JVN#72801744: UNIVERGE WA Series vulnerable to OS command injection

Remote system maintenance feature of UNIVERGE WA series "Local maintenance console/Remote maintenance console/Web based remote console maintenance" contains an OS command injection vulnerability CWE-78. Impact If an attacker who can access the product sends specific character strings or a special...

NEC UNIVERGE WA 操作系统命令注入漏洞

The NEC UNIVERGE WA is a series of wireless VPN routers from NEC Corporation of Japan. The NEC UNIVERGE WA suffers from an operating system command injection vulnerability that arises from a network system or product that does not properly filter special characters, commands, etc. from externally...

OS Command Injection

freecad is vulnerable to OS command injection. An attacker is able to exploit the vulnerability and execute arbitrary commands via a crafted FCStd document...

Tp-link Archer C2 OS Command Injection Vulnerability

TP-Link Archer C2 is a wireless router from Tp-link.TP-Link Archer C20i version 0.9.1 3.2 v003a.0 Build 170221 Rel.55462n is vulnerable due to a security flaw in the device's HTTP parameter XTP ExternalIPv6Address. ExternalIPv6Address in the device lacks filtering and escaping of user data, which...

OS Command Injection

genieacs is vulnerable to OS command injection. An attacker is able to inject malicious OS command via the ping host argument of lib/ui/api.ts and lib/ping.ts because it does not escape the argument and does not properly perform authorization check...

OS Command Injection in GenieACS

In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument lib/ui/api.ts and lib/ping.ts. The vulnerability arises from insufficient input validation combined with a missing authorization check...

GHSA-2877-693Q-PJ33 OS Command Injection in GenieACS

In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument lib/ui/api.ts and lib/ping.ts. The vulnerability arises from insufficient input validation combined with a missing authorization check...

CVE-2021-46704

In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument lib/ui/api.ts and lib/ping.ts. The vulnerability arises from insufficient input validation combined with a missing authorization check...

CVE-2021-46704

In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument lib/ui/api.ts and lib/ping.ts. The vulnerability arises from insufficient input validation combined with a missing authorization check...

Command injection

In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument lib/ui/api.ts and lib/ping.ts. The vulnerability arises from insufficient input validation combined with a missing authorization check...

CVE-2021-46704

CVE-2021-46704 – GenieACS : In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument in lib/ui/api.ts and lib/ping.ts. The root cause is insufficient input validation combined with a missing authorization check. This can...

CVE-2021-46704

In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument lib/ui/api.ts and lib/ping.ts. The vulnerability arises from insufficient input validation combined with a missing authorization check...

CVE-2021-44827

There is remote authenticated OS command injection on TP-Link Archer C20i 0.9.1 3.2 v003a.0 Build 170221 Rel.55462n devices vie the XTPExternalIPv6Address HTTP parameter, allowing a remote attacker to run arbitrary commands on the router with root privileges...

CVE-2021-44827

There is remote authenticated OS command injection on TP-Link Archer C20i 0.9.1 3.2 v003a.0 Build 170221 Rel.55462n devices vie the XTPExternalIPv6Address HTTP parameter, allowing a remote attacker to run arbitrary commands on the router with root privileges...

CVE-2022-0848 OS Command Injection in part-db/part-db

OS Command Injection in GitHub repository part-db/part-db prior to 0.5.11...

CVE-2022-0848

Summary (CVE-2022-0848): part-db/part-db prior to 0.5.11 is vulnerable to an OS Command Injection via unrestricted file upload, enabling remote code execution on the affected web server. Multiple sources document an RCE exploit and practical PoCs (e.g., packetstorm/huntr/exploit-db) that leverage...

OS Command Injection

npm-lockfile is vulnerable to OS command injection. An attacker is able to inject malicious OS command to invoke sensitive command execution API...

OS Command injection in npm-lockfile

npm-lockfile safely generates an npm lockfile and output it to the filename of your choice. npm-lockfile before 2.0.4 does not santize unsafe external input and invoke sensitive command execution API with the input, causing command injection vulnerability. A fix was released in version 2.0.5...

Backdoor.Win32.RemoteNC.beta4 Remote Command Execution

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/2862de561d91eedb265df4ae9b0fc872.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.RemoteNC.beta4 Vulnerability: Unauthenticated Remote Command Execution Description: T...

Command injection

OS Command Injection in GitHub repository ljharb/npm-lockfile in v2.0.3 and v2.0.4...