9810 matches found
CVE-2021-21805
CVE-2021-21805 affects Advantech R-SeeNet v2.4.12. The ping.php script is vulnerable to remote OS command injection via specially crafted HTTP requests, enabling arbitrary commands execution without credentials. The Nuclei template and Red Hat/other feeds corroborate remote execution risk; report...
OS command injection in ripgrep
ripgrep before 13 on Windows allows attackers to trigger execution of arbitrary programs from the current working directory via the -z/--search-zip or --pre flag...
PT-2021-14788 · Advantech · Advantech R-Seenet
Name of the Vulnerable Software and Affected Versions: Advantech R-SeeNet version 2.4.12 Description: An OS Command Injection issue exists in the ping.php script functionality. A specially crafted HTTP request can lead to arbitrary OS command execution. An attacker can send a crafted HTTP request...
CVE-2021-26097
An improper neutralization of special elements used in an OS Command vulnerability in FortiSandbox 3.2.0 through 3.2.2, 3.1.0 through 3.1.4, and 3.0.0 through 3.0.6 may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTT...
CVE-2021-26097
An improper neutralization of special elements used in an OS Command vulnerability in FortiSandbox 3.2.0 through 3.2.2, 3.1.0 through 3.1.4, and 3.0.0 through 3.0.6 may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTT...
Command injection
An improper neutralization of special elements used in an OS Command vulnerability in FortiSandbox 3.2.0 through 3.2.2, 3.1.0 through 3.1.4, and 3.0.0 through 3.0.6 may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTT...
CVE-2021-26097
An improper neutralization of special elements used in an OS Command vulnerability in FortiSandbox 3.2.0 through 3.2.2, 3.1.0 through 3.1.4, and 3.0.0 through 3.0.6 may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTT...
CVE-2021-26097
An improper neutralization of special elements used in an OS Command vulnerability in FortiSandbox 3.2.0 through 3.2.2, 3.1.0 through 3.1.4, and 3.0.0 through 3.0.6 may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTT...
CVE-2021-26097
FortiSandbox has an OS command injection flaw (CVE-2021-26097) affecting 3.2.0–3.2.2, 3.1.0–3.1.4, and 3.0.0–3.0.6. The issue arises from improper neutralization of special elements in OS command handling, enabling an authenticated attacker with web GUI access to execute unauthorized code or comm...
CVE-2021-32772 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in helper_entries
Poddycast is a podcast app made with Electron. Prior to version 0.8.1, an attacker can create a podcast or episode with malicious characters and execute commands on the client machine. The application does not clean the HTML characters of the podcast information obtained from the Feed, which allo...
FortiSandbox - Command injection in web interface
An improper neutralization of special elements used in an OS Command vulnerability in FortiSandbox may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTTP requests...
CVE-2021-33527 OS Command Injection in mbDIALUP <= 3.9R0.0
In MB connect line mbDIALUP versions = 3.9R0.0 a remote attacker can send a specifically crafted HTTP request to the service running with NT AUTHORITY\SYSTEM that will not correctly validate the input. This can lead to an arbitrary code execution with the privileges of the service...
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in github.com/argoproj/argo-workflows...
The vulnerability of the CLI command-line interface implementation of the kdbg tool in Fortinet FortiAP access points allows a hacker to execute arbitrary commands.
The vulnerability of the CLI command-line interface implementation of the Fortinet FortiAP access point software relates to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability can allow an attacker to execute arbitrary...
Several Bugs Found in 3 Open-Source Software Used by Several Businesses
Cybersecurity researchers on Tuesday disclosed nine security vulnerabilities affecting three open-source projects — EspoCRM, Pimcore, and Akaunting — that are widely used by several small to medium businesses and, if successfully exploited, could provide a pathway to more sophisticated attacks. A...
Motorola CX2 操作系统命令注入漏洞
The Motorola CX2 is a wireless router from Motorola USA. A security vulnerability in HNAP1 GetNetworkTomographySettings in the Motorola CX2 router CX allows an attacker to exploit the vulnerability to execute arbitrary code...
Command injection
Dell EMC PowerStore versions prior to 1.0.3.0.5.006 contain an OS Command Injection vulnerability in PowerStore X environment . A locally authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS command on the PowerStore underlying OS. Exploiti...
CVE-2020-29499
CVE-2020-29499 affects Dell EMC PowerStore X, with vulnerability in PowerStore OS where versions prior to 1.0.3.0.5.006 allow a locally authenticated attacker to execute arbitrary OS commands on the underlying OS, potentially leading to a full system takeover. The description specifies a local at...
CVE-2020-29499
Dell EMC PowerStore versions prior to 1.0.3.0.5.006 contain an OS Command Injection vulnerability in PowerStore X environment . A locally authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS command on the PowerStore underlying OS. Exploiti...
Exploit for OS Command Injection in Systeminformation
CVE-2021-21315 Exploit - Des: My python Scri...