Design/Logic Flaw

mailcow before 2022-05d allows a remote authenticated user to inject OS commands and escalate privileges to domain admin via the --debug option in conjunction with the ---PIPEMESS option in Sync Jobs...

CVE-2022-25224

Proton v0.2.0 allows an attacker to create a malicious link inside a markdown file. When the victim clicks the link, the application opens the site in the current frame allowing an attacker to host JavaScript code in the malicious link in order to trigger an XSS attack. The 'nodeIntegration'...

Design/Logic Flaw

Proton v0.2.0 allows an attacker to create a malicious link inside a markdown file. When the victim clicks the link, the application opens the site in the current frame allowing an attacker to host JavaScript code in the malicious link in order to trigger an XSS attack. The 'nodeIntegration'...

InHand Networks InRouter302 OS Command Injection Vulnerability (CNVD-2022-59176)

InHand Networks InRouter Series is a series of routers from InHand Networks, Inc. InHand Networks InRouter302 version 3.5.4 has an operating system command injection vulnerability that could be exploited by an attacker to execute arbitrary commands with the help of specially crafted network...

Zyxel Firewall SetWanPortSt command injection

Added: 05/20/2022 Background Zyxel Firewalls are a business solution providing protection from malware and unauthorized access. Problem Zyxel USG FLEX, ATP series, and VPN series firewalls are affected by a vulnerability in the SetWanPortSt command which could allow an attacker to inject arbitrar...

CVE-2022-30105

CVE-2022-30105 concerns Belkin N300 firmware 1.00.08. The vulnerability exists in the script at /setting_hidden.asp (accessible before and after configuration) where multiple form parameters are not properly sanitized after a POST to the web interface, enabling remote command injection with root ...

CVE-2022-29516

The web console of FUJITSU Network IPCOM series IPCOM EX2 IN3200, 3500, IPCOM EX2 LB1100, 3200, 3500, IPCOM EX2 SC1100, 3200, 3500, IPCOM EX2 NW1100, 3200, 3500, IPCOM EX2 DC, IPCOM EX2 DC, IPCOM EX IN2300, 2500, 2700, IPCOM EX LB1100, 1300, 2300, 2500, 2700, IPCOM EX SC1100, 1300, 2300, 2500,...

Command injection

The web console of FUJITSU Network IPCOM series IPCOM EX2 IN3200, 3500, IPCOM EX2 LB1100, 3200, 3500, IPCOM EX2 SC1100, 3200, 3500, IPCOM EX2 NW1100, 3200, 3500, IPCOM EX2 DC, IPCOM EX2 DC, IPCOM EX IN2300, 2500, 2700, IPCOM EX LB1100, 1300, 2300, 2500, 2700, IPCOM EX SC1100, 1300, 2300, 2500,...

CVE-2022-29516

CVE-2022-29516 affects FUJITSU Network IPCOM EX2/VE2/VA2/VE1 series where the web console allows a remote attacker to inject and execute arbitrary OS commands due to improper input validation in the web management interface. Affected products include IPCOM EX2 (various models: IN, LB, SC, NW, DC)...

CVE-2022-1360 Cambium Networks cnMaestro OS Command Injection

The affected On-Premise cnMaestro is vulnerable to execution of code on the cnMaestro hosting server. This could allow a remote attacker to change server configuration settings...

CVE-2022-1357 Cambium Networks cnMaestro OS Command Injection

The affected On-Premise cnMaestro allows an unauthenticated attacker to access the cnMaestro server and execute arbitrary code in the privileges of the web server. This lack of validation could allow an attacker to append arbitrary data to the logger command...

Karteek Docsplit vulnerable to OS Command Injection

The extractfromocr function in lib/docsplit/textextractor.rb in the Karteek Docsplit karteek-docsplit gem 0.5.4 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a PDF filename...

GHSA-4FVG-PWV7-V54G Karteek Docsplit vulnerable to OS Command Injection

The extractfromocr function in lib/docsplit/textextractor.rb in the Karteek Docsplit karteek-docsplit gem 0.5.4 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a PDF filename...

SolarView Compact 6.0 - OS Command Injection Vulnerability

Exploit Title: SolarView Compact 6.0 - OS Command Injection Exploit Author: Ahmed Alroky Author Company : AIactive Version: ver.6.00 Vendor home page : https://www.contec.com/ Authentication Required: No CVE : CVE-2022-29303 Tested on: Windows Exploit HTTP Request : POST /confmail.php HTTP/1.1...

SolarView Compact 6.0 Command Injection

Exploit Title: SolarView Compact 6.0 - OS Command Injection Date: 2022-05-15 Exploit Author: Ahmed Alroky Author Company : AIactive Version: ver.6.00 Vendor home page : https://www.contec.com/ Authentication Required: No CVE : CVE-2022-29303 Tested on: Windows Exploit HTTP Request : POST...

SolarView Compact 6.0 - OS Command Injection

Exploit Title: SolarView Compact 6.0 - OS Command Injection Date: 2022-05-15 Exploit Author: Ahmed Alroky Author Company : AIactive Version: ver.6.00 Vendor home page : https://www.contec.com/ Authentication Required: No CVE : CVE-2022-29303 Tested on: Windows Exploit HTTP Request : POST...

SDT-CW3B1 1.1.0 - OS Command Injection

Exploit Title: SDT-CW3B1 1.1.0 - OS command injection Date: 2022-05-12 Exploit Author: Ahmed Alroky Author Company : AIactive Version: 1.0.0 Vendor home page : http://telesquare.co.kr/ Authentication Required: No CVE : CVE-2021-46422 Tested on: Windows HTTP Request GET...

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The web interface CobblerWeb in Cobbler before 1.2.9 allows remote authenticated users to execute arbitrary Python code in cobblerd by editing a Cheetah kickstart template to import arbitrary Python modules...

SDT-CW3B1 1.1.0 Command Injection

Exploit Title: SDT-CW3B1 1.1.0 - OS command injection Date: 2022-05-12 Exploit Author: Ahmed Alroky Author Company : AIactive Version: 1.0.0 Vendor home page : http://telesquare.co.kr/ Authentication Required: No CVE : CVE-2021-46422 Tested on: Windows HTTP Request GET...

SMA100 post-authentication Remote Command Execution vulnerability

Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inject OS Command as a 'root' user which potentially leads to remote command execution vulnerability or denial of service DoS attack.IMPORTANT: SMA 100...