Exploit for OS Command Injection in Eyesofnetwork

This is an exploit module for EyesOfNetwork 5.1 to 5.3, a network monitoring and management tool. The exploit targets three vulnerabilities: CVE-2020-8654, CVE-2020-8655, and CVE-2020-9465. CVE-2020-8654 is a discovery module that allows arbitrary OS commands to be run. The exploit uses the targe...

CVE-2020-26301

A flaw was found in nodejs-ssh2. An OS command injection attack on Windows allows an attacker to perform remote code execution and potentially execute arbitrary code. The highest threat from this vulnerability is to confidentiality and integrity...

CVE-2021-37925

CVE-2021-37925 affects Zoho ManageEngine ADManager Plus, versions 7110 and earlier. The issue is a Post-Auth OS command injection vulnerability, with Red Hat, NVD, PRION, CVE lists and CNNVD entries corroborating the description. The CVSS calculations indicate a high-impact, critical exposure: CV...

CVE-2021-37925

Zoho ManageEngine ADManager Plus version 7110 and prior has a Post-Auth OS command injection vulnerability...

Design/Logic Flaw

The Device42 Remote Collector before 17.05.01 does not sanitize user input in its SNMP Connectivity utility. This allows an authenticated attacker with access to the console application to execute arbitrary OS commands and escalate privileges...

CVE-2021-41315

Device42 Remote Collector prior to version 17.05.01 is vulnerable to a command-injection in the SNMP Connectivity utility due to unsanitized user input. An authenticated attacker with access to the console application can execute arbitrary OS commands and escalate privileges. Remediation per conn...

Adobe Digital Editions Multiple Vulnerabilities (APSB21-80) - Mac OS X

The host is missing an important security update according to Adobe September update. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2021-33693

SAP Cloud Connector, version - 2.0, allows an authenticated administrator to modify a configuration file to inject malicious codes that could potentially lead to OS command execution...

Command injection

SAP Cloud Connector, version - 2.0, allows an authenticated administrator to modify a configuration file to inject malicious codes that could potentially lead to OS command execution...

CVE-2021-40965

A Cross-Site Request Forgery CSRF vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload files and run OS commands by inducing the Administrator user to browse a URL controlled by an attacker...

Cross site request forgery (csrf)

A Cross-Site Request Forgery CSRF vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload files and run OS commands by inducing the Administrator user to browse a URL controlled by an attacker...

CVE-2021-33693

CVE-2021-33693 affects SAP Cloud Connector, version 2.0. An authenticated administrator can modify a configuration file to inject malicious code, potentially enabling OS command execution. The issue arises from insecure config handling where the admin’s configuration changes can be abused to run ...

CVE-2021-33693

SAP Cloud Connector, version - 2.0, allows an authenticated administrator to modify a configuration file to inject malicious codes that could potentially lead to OS command execution...

CVE-2021-40965

A Cross-Site Request Forgery CSRF vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload files and run OS commands by inducing the Administrator user to browse a URL controlled by an attacker...

CVE-2021-40965

TinyFileManager is affected by a CSRF vulnerability up to version 2.4.6. The issue allows an attacker to induce an administrator to visit a URL controlled by the attacker, enabling file uploads and execution of OS commands. Concrete details across connected sources confirm the affected software/v...

PDF Light Viewer < 1.4.12 - Authenticated Command Injection

The plugin allows users with Author roles to execute arbitrary OS command on the server via OS Command Injection when invoking Ghostscript. PoC 1 Go to Import PDF. 2 Select PDF file. 3 Set compression as 60 | calc | echo 4 Toggle import the first checkbox 5 Publish or update 6 Command executes...

CVE-2021-37531

SAP NetWeaver Knowledge Management XML Forms (versions 7.10, 7.11, 7.30, 7.31, 7.40, 7.50) is affected by an XSLT processing vulnerability that allows a non-administrative authenticated attacker to craft a malicious XSL stylesheet containing OS-level commands, place it where the system can access...

Siemens Desigo CC 操作系统命令注入漏洞

Siemens Desigo CC is an open building management platform from Siemens, Germany.GMA Manager allows the functional combination of different safety and security systems, such as fire detection systems and video surveillance, on a common platform.Operation Scheduler is a tool that enables security...

Schneider Electric Struxureware Data Center Expert

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Struxureware Data Center Expert Vulnerabilities: OS Command Injection, Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow remote...

OS Command Injection in zacanger/is-program-installed

✍️ Description There is "OS Command Injection" vulnerability on "is-program-installed" npm package. This package tries to understand the given parameter name program or binary name is installed in the computer or not. However, since this package does not properly control the characters in the...