9813 matches found
CVE-2021-41739
The CVE-2021-41739 issue affects Artica Proxy 4.30.000000, where an OS Command Injection is possible via cyrus.events.php using the GET parameter logs and the POST parameter rp. Multiple connected sources confirm the vulnerability and describe the root cause as lack of input filtering/escaping on...
workflow-cps-global-lib: OS command execution through crafted SCM contents
A flaw was found in Jenkins. The JenkinsPipeline: Shared Groovy Libraries uses the same checkout directories for distinct SCMs for Pipeline libraries. This flaw allows attackers with item/configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents. This...
Command injection
An OS Command Injection vulnerability in the configuration parser of Eve-NG Professional through 4.0.1-65 and Eve-NG Community through 2.0.3-112 allows a remote authenticated attacker to execute commands as root by editing virtualization command parameters of imported UNL files...
CVE-2022-27903
The CVE-2022-27903 entry describes an OS Command Injection in Eve-NG’s configuration parser affecting Eve-NG Professional up to 4.0.1-65 and Eve-NG Community up to 2.0.3-112. The vulnerability allows a remote authenticated attacker to run commands as root by editing virtualization command paramet...
RHEL 7 / 8 : OpenShift Container Platform 4.6.57 (RHSA-2022:1620)
The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1620 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...
Tenda HG6 3.3.0 Remote Command Injection Vulnerability
Tenda HG6 version 3.3.0 suffers from a remote command injection vulnerability. It can be exploited to inject and execute arbitrary shell commands through the pingAddr and traceAddr HTTP POST parameters in formPing, formPing6, formTracert and formTracert6 interfaces. Tenda HG6 v3.3.0 Remote Comman...
Tenda HG6 3.3.0 Remote Command Injection
Tenda HG6 v3.3.0 Remote Command Injection Vulnerability Vendor: Tenda Technology Co.,Ltd. Product web page: https://www.tendacn.com https://www.tendacn.com/product/HG6.html Affected version: Firmware version: 3.3.0-210926 Software version: v1.1.0 Hardware Version: v1.0 Check Version:...
Tenda HG6 v3.3.0 Remote Command Injection Vulnerability
Summary HG6 is an intelligent routing passive optical network terminal in Tenda FTTH solution. HG6 provides 4 LAN ports1GE,3FE, a voice port to meet users' requirements for enjoying the Internet, HD IPTV and VoIP multi-service applications. Description The application suffers from an authenticate...
Yokogawa CENTUM and ProSafe-RS
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Yokogawa Equipment: CENTUM and ProSafe-RS Vulnerabilities: OS Command Injection, Improper Authentication, NULL Pointer Dereference, Improper Input Validation, Resource Management Errors 2. RISK...
D-Link DIR-823-Pro 操作系统命令注入漏洞
The D-Link DIR-823-Pro is a router from China-based AUO D-Link. The D-Link DIR-823-Pro version 1.0.2 suffers from an operating system command injection vulnerability that originates from the inclusion of a command injection vulnerability in the function SetNTPserverSeting. An attacker could explo...
CVE-2021-46422
Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication...
CVE-2021-46422
Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication...
CVE-2021-46422
CVE-2021-46422 affects Telesquare SDT-CW3B1 1.1.0 with an OS command injection vulnerability that allows remote command execution without authentication. The NVD entry lists a CVSS v3.1 base score of 9.8 (CRITICAL), with network access, no user interaction, and high impact to confidentiality, int...
workflow-cps: OS command execution through crafted SCM contents
A flaw was found in Jenkins. The Pipeline: Groovy Plugin uses the same checkout directories for distinct SCMs when reading the script file typically Jenkinsfile for Pipelines. This flaw allows attackers with item/configure permission to invoke arbitrary OS commands on the controller through craft...
CVE-2022-29078
The ejs aka Embedded JavaScript templates package 3.1.6 for Node.js allows server-side template injection in settingsview optionsoutputFunctionName. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command which is executed upon template...
CVE-2022-29078
The ejs aka Embedded JavaScript templates package 3.1.6 for Node.js allows server-side template injection in settingsview optionsoutputFunctionName. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command which is executed upon template...
Design/Logic Flaw
The ejs aka Embedded JavaScript templates package 3.1.6 for Node.js allows server-side template injection in settingsview optionsoutputFunctionName. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command which is executed upon template...
CVE-2022-29078
The ejs aka Embedded JavaScript templates package 3.1.6 for Node.js allows server-side template injection in settingsview optionsoutputFunctionName. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command which is executed upon template...
CVE-2022-29078
The ejs aka Embedded JavaScript templates package 3.1.6 for Node.js allows server-side template injection in settingsview optionsoutputFunctionName. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command which is executed upon template...
CVE-2022-29078
The ejs aka Embedded JavaScript templates package 3.1.6 for Node.js allows server-side template injection in settingsview optionsoutputFunctionName. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command which is executed upon template...