meterN v1.2.3 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: meterN v1.2.3 - Remote Code Execution RCE Authenticated Date: 18/11/2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.metern.org !-- meterN v1.2.3 Authenticated Remote Command Execution Vulnerability Vendor: Jean-Marc Louviaux Product web page: https://www.metern.org...

meterN v1.2.3 Authenticated Remote Command Execution Vulnerability

Summary meterN is a set of PHP/JS files that make a -Home energy metering & monitoring- solution. It accept any meters like : electrical, water, gas, fuel consumption, solar, Wind energy production and so on. Sensors such as temperature or humidity are also accepted. The philosophy is: To keep it...

OS Command Injection in fsa

fsa through 0.5.1 is vulnerable to Command Injection. The first argument of 'execGitCommand', located within 'lib/rep.js63' can be controlled by users without any sanitization to inject arbitrary commands...

Exploit for Code Injection in Mariadb

CVE-2021-27928 POC Description A remote code execution is...

CVE-2021-40861

A SQL Injection in the custom filter query component in Genesys intelligent Workload Distribution IWD 9.0.017.07 allows an attacker to execute arbitrary SQL queries via the value attribute, with which all data in the database can be extracted and OS command execution is possible depending on the...

CVE-2021-40860

A SQL Injection in the custom filter query component in Genesys intelligent Workload Distribution IWD before 9.0.013.11 allows an attacker to execute arbitrary SQL queries via the qlexpression parameter, with which all data in the database can be extracted and OS command execution is possible...

CVE-2021-40861

A SQL Injection in the custom filter query component in Genesys intelligent Workload Distribution IWD 9.0.017.07 allows an attacker to execute arbitrary SQL queries via the value attribute, with which all data in the database can be extracted and OS command execution is possible depending on the...

Sql injection

A SQL Injection in the custom filter query component in Genesys intelligent Workload Distribution IWD 9.0.017.07 allows an attacker to execute arbitrary SQL queries via the value attribute, with which all data in the database can be extracted and OS command execution is possible depending on the...

Sql injection

A SQL Injection in the custom filter query component in Genesys intelligent Workload Distribution IWD before 9.0.013.11 allows an attacker to execute arbitrary SQL queries via the qlexpression parameter, with which all data in the database can be extracted and OS command execution is possible...

CVE-2021-40861

A SQL Injection in the custom filter query component in Genesys intelligent Workload Distribution IWD 9.0.017.07 allows an attacker to execute arbitrary SQL queries via the value attribute, with which all data in the database can be extracted and OS command execution is possible depending on the...

CVE-2021-40860

A SQL Injection in the custom filter query component in Genesys intelligent Workload Distribution IWD before 9.0.013.11 allows an attacker to execute arbitrary SQL queries via the qlexpression parameter, with which all data in the database can be extracted and OS command execution is possible...

Command injection in git-it-electron

Git-it through 4.4.0 allows OS command injection at the Branches Aren't Just For Birds challenge step. During the verification process, it attempts to run the reflog command followed by the current branch name which is not sanitized for execution...

GHSA-WJQC-J537-J9GJ Command injection in git-it-electron

Git-it through 4.4.0 allows OS command injection at the Branches Aren't Just For Birds challenge step. During the verification process, it attempts to run the reflog command followed by the current branch name which is not sanitized for execution...

Git-it OS Command Injection Vulnerability

Git-it is a free, open-source distributed version control system. Git-it is vulnerable to an OS command injection vulnerability that could be exploited by an attacker to inject OS commands during the Branches Arent For Birds challenge step...

CVE-2021-44685

Git-it through 4.4.0 allows OS command injection at the Branches Aren't Just For Birds challenge step. During the verification process, it attempts to run the reflog command followed by the current branch name which is not sanitized for execution...

Command injection

Git-it through 4.4.0 allows OS command injection at the Branches Aren't Just For Birds challenge step. During the verification process, it attempts to run the reflog command followed by the current branch name which is not sanitized for execution...

Meru AP - Unrestricted execution of OS commands as root

An improper sanitization of commands elements OS Command Injection vulnerability CWE-78 in Meru AP may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted commands in Meru AP's CLI...

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in AjaxNetProfessional...

CVE-2021-44685

Git-it up to version 4.4.0 is affected by an OS command injection vulnerability (CVE-2021-44685) in the Branches Aren’t For Birds challenge. During verification, it executes reflog followed by the current branch name without sanitization, enabling injection. Public metrics indicate a high/critica...

GHSA-FF45-7PRW-58VJ OS Command injection in docker-cli-js

Withdrawn After reviewing this CVE, and this response from the maintainer, we have withdrawn this advisory. Original CVE description This affects all versions of package docker-cli-js. If the command parameter of the Docker.command method can at least be partially controlled by a user, they will ...