Design/Logic Flaw

Acrobat Reader DC versions 2021.005.20054 and earlier, 2020.004.30005 and earlier and 2017.011.30197 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command. An authenticated attacker could leverage this vulnerability to achieve arbitrary code execution on...

CVE-2021-28634 Adobe Acrobat Reader AcrobatUtils.scpt Extension OS Command Injection Vulnerability

Acrobat Reader DC versions 2021.005.20054 and earlier, 2020.004.30005 and earlier and 2017.011.30197 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command. An authenticated attacker could leverage this vulnerability to achieve arbitrary code execution on...

CVE-2021-28634

CVE-2021-28634 affects Adobe Acrobat/Reader DC family. Specifically Acrobat Reader DC versions 2021.005.20054 and earlier, 2020.004.30005 and earlier, and 2017.011.30197 and earlier are vulnerable to Improper Neutralization of Special Elements used in an OS Command, enabling arbitrary code execut...

Privilege Escalation

billz/raspap-webgui is vulnerable to Privilege Escalation via OS commaind injection. An attacker can send an input of "a && whoami" to append strval$POST'connect' to the end of the exec function in configureclient.php , executing /etc/raspap/hostapd/enablelog.sh as root with no password and...

Fortinet FortiWeb 授权命令注入漏洞（CVE-2021-22123）

Fortinet FortiWeb OS Command Injection Aug 17, 2021 5 min read An OS command injection vulnerability in FortiWeb's management interface version 6.3.11 and prior can allow a remote, authenticated attacker to execute arbitrary commands on the system, via the SAML server configuration page. This is ...

Design/Logic Flaw

/graphStatus/displayServiceStatus.php in Centreon 19.10.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the RRDdatabasepath parameter...

CVE-2020-22345

/graphStatus/displayServiceStatus.php in Centreon 19.10.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the RRDdatabasepath parameter...

CVE-2020-22345

CVE-2020-22345 affects Centreon 19.10.8. The flaw is an OS command injection in the web interface: /graphStatus/displayServiceStatus.php accepts shell metacharacters in the RRDdatabase_path parameter, enabling remote command execution. Multiple connected sources (Red Hat advisory, OSV, CNVD/CNNVD...

Unpatched Fortinet Bug Allows Firewall Takeovers

UPDATE An unpatched OS command-injection security vulnerability has been disclosed in Fortinet’s web application firewall WAF platform, known as FortiWeb. It could allow privilege escalation and full device takeover, researchers said. FortiWeb is a cybersecurity defense platform, aimed at...

Exploit for OS Command Injection in Fortinet Fortiweb

CVE-2021-22123 Fortinet FortiWeb Authenticated OS Command Inje...

Unpatched Remote Hacking Flaw Disclosed in Fortinet's FortiWeb WAF

Details have emerged about a new unpatched security vulnerability in Fortinet's web application firewall WAF appliances that could be abused by a remote, authenticated attacker to execute malicious commands on the system. "An OS command injection vulnerability in FortiWeb's management interface...

Fortinet FortiWeb OS Command Injection

An OS command injection vulnerability in FortiWeb's management interface version 6.3.11 and prior can allow a remote, authenticated attacker to execute arbitrary commands on the system, via the SAML server configuration page. This is an instance of CWE-78: Improper Neutralization of Special...

Dell EMC PowerScale OneFS OS Command Injection Vulnerability

Dell EMC PowerScale OneFS is an API-driven file system. version 8.2.-9.2.1. of Dell EMC PowerScale OneFS is vulnerable to OS command injection. An attacker with ISIPRIVLOGINSSH or ISIPRIVLOGINCONSOLE privileges can exploit this vulnerability to elevate privileges and evade compliance assurance...

D-Link DSL-2750U OS Command Injection Vulnerability

The D-Link DSL-2750U is a wireless N 300 ADSL2 modem router. an OS command injection vulnerability exists in the D-Link DSL-2750U ME1.16 and earlier versions. An attacker could exploit this vulnerability in combination with other vulnerabilities to execute arbitrary OS commands...

CVE-2021-21595

Dell EMC PowerScale OneFS versions 8.2.x - 9.1.1.x contain an improper neutralization of special elements used in an OS command. This vulnerability could allow the compadmin user to elevate privileges. This only impacts Smartlock WORM compliance mode clusters as a critical vulnerability and Dell...

CVE-2021-21595

Dell EMC PowerScale OneFS versions 8.2.x - 9.1.1.x contain an improper neutralization of special elements used in an OS command. This vulnerability could allow the compadmin user to elevate privileges. This only impacts Smartlock WORM compliance mode clusters as a critical vulnerability and Dell...

Command injection

Dell EMC PowerScale OneFS versions 8.2.x - 9.2.1.x contain an OS command injection vulnerability. This may allow a user with ISIPRIVLOGINSSH or ISIPRIVLOGINCONSOLE to escalate privileges and escape the compliance guarantees. This only impacts Smartlock WORM compliance mode clusters as a critical...

Command injection

Dell EMC PowerScale OneFS versions 8.2.x - 9.1.1.x contain an improper neutralization of special elements used in an OS command. This vulnerability could allow the compadmin user to elevate privileges. This only impacts Smartlock WORM compliance mode clusters as a critical vulnerability and Dell...

CVE-2021-21599

Dell EMC PowerScale OneFS versions 8.2.x - 9.2.1.x contain an OS command injection vulnerability. This may allow a user with ISIPRIVLOGINSSH or ISIPRIVLOGINCONSOLE to escalate privileges and escape the compliance guarantees. This only impacts Smartlock WORM compliance mode clusters as a critical...

CVE-2021-21599

Dell EMC PowerScale OneFS versions 8.2.x–9.2.1.x are affected by an OS command injection vulnerability that can enable privilege escalation for a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE, potentially evading Smartlock WORM compliance. Affected component is the OneFS OS; root cause d...