CVE-2022-22951

VMware Carbon Black App Control 8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7.4 and 8.8.x prior to 8.8.2 contains an OS command injection vulnerability. An authenticated, high privileged malicious actor with network access to the VMware App Control administration interface may b...

CVE-2021-27476

The CVE-2021-27476 issue affects Rockwell Automation FactoryTalk AssetCentre (v10.00 and earlier) with a flaw in the SaveConfigFile function of the RACompare Service that may allow an unauthenticated remote attacker to inject and execute OS commands. Impact is described as arbitrary command execu...

CVE-2021-27476 Rockwell Automation FactoryTalk AssetCentre OS Command Injection

A vulnerability exists in the SaveConfigFile function of the RACompare Service, which may allow for OS command injection. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier...

VMware Carbon Black App Control 操作系统命令注入漏洞

VMware Carbon Black App Control is an application control product from VMware USA. It is used to lock down servers and critical systems to prevent unwanted changes. VMware Carbon Black App Control suffers from an operating system command injection vulnerability that originates from improper input...

VMware Carbon Black App Control update addresses multiple vulnerabilities (CVE-2022-22951, CVE-2022-22952)

3a. OS command injection vulnerability in VMware Carbon Black App Control CVE-2022-22951 VMware Carbon Black App Control contains an OS command injection vulnerability. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.1. 3b...

RHEL 7 / 8 : OpenShift Container Platform 4.8.35 (RHSA-2022:0871)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0871 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

Exploit for Improper Access Control in Webmin

CVE-2022-0824 !Dockerhttps://github.com/cryst4lliz3/CVE-2...

Pascom Cloud Phone System OS Command Injection Vulnerability

Pascom Cloud Phone System is a cloud phone system from Pascom. An operating system command injection vulnerability exists in Pascom Cloud Phone System, which stems from the failure of /services/apply in exd.pl to properly filter the special elements of the construct snippet, which can be exploite...

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Apache Dubbo prior to 2.6.9 and 2.7.9 supports Script routing which will enable a customer to route the request to the right server. These rules are used by the customers when making a request in order to find the right endpoint. When parsing these rules, Dubbo customers use ScriptEngine and run...

CVE-2021-23632

All versions of package git are vulnerable to Remote Code Execution RCE due to missing sanitization in the Git.git method, which allows execution of OS commands rather than just git commands. Steps to Reproduce 1. Create a file named exploit.js with the following content: js var Git =...

CVE-2021-23632

CVE-2021-23632 affects all versions of the npm package git. The root cause is missing sanitization in the Git.git method, allowing input to execute OS commands rather than just git commands, enabling Remote Code Execution. The provided PoC demonstrates injecting commands via repo.git(input) to ru...

CVE-2022-22273

Improper neutralization of Special Elements leading to OS Command Injection vulnerability impacting end-of-life Secure Remote Access SRA products and older firmware versions of Secure Mobile Access SMA 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier...

CVE-2022-22273

Improper neutralization of Special Elements leading to OS Command Injection vulnerability impacting end-of-life Secure Remote Access SRA products and older firmware versions of Secure Mobile Access SMA 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier...

CVE-2022-22273

Improper neutralization of Special Elements leading to OS Command Injection vulnerability impacting end-of-life Secure Remote Access SRA products and older firmware versions of Secure Mobile Access SMA 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier...

CVE-2022-22273

Improper neutralization of Special Elements leading to OS Command Injection vulnerability impacting end-of-life Secure Remote Access SRA products and older firmware versions of Secure Mobile Access SMA 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier...

CVE-2022-22273

Improper neutralization of Special Elements leading to OS Command Injection vulnerability impacting end-of-life Secure Remote Access SRA products and older firmware versions of Secure Mobile Access SMA 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier...

CVE-2022-22273

CVE-2022-22273 describes an OS Command Injection in end-of-life SonicWall SRA appliances and SMA 100 series firmware (SRA 8.x and SMA 9.0.0.5-19sv / 9.0.0.9-26sv and earlier). Root cause: improper neutralization of special elements. Impact: post-auth access leading to command execution with high ...

CVE-2022-25621

CVE-2022-25621 affects NEC UNIVERGE WA Series (e.g., WA 1020/1510/1511/1512/2020/2021 and AP variants) with an OS command injection vulnerability in the product’s remote/local maintenance consoles. Root cause: improper handling of input in the OS command construction allows a remote attacker to e...

Exploit for OS Command Injection in Part-Db_Project Part-Db

CVE-2022-0848 Remo...

UNIVERGE WA Series vulnerable to OS command injection

Overview UNIVERGE WA Series provided by NEC Platforms, Ltd. contains an OS command injection vulnerability. Remote system maintenance feature of UNIVERGE WA series "Local maintenance console/Remote maintenance console/Web based remote console maintenance" contains an OS command injection...