CVE-2021-45845

The Path Sanity Check script of FreeCAD 0.19 is vulnerable to OS command injection, allowing an attacker to execute arbitrary commands via a crafted FCStd document...

CVE-2021-45845

The Path Sanity Check script of FreeCAD 0.19 is vulnerable to OS command injection, allowing an attacker to execute arbitrary commands via a crafted FCStd document...

PT-2022-12432 · Freecad +1 · Freecad +1

Name of the Vulnerable Software and Affected Versions: FreeCAD version 0.19 Description: The issue is related to improper sanitization in the invocation of ODA File Converter from FreeCAD, allowing an attacker to inject OS commands via a crafted filename. Recommendations: For FreeCAD version 0.19...

PT-2022-12433 · Freecad · Freecad

Name of the Vulnerable Software and Affected Versions: FreeCAD version 0.19 Description: The Path Sanity Check script is vulnerable to OS command injection, allowing an attacker to execute arbitrary commands via a crafted FCStd document. Recommendations: For FreeCAD version 0.19, consider disabli...

CVE-2021-43589

Dell EMC Unity, Dell EMC UnityVSA and Dell EMC Unity XT versions prior to 5.1.2.0.5.007 contain an operating system OS command injection Vulnerability. A locally authenticated user with high privileges may potentially exploit this vulnerability, leading to the execution of arbitrary OS commands o...

CVE-2021-43589

Dell EMC Unity, Dell EMC UnityVSA and Dell EMC Unity XT versions prior to 5.1.2.0.5.007 contain an operating system OS command injection Vulnerability. A locally authenticated user with high privileges may potentially exploit this vulnerability, leading to the execution of arbitrary OS commands o...

CVE-2021-43589

The CVE-2021-43589 entry describes a local OS command injection in Dell EMC Unity family (Unity, UnityVSA, UnityXT) for versions prior to 5.1.2.0.5.007. A locally authenticated user with high privileges may execute arbitrary commands on the Unity underlying OS with the vulnerable application’s pr...

CVE-2022-20617

An OS command execution vulnerability was found in the Jenkins Docker Commons plugin. Due to a lack of sanitization in the name of an image or a tag, an attacker with Item/Configure permission or the ability to control the contents of a previously configured job’s SCM repository may be able to...

UniFi Network Application Unauthenticated Log4Shell Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'UniFi Network Application Unauthenticated JNDI Injection RCE via Log4Shell', 'Description' = %q The Ubiquiti UniFi Network Application versions...

UniFi Network Application Unauthenticated Log4Shell Remote Code Execution Exploit

The Ubiquiti UniFi Network Application versions 5.13.29 through 6.5.53 are affected by the Log4Shell vulnerability whereby a JNDI string can be sent to the server via the remember field of a POST request to the /api/login endpoint that will cause the server to connect to the attacker and...

Jenkins LTS < 2.319.2 / Jenkins weekly < 2.330 Multiple Vulnerabilities

According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.319.2 or Jenkins weekly prior to 2.330. It is, therefore, affected by multiple vulnerabilities: - A cross-site request forgery CSRF vulnerability in Jenkins 2.329 a...

Jenkins plugins Multiple Vulnerabilities (2022-01-12)

According to its their self-reported version number, the version of Jenkins plugins running on the remote web server are Jenkins Active Directory Plugin prior to 2.25.1, Badge Plugin prior to 1.9.1, Bitbucket Branch Source Plugin prior to 746., Configuration as Code Plugin prior to 1.55.1, Conjur...

VMware vCenter Server Unauthenticated JNDI Injection RCE (via Log4Shell)

VMware vCenter Server is affected by the Log4Shell vulnerability whereby a JNDI string can sent to the server that will cause it to connect to the attacker and deserialize a malicious Java object. This results in OS command execution in the context of the root user in the case of the Linux virtua...

VMware vCenter Server Unauthenticated Log4Shell JNDI Injection Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMware vCenter Server Unauthenticated JNDI Injection RCE via Log4Shell', 'Description' = %q VMware vCenter Server is affected by the Log4Shell...

Nagios XI OS Command Injection

Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server...

CVE-2021-33827

The filesantivirus component before 1.0.0 for ownCloud allows OS Command Injection via the administration settings...

Command injection

The filesantivirus component before 1.0.0 for ownCloud allows OS Command Injection via the administration settings...

CVE-2021-33827

The filesantivirus component before 1.0.0 for ownCloud allows OS Command Injection via the administration settings...

CVE-2021-33827

The filesantivirus component before 1.0.0 for ownCloud allows OS Command Injection via the administration settings...

CVE-2021-33827

The CVE-2021-33827 entry concerns the files_antivirus component for ownCloud (before 1.0.0) and describes an OS command injection vulnerability via the administration settings. Multiple connected documents corroborate this issue, stating that remote code execution is possible through admin-config...