CVE-2021-3727 OS Command Injection in ohmyzsh/ohmyzsh

Vulnerability in rand-quote and hitokoto plugins Description: the rand-quote and hitokoto fetch quotes from quotationspage.com and hitokoto.cn respectively, do some process on them and then use print -P to print them. If these quotes contained the proper symbols, they could trigger command...

JVN#88993473: Multiple vulnerabilities in multiple ELECOM LAN routers

Multiple ELECOM LAN routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Buffer overflow CWE-121 - CVE-2021-20852 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H| Base Score: 6.8 CVSS v2| AV:A/AC:L/Au:S/C:P/I:P/A:P| Base Score...

EFM ipTIME C200 IP Camera 操作系统命令注入漏洞

EFM ipTIME C200 IP Camera is a hardware device from EFM Korea. It provides a camera device for surveillance. The EFM ipTIME C200 IP Camera suffers from an operating system command injection vulnerability that stems from the fact that when the ipTIME C200 IP Camera is synchronized with the ipTIME...

OS Command Injection

baserproject/basercms is vulnerable to OS command injection. An attacker can upload malicious zip files through the upload functionality in the library, leading to the path traversal on the host operating system...

CVE-2021-41243

There is a Potential Zip Slip Vulnerability and OS Command Injection Vulnerability on the management system of baserCMS. Users with permissions to upload files may upload crafted zip files which may execute arbitrary commands on the host operating system. This is a vulnerability that needs to be...

CVE-2021-41243

There is a Potential Zip Slip Vulnerability and OS Command Injection Vulnerability on the management system of baserCMS. Users with permissions to upload files may upload crafted zip files which may execute arbitrary commands on the host operating system. This is a vulnerability that needs to be...

CVE-2021-41243

CVE-2021-41243 affects baserCMS management system. Affected: baserCMS ≤ 4.5.3 (and related OSV/GHSA entries). Vulnerability: OS command injection and a Zip Slip-like issue where an uploaded crafted ZIP by users with file-upload privileges can cause arbitrary commands to run on the host; data expo...

Multiple vulnerabilities in baserCMS

Overview baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2021-41243 Arbitrary code upload vulnerability in Database restore CWE-434 - CVE-2021-41279 CVE-2021-41243 Akagi Yusuke of NTT-ME CORPORATION reported this...

JVN#81376414: Multiple vulnerabilities in baserCMS

baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2021-41243 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H| Base Score: 8.8 CVSS v2| AV:N/AC:L/Au:S/C:C/I:C/A:C| Base Score: 9.0...

D-Link DWR-932C E1 Command Injection Vulnerability

The D-Link Dwr-932C E1 is a WiFi mobile modem router from China-based D-Link.A security vulnerability exists in the D-Link DWR-932C E1 firmware, which stems from an OS command injection in debugfcgi. An attacker could exploit this vulnerability to perform command injection via a crafted HTTP...

Command injection

PowerCMS XMLRPC API of PowerCMS 5.19 and earlier, PowerCMS 4.49 and earlier, PowerCMS 3.295 and earlier, and PowerCMS 2 Series End-of-Life, EOL allows a remote attacker to execute an arbitrary OS command via unspecified vectors...

CVE-2021-20850

PowerCMS XMLRPC API of PowerCMS 5.19 and earlier, PowerCMS 4.49 and earlier, PowerCMS 3.295 and earlier, and PowerCMS 2 Series End-of-Life, EOL allows a remote attacker to execute an arbitrary OS command via unspecified vectors...

CVE-2021-20850

CVE-2021-20850 affects PowerCMS 5.19 and earlier, PowerCMS 4.49 and earlier, PowerCMS 3.295 and earlier, and PowerCMS 2 Series (EOL). The vulnerability is an OS command injection through the PowerCMS XMLRPC API, allowing a remote attacker to execute arbitrary commands. The XMLRPC API usage (mt-xm...

JVN#17645965: PowerCMS XMLRPC API vulnerable to OS command injection

PowerCMS XMLRPC API provided by Alfasado Inc. contains an OS command injection vulnerability CWE-78. Impact An arbitrary OS command may be executed by a remote attacker. Solution In the case that not using XMLRPC API: If using as CGI/FCGI Delete mt-xmlrpc.cgi or remove execute permission to...

Command injection

OS Command Injection vulnerability in debugfcgi of D-Link DWR-932C E1 firmware allows a remote attacker to perform command injection via a crafted HTTP request...

CVE-2021-42784

CVE-2021-42784 describes an OS command injection in the debug_fcgi component of the D-Link DWR-932C E1 firmware. A remote attacker could exploit a crafted HTTP request to execute commands on the device, with high impact across confidentiality, integrity, and availability per CVSS 3.1/3.0 scores i...

CVE-2021-36313

Summary: CVE-2021-36313 affects Dell EMC CloudLink 7.1 and earlier. The vulnerability is an OS command injection that could allow a remote, high-privilege attacker to run arbitrary commands on the underlying OS with the application’s privileges, potentially leading to full system compromise. Affe...

CVE-2021-36313

Dell EMC CloudLink 7.1 and all prior versions contain an OS command injection Vulnerability. A remote high privileged attacker, may potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable...

CVE-2021-23732

CVE-2021-23732 affects docker-cli-js. The vulnerability allows OS command execution when the user can partially control the command parameter of Docker.command, enabling arbitrary commands on the host. The connected advisories detail exploitation paths (Snyk example) and indicate there is no fixe...

Lantronix PremierWave 2050 OS Command Injection Vulnerability (CNVD-2022-01593)

The Lantronix PremierWave 2050 is an embedded enterprise Wi-Fi module from Lantronix, Inc. The Lantronix PremierWave 2050 version 8.9.0.0R4 is vulnerable to an OS command injection vulnerability caused by a problem with system authentication for HTTP requests. An attacker could exploit the...