CVE-2021-3059

An OS command injection vulnerability in the Palo Alto Networks PAN-OS management interface exists when performing dynamic updates. This vulnerability enables a man-in-the-middle attacker to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 8.1 versions earlier than...

CVE-2021-3060

An OS command injection vulnerability in the Simple Certificate Enrollment Protocol SCEP feature of PAN-OS software allows an unauthenticated network-based attacker with specific knowledge of the firewall configuration to execute arbitrary code with root user privileges. The attacker must have...

CVE-2021-3058

An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permissions to use XML API the ability to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1;...

CVE-2021-3058

An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permissions to use XML API the ability to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1;...

Command injection

An OS command injection vulnerability in the Simple Certificate Enrollment Protocol SCEP feature of PAN-OS software allows an unauthenticated network-based attacker with specific knowledge of the firewall configuration to execute arbitrary code with root user privileges. The attacker must have...

CVE-2021-3061 PAN-OS: OS Command Injection Vulnerability in the Command Line Interface (CLI)

An OS command injection vulnerability in the Palo Alto Networks PAN-OS command line interface CLI enables an authenticated administrator with access to the CLI to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1; PAN-OS 9....

CVE-2021-3061

CVE-2021-3061 describes an OS command injection vulnerability in PAN-OS CLI. An authenticated administrator with CLI access can run arbitrary OS commands to escalate privileges. Affected: PAN-OS 8.1, 9.0, 9.1, 10.0, and 10.1 releases earlier than listed builds (e.g., 8.1.x before 8.1.20-h1; 9.0.x...

CVE-2021-3060

CVE-2021-3060 describes an OS command injection in Palo Alto Networks PAN-OS SCEP (Simple Certificate Enrollment Protocol). The vulnerability allows an unauthenticated, network-based attacker with knowledge of the firewall configuration and access to GlobalProtect interfaces to execute arbitrary ...

Exploit for OS Command Injection in Systeminformation

the CVE-2021-21315's exploit code wrote with Rust lang I'm ru...

CVE-2021-37158

An issue was discovered in OpenGamePanel OGP-Agent-Linux through 2021-08-14. An authenticated attacker could inject OS commands by starting a Counter-Strike server and using the map field to enter a Bash command...

The vulnerability in the `system_mgr.cgi` component of the D-Link DNS-320 FW network storage device allows a hacker to execute arbitrary code.

The vulnerability of the systemmgr.cgi component of the D-Link DNS-320 FW network storage device is related to errors in eliminating certain elements in the OS command. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Microsoft OMI Management Interface Authentication Bypass

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft OMI Management Interface Authentication Bypass', 'Description' = %q By removing the authentication exchange, an attacker can issue...

CVE-2021-37158

OpenGamePanel OGP-Agent-Linux (affected through 2021-08-14) is vulnerable to an authenticated command-injection where an attacker can start a Counter-Strike server and inject OS commands by entering a Bash command in the map field. The issue is described consistently across multiple sources (e.g....

Accellion File Transfer Appliance < 9_12_416 Multiple Vulnerabilities

The version of the remote Accellion Secure File Transfer Appliance is prior to 912416. It is, therefore, affected by multiple vulnerabilities: - SQL injection via a crafted Host header in a request to an endpoint. CVE-2021-27101 - OS command execution via a local web service call. CVE-2021-27102 ...

rConfig OS Command Injection Vulnerability

rConfig lib/ajaxHandlers/ajaxAddTemplate.php contains an OS command injection vulnerability that allows remote attackers to execute OS commands via shell metacharacters in the fileName POST parameter...

CVE-2021-36185

A improper neutralization of special elements used in an OS command 'OS Command Injection' in Fortinet FortiWLM version 8.6.1 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests...

Command injection

A improper neutralization of special elements used in an OS command 'OS Command Injection' in Fortinet FortiWLM version 8.6.1 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests...

CVE-2021-36185

FortiWLM has a CVE-2021-36185 OS command injection vulnerability affecting FortiWLM 8.6.1 and earlier. Mechanism: improper neutralization of special elements in an OS command during HTTP handling, allowing remote execution of commands. Connected sources indicate this can be exploited via crafted ...

CVE-2021-36185

A improper neutralization of special elements used in an OS command 'OS Command Injection' in Fortinet FortiWLM version 8.6.1 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests...

CVE-2021-36185

A improper neutralization of special elements used in an OS command 'OS Command Injection' in Fortinet FortiWLM version 8.6.1 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests...