OS command injection in CryptoMove Plugin

CryptoMove Plugin 0.1.33 and earlier allows the configuration of an OS command to execute as part of its build step configuration. This command will be executed on the Jenkins controller as the OS user account running Jenkins, allowing user with Job/Configure permission to execute an arbitrary OS...

GHSA-P5X5-JG3J-2JCJ OS command injection in CryptoMove Plugin

CryptoMove Plugin 0.1.33 and earlier allows the configuration of an OS command to execute as part of its build step configuration. This command will be executed on the Jenkins controller as the OS user account running Jenkins, allowing user with Job/Configure permission to execute an arbitrary OS...

Missing permission checks in Jenkins Sounds Plugin allow OS command execution

Jenkins Sounds Plugin 0.5 and earlier does not perform permission checks in URLs performing form validation, allowing attackers with Overall/Read access to execute arbitrary OS commands as the OS user account running Jenkins...

CSRF vulnerability in Jenkins Sounds Plugin allow OS command execution

A cross-site request forgery vulnerability in Jenkins Sounds Plugin 0.5 and earlier allows attacker to execute arbitrary OS commands as the OS user account running Jenkins...

GHSA-H8W6-C53G-53VV Missing permission checks in Jenkins Sounds Plugin allow OS command execution

Jenkins Sounds Plugin 0.5 and earlier does not perform permission checks in URLs performing form validation, allowing attackers with Overall/Read access to execute arbitrary OS commands as the OS user account running Jenkins...

GHSA-X37X-3FW2-5QW2 CSRF vulnerability in Jenkins Sounds Plugin allow OS command execution

A cross-site request forgery vulnerability in Jenkins Sounds Plugin 0.5 and earlier allows attacker to execute arbitrary OS commands as the OS user account running Jenkins...

Treekill Enables OS Command Injection

A Code Injection exists in treekill and tree-kill on Windows which allows a remote code execution when an attacker is able to control the input into the command. Steps To Reproduce: Create the following PoC file: js var kill = require'treekill'; kill'3333332 & echo "HACKED" HACKED.txt & '; Execut...

Magento 2 Community Edition RCE Vulnerability

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with system data manipulation privileges can execute aribitrary code through arbitrary file deletion and OS command injection. As per the Magento Release 2.3....

GHSA-47H6-HFPV-7PHJ Magento 2 Community Edition RCE Vulnerability

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with system data manipulation privileges can execute aribitrary code through arbitrary file deletion and OS command injection. As per the Magento Release 2.3....

Improper Neutralization of Special Elements used in an OS Command in Jenkins Git Client Plugin

Jenkins Git Client Plugin 2.8.4 and earlier did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection...

GHSA-HW6X-2QWV-RXR7 Improper Neutralization of Special Elements used in an OS Command in Jenkins Git Client Plugin

Jenkins Git Client Plugin 2.8.4 and earlier did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection...

OS Command Injection

maven-shared-utils is vulnerable to OS command injection. The vulnerability exists due to the use of double-quoted strings without proper escaping which allows an attacker to execute shell commands...

Design/Logic Flaw

A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series...

CVE-2022-26532

A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series...

Command injection

OS Command Injection in GitHub repository yogeshojha/rengine prior to 1.2.0...

CVE-2022-1813

CVE-2022-1813 describes an OS Command Injection in the GitHub project yogeshojha/rengine before version 1.2.0. The vulnerability allows arbitrary OS commands to be executed, with network access as the attack vector and no authentication required (per NVD: AV:N/AC:L/PR:N/UI:N/S:U). Affected compon...

CVE-2020-24916

CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection...

CVE-2021-45845

The Path Sanity Check script of FreeCAD 0.19 is vulnerable to OS command injection, allowing an attacker to execute arbitrary commands via a crafted FCStd document...

CVE-2022-31245

mailcow before 2022-05d allows a remote authenticated user to inject OS commands and escalate privileges to domain admin via the --debug option in conjunction with the ---PIPEMESS option in Sync Jobs...

CVE-2022-31245

mailcow before 2022-05d allows a remote authenticated user to inject OS commands and escalate privileges to domain admin via the --debug option in conjunction with the ---PIPEMESS option in Sync Jobs...