependencies version 1.1.0, which can be exploited by an attacker to execute remote code...

Docker-Tester 操作系统命令注入漏洞

Docker-Tester uses docker-compose files to set up test environments and verify them before running tests. A security vulnerability exists in version 1.2.1 of Docker-Tester, which can be exploited by an attacker to maliciously execute operating system commands...

OS Command Injection in gogs

Impact The malicious user is able to upload a crafted config file into repository's .git directory with to gain SSH access to the server. All Windows installations with repository upload enabled default are affected. Patches Repository file uploads are prohibited to its .git directory. Users shou...

gitsome 操作系统命令注入漏洞

npm bbultman gitsome is a small library from npm, USA. It can help make decisions based on the data available in a git repository. A security vulnerability exists in gitsome version 0.2.3, which stems from the fact that an attacker controlling the tagged name of the target git repository may...

CVE-2021-34078

CVE-2021-34078 affects lifion-verify-dependencies up to version 1.1.0, enabling an OS command injection via a crafted dependency name in a project’s package.json. Multiple connected sources (Red Hat, Veracode, GitHub advisories, CVE/CVE lists) corroborate the vulnerability and its impact (high se...

CVE-2021-34078

lifion-verify-dependencies through 1.1.0 is vulnerable to OS command injection via a crafted dependency name on the scanned project's package.json file...

CVE-2021-34079

CVE-2021-34079 affects Mintzo Docker-Tester up to version 1.2.1. The Red Hat, Veracode, GitHub advisories and CVE records describe an OS command injection vulnerability in the docker-tester tooling, exploitable via shell metacharacters in the ports entry of a crafted docker-compose.yml file. The ...

CVE-2021-34080

CVE-2021-34080 describes an OS Command Injection in es128 ssl-utils 1.0.0 for Node.js, where unsanitized shell metacharacters supplied to createCertRequest() and createCert() enable arbitrary command execution. The provided connected documents (Red Hat, Veracode, GitHub advisory GHSA-552J-PV39-F3...

CVE-2021-34081

CVE-2021-34081 affects bbultman gitsome up to version 0.2.3. The issue is an OS command injection where an attacker can craft a tag name for a target git repository to execute arbitrary commands. NVD lists high/critical impact (CVSSv3.1 base score 8.8) with network attack vector, no privileges, u...

CVE-2021-34082

CVE-2021-34082 describes an OS command injection in the Node.js package proctree (versions up to 0.1.1 and the specific commit 0ac10ae575459457838f14e21d5996f2fa5c7593) where the vulnerable path is the getProcessTree/fix workflow. The root cause, per connected sources, is lack of sanitization of ...

CVE-2021-34084

CVE-2021-34084 is an OS command injection vulnerability affecting Turistforeningen node-s3-uploader up to version 2.0.3 for Node.js. The issue arises in the getMetadata/metadata() flow where untrusted input can be used to construct OS commands, enabling an attacker to execute arbitrary commands o...

OS Command Injection

Description A OS Command Injection in rancher continuous delivery panel, add repository function Proof of Concept first install a rancher in docker and login. Go to continuous delivery panel and click add repository button.\ set repository url as --upload-pack=$touch /tmp/poc, and click Create...

OS Command Injection in file editor

Description Deploy and run gogs. Proof of Concept 1. Create a repository and upload a file named config to the repository repo6. The content of the file is as follows: xml core repositoryformatversion = 0 filemode = true bare = false logallrefupdates = true ignorecase = true precomposeunicode =...

Exploit for OS Command Injection in Siemens Brownfield_Connectivity_Gateway

PoC exploit for CVE-2022-1292, an OpenSSL crehash vulnerability...