OS Command Injection

git-interface is vulnerable to OS command injection. When a user uses git clone feature, the use of command-line-argument --upload-pack with a valid directory on disk allows the destination directory to clone a repository too...

git-interface 操作系统命令注入漏洞

git-interface is an interface for using git repositories in node.js by the Russian individual developer Yarkeev Denis. A security vulnerability exists in yarkeev git-interface versions prior to 2.1.1, which stems from a lack of filtering of the git clone and git --upload-pack command line...

OS Command Injection

Jenkins Pipeline is vulnerable to OS command injection. It uses the same checkout directories for distinct SCMs for Pipeline libraries, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents. A flaw was found in Jenkins. Th...

OS Command Injection

jenkins-2-plugins is vulnerable to OS command injection. The vulnerability exists due to a lack of sanitization for distinct SCMs for the readTrusted step allowing an attacker with item/configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents...

CVE-2022-20721 Cisco IOx Application Hosting Environment Vulnerabilities

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being...

CVE-2022-27188

OS command injection vulnerability exists in CENTUM VP R4.01.00 to R4.03.00, CENTUM VP Small R4.01.00 to R4.03.00, CENTUM VP Basic R4.01.00 to R4.03.00, and B/M9000 VP R6.01.01 to R6.03.02, which may allow an attacker who can access the computer where the affected product is installed to execute ...

CVE-2022-27188

CVE-2022-27188 is a local OS command injection in Yokogawa CENTUM VP family. A local attacker who can access the affected machine could modify a file generated by Graphic Builder to execute arbitrary OS commands. Affected: CENTUM VP variants R4.01.00–R4.03.00, CENTUM VP Small/BASIC (same ranges),...

CVE-2021-22795

A CWE-78 Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could cause remote code execution when performed over the network. Affected Product: StruxureWare Data Center Expert V7.8.1 and prior...

CVE-2022-0999

CVE-2022-0999 affects mySCADA myPRO, versions 8.25.0 and earlier. It stems from improper neutralization of special elements used in a command (CWE-77) that allows an authenticated user to inject arbitrary operating system commands. Impacts reported include high-severity outcomes (CVE metrics show...

CVE-2021-26116

An improper neutralization of special elements used in an OS command vulnerability in the command line interpreter of FortiAuthenticator before 6.3.1 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands...

Command injection

An improper neutralization of special elements used in an OS command vulnerability in the command line interpreter of FortiAuthenticator before 6.3.1 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands...

Command injection

Multiple OS command injection CWE-78 vulnerabilities in the command line interface of FortiManager 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, FortiAnalyzer 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, and FortiPortal 5.2.5 and belo...

CVE-2021-26116

An improper neutralization of special elements used in an OS command vulnerability in the command line interpreter of FortiAuthenticator before 6.3.1 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands...

CVE-2021-26116

An improper neutralization of special elements used in an OS command vulnerability in the command line interpreter of FortiAuthenticator before 6.3.1 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands...

CVE-2021-26104

CVE-2021-26104 corresponds to multiple OS command injection vulnerabilities in Fortinet FortiManager (versions 6.2.7 and below, 6.4.5 and below, and all 6.2.x, 6.0.x, 5.6.x), FortiAnalyzer (same version ranges), and FortiPortal (5.2.5–5.3.5 and 6.0.4 and below). The flaws allow a local authentica...

Command injection

Multiple improper neutralization of special elements used in an OS command vulnerabilities CWE-78 in the Web GUI of FortiWAN before 4.5.9 may allow an authenticated attacker to execute arbitrary commands on the underlying system's shell via specifically crafted HTTP requests...

CVE-2021-24009

Multiple improper neutralization of special elements used in an OS command vulnerabilities CWE-78 in the Web GUI of FortiWAN before 4.5.9 may allow an authenticated attacker to execute arbitrary commands on the underlying system's shell via specifically crafted HTTP requests...

CVE-2021-24009

CVE-2021-24009 affects Fortinet FortiWAN through its Web GUI. The issue is an OS command injection (CWE-78) caused by improper neutralization of special elements in HTTP requests, allowing an authenticated attacker to execute arbitrary commands on the underlying system shell. Impact is high, with...

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The package github.com/masterminds/vcs before 1.13.3 is vulnerable to Command Injection via argument injection. When hg is executed, argument strings are passed to hg in a way that additional flags can be set. The additional flags can be used to perform a command injection...

CVE-2022-22986

Netcommunity OG410X and OG810X series Netcommunity OG410Xa, OG410Xi, OG810Xa, and OG810Xi firmware Ver.2.28 and earlier allow an attacker on the adjacent network to execute an arbitrary OS command via a specially crafted config file...