CVE-2022-0841

CVE-2022-0841 concerns OS command injection in ljharb/npm-lockfile (GitHub: npm-lockfile) for versions 2.0.3 and 2.0.4. The Red Hat entry notes a flaw where npm-lockfile v2 did not sanitize the only parameter before invoking a sensitive command execution API, enabling command injection. Other sou...

Code Injection

Description The attacker can execute commands on the target OS running the operating system by setting the PLTRAINERGPUS when using the Trainer module. Proof of Concept bash $ pip3 install pytorch-lightning python import os from pytorchlightning import Trainer from...

CVE-2022-22301

An improper neutralization of special elements used in an OS Command vulnerability CWE-78 in FortiAP-C console 5.4.0 through 5.4.3, 5.2.0 through 5.2.1 may allow an authenticated attacker to execute unauthorized commands by running CLI commands with specifically crafted arguments...

CVE-2022-22301

An improper neutralization of special elements used in an OS Command vulnerability CWE-78 in FortiAP-C console 5.4.0 through 5.4.3, 5.2.0 through 5.2.1 may allow an authenticated attacker to execute unauthorized commands by running CLI commands with specifically crafted arguments...

CVE-2022-22301

Summary (CVE-2022-22301) : FortiAP-C consoles suffer from an OS command injection due to improper neutralization of special elements in CLI arguments. Affected versions range from 5.4.0 to 5.4.3 and 5.2.0 to 5.2.1. The issue can allow an authenticated attacker to execute arbitrary commands with C...

CVE-2021-43075

CVE-2021-43075 affects Fortinet FortiWLM (FortiWLM) where an improper neutralization of special elements used in OS commands allows an attacker to execute arbitrary commands via crafted HTTP requests to the alarm dashboard and controller configuration handlers. Affected versions include 8.6.2 and...

Exploit for OS Command Injection in Tp-Link Tl-Wr840N_Firmware

CVE-2022-25064 TP-LINK TL-WR840N RCE via the function oal...

C-DATA ONU4FERW OS Command Injection Vulnerability

C-DATA ONU4FERW is used for data management.C-DATA ONU4FERW is vulnerable to OS command injection, which can be exploited by attackers to execute arbitrary commands via the FormImportomCashell function...

FortiWLM - command Injection in script handlers

An improper neutralization of special elements used in an OS command 'OS Command Injection' CWE-78 vulnerability in FortiWLM may allow an authenticated attacker to execute arbitrary shell commands via crafted HTTP requests to the alarm dashboard and controller config handlers...

OS Command Injection

Description npm-lockfile before 2.0.4 does not santize unsafe external input and invoke sensitive command execution API with the input, causing command injection vulnerability. Proof of Concept // npm i [email protected] const getLockfile = require'npm-lockfile/getLockfile';...

OS Command Injection

github.com/google/fscrypt is vulnerable to OS command injection. The vulnerability exists in fscryptmountpoints function of fscryptbashcompletion because the "compgen -W" is not single quoted which allows an attacker to inject and execute untrusted arbitrary strings...

OS Command injection in Apache Airflow

In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI...

GHSA-3V7G-4PG3-7R6J OS Command injection in Apache Airflow

In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI...

Command injection

JetBrains TeamCity before 2021.2.3 was vulnerable to OS command injection in the Agent Push feature configuration...

CVE-2022-25263

JetBrains TeamCity before 2021.2.3 was vulnerable to OS command injection in the Agent Push feature configuration...

CVE-2022-25263

CVE-2022-25263 affects JetBrains TeamCity prior to 2021.2.3 and describes an OS command injection in the Agent Push feature configuration. The provided records consistently indicate this as a vulnerability in TeamCity, with multiple sources reiterating the same issue (lack of filtering/escaping o...

CVE-2022-24288

In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI...

CVE-2022-24288

In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI...

Command injection

In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI...

CVE-2022-24288 Apache Airflow: RCE in example DAGs

In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI...