Lantronix PremierWave 2050 OS Command Injection Vulnerability (CNVD-2022-01598)

The Lantronix PremierWave 2050 is an embedded enterprise Wi-Fi module from Lantronix, Inc. Used to provide reliable and always-on 5G Wi-Fi connectivity, the Lantronix PremierWave 2050 in version 8.9.0.0R4 is vulnerable to OS command injection, which can be exploited by attackers to execute...

Lantronix PremierWave 2050 OS Command Injection Vulnerability (CNVD-2022-04977)

The Lantronix PremierWave 2050 is an embedded enterprise Wi-Fi module from Lantronix, Inc. The Lantronix PremierWave 2050 is vulnerable to an operating system command injection vulnerability that could be exploited by attackers to cause arbitrary command execution...

Lantronix PremierWave 2050 OS Command Injection Vulnerability

The Lantronix PremierWave 2050 is an embedded enterprise Wi-Fi module from Lantronix, Inc. The Lantronix PremierWave 2050 in version 8.9.0.0R4 is vulnerable to OS command injection, which stems from a Web Manager Diagnostics:Ping feature that fails to properly filter special characters, commands,...

CVE-2021-41280 OS command injection in Sharetribe Go

Sharetribe Go is a source available marketplace software. In affected versions operating system command injection is possible on installations of Sharetribe Go, that do not have a secret AWS Simple Notification Service SNS notification token configured via the snsnotificationtoken configuration...

CVE-2021-41280

CVE-2021-41280 affects Sharetribe Go (OS configuration) where an operating system command injection is possible in affected versions that do not configure the secret SNS notification token via the sns_notification_token parameter. The issue is mitigated by upgrading to version 10.2.1, where the p...

Palo Alto Networks PAN-OS 8.1.x < 8.1.20-h1 / 9.0.x < 9.0.14-h3 / 9.1.x < 9.1.11-h2 / 10.0.x < 10.0.8 / 10.1.x < 10.1.3 Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 8.1.x prior to 8.1.20-h1 or 9.0.x prior to 9.0.14-h3 or 9.1.x prior to 9.1.11-h2 or 10.0.x prior to 10.0.8 or 10.1.x prior to 10.1.3. It is, therefore, affected by a vulnerability. - An OS command injection vulnerability in th...

Lantronix PremierWave 2050 Web Manager Wireless Network Scanner OS command injection vulnerability

Summary An OS command injection vulnerability exists in the Web Manager Wireless Network Scanner functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

Lantronix PremierWave 2050 Web Manager Diagnostics: Ping OS command injection vulnerability

Summary An OS command injection vulnerability exists in the Web Manager Diagnostics: Ping functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this...

Lantronix PremierWave 2050 Web Manager Diagnostics: Traceroute OS command injection vulnerability

Summary An OS command injection vulnerability exists in the Web Manager Diagnostics: Traceroute functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this...

Lantronix PremierWave 2050 Web Manager FsTFtp OS command injection vulnerabilities

Summary Multiple OS command injection vulnerabilities exists in the Web Manager FsTFtp functionality of Lantronix PremierWave 2050 8.9.0.0R4. Specially-crafted HTTP requests can lead to arbitrary command execution. An attacker can make authenticated HTTP requests to trigger these vulnerabilities...

Lantronix PremierWave 2050 Web Manager FsUnmount OS command injection vulnerability

Summary An OS command injection vulnerability exists in the Web Manager FsUnmount functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. Test...

Palo Alto Networks PAN-OS Operating System Command Injection Vulnerability (CNVD-2021-93380)

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks for its firewall appliances.Palo Alto Networks PAN-OS is vulnerable to a command injection vulnerability in the management interface, which stems from an OS command injection vulnerability in the system management...

CVE-2021-3934

ohmyzsh is vulnerable to Improper Neutralization of Special Elements used in an OS Command...

CVE-2021-3934

ohmyzsh is vulnerable to Improper Neutralization of Special Elements used in an OS Command...

Command injection

ohmyzsh is vulnerable to Improper Neutralization of Special Elements used in an OS Command...

CVE-2021-3934

CVE-2021-3934 affects Oh My Zsh (ohmyzsh). The vulnerability stems from omz_urldecode using eval on unsanitized user input within the svn plugin, enabling command injection. Some sources describe a feasible attack path that could yield remote code execution depending on themes/plugins in use. Pub...

CVE-2021-3934 OS Command Injection in ohmyzsh/ohmyzsh

ohmyzsh is vulnerable to Improper Neutralization of Special Elements used in an OS Command...

kustomize-controller 操作系统命令注入漏洞

kustomize-controller is a Kubernetes operator that specializes in running continuous delivery pipelines for infrastructure and workloads defined with a Kubernetes manifest and assembled using Kustomize. An operating system command injection vulnerability exists in versions prior to...

YeaLink SIP-TXXXP 53.84.0.15 - (cmd) Command Injection Vulnerability

Exploit Title: YeaLink SIP-TXXXP 53.84.0.15 - 'cmd' Command Injection Authenticated Exploit Author: tahaafarooq Vendor Homepage: https://www.yealink.com/ Version: 53.84.0.15 Tested on: YeaLink IP Phone SIP-T19P Hadrware VOIP Phone Description: Using Diagnostic tool from the Networking Tab to...

YeaLink SIP-TXXXP 53.84.0.15 Command Injection

Exploit Title: YeaLink SIP-TXXXP 53.84.0.15 - 'cmd' Command Injection Authenticated Date: 11-10-2021 Exploit Author: tahaafarooq Vendor Homepage: https://www.yealink.com/ Version: 53.84.0.15 Tested on: YeaLink IP Phone SIP-T19P Hadrware VOIP Phone Description: Using Diagnostic tool from the...