9810 matches found
Security Bulletin: IBM FileNet Content Manager Operating System command injection security vulnerability
Summary FileNet Content Manager component Administration Console for Content Platform Engine ACCE user Operating System command injection security vulnerability Vulnerability Details CVEID: CVE-2021-38965 DESCRIPTION: IBM FileNet Content Manager could allow a remote authenticated attacker to...
CVE-2021-33962
China Mobile An Lianbao WF-1 router v1.0.1 is affected by an OS command injection vulnerability in the web interface /api/ZRUsb/popusbdevice component...
CVE-2021-33962
China Mobile An Lianbao WF-1 router v1.0.1 is affected by an OS command injection vulnerability in the web interface component /api/ZRUsb/pop_usb_device. The issue originates from a lack of proper command filtering and escaping in the web interface, enabling an attacker to inject OS commands. The...
GHSA-JPXJ-VGQ5-PRJC OS command execution vulnerability in Jenkins Docker Commons Plugin
Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able to control the contents of a previously configured job's SCM repository...
OS command execution vulnerability in Jenkins Docker Commons Plugin
Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able to control the contents of a previously configured job's SCM repository...
CVE-2022-20617
Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able to control the contents of a previously configured job's SCM repository...
CVE-2022-20617
Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able to control the contents of a previously configured job's SCM repository...
Command injection
Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able to control the contents of a previously configured job's SCM repository...
CVE-2022-23118
CVE-2022-23118 affects the Jenkins Debian Package Builder Plugin, version 1.6.11 and earlier. The vulnerability arises because the plugin allows agents to invoke the command-line git at an attacker-specified path on the Jenkins controller, enabling attackers who control agent processes to execute...
CVE-2022-20617
Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able to control the contents of a previously configured job's SCM repository...
CVE-2022-20617
CVE-2022-20617 affects the Jenkins Docker Commons Plugin (1.17 and earlier); OS command execution arises from unsanitized image/tag names. Exploitation requires Item/Configure permission or control over a job’s SCM content. The provided documents indicate this vulnerability is addressed in relate...
CVE-2021-42561
CVE-2021-42561 affects CALDERA 2.8.1 where the Human plugin passes an unsanitized name parameter to Python os.system, enabling shell metacharacters to escape commands and execute arbitrary code. Multiple vendors and advisories (Red Hat, CNVD, OSV, CVE lists) corroborate a command-injection vulner...
CVE-2021-20038..42: SonicWall SMA 100 Multiple Vulnerabilities (FIXED)
Over the course of routine security research, Rapid7 researcher Jake Baines discovered and reported five vulnerabilities involving the SonicWall Secure Mobile Access SMA 100 series of devices, which includes SMA 200, 210, 400, 410, and 500v. The most serious of these issues can lead to...
GHSA-W2PM-R78H-4M7V OS Command Injection in Laravel Framework
OS Command injection vulnerability in function link in Filesystem.php in Laravel Framework before 5.8.17...
CVE-2021-45912
An unauthenticated Named Pipe channel in Controlup Real-Time Agent cuAgent.exe before 8.5 potentially allows an attacker to run OS commands via the ProcessActionRequest WCF method...
Command injection
An unauthenticated Named Pipe channel in Controlup Real-Time Agent cuAgent.exe before 8.5 potentially allows an attacker to run OS commands via the ProcessActionRequest WCF method...
CVE-2021-45913
A hardcoded key in ControlUp Real-Time Agent cuAgent.exe before 8.2.5 may allow a potential attacker to run OS commands via a WCF channel...
CVE-2021-45913
A hardcoded key in ControlUp Real-Time Agent cuAgent.exe before 8.2.5 may allow a potential attacker to run OS commands via a WCF channel...
Hardcoded credentials
A hardcoded key in ControlUp Real-Time Agent cuAgent.exe before 8.2.5 may allow a potential attacker to run OS commands via a WCF channel...
CVE-2021-45912
Controlup Real-Time Agent (cuAgent.exe) exposes an unauthenticated Named Pipe channel that, before version 8.5, allows an attacker to execute OS commands via the ProcessActionRequest WCF method. Impact is local and could enable command execution with the attacker’s privileges. Remediation per sou...