Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

In Helm before versions 2.16.11 and 3.3.2, a Helm plugin can contain duplicates of the same entry, with the last one always used. If a plugin is compromised, this lowers the level of access that an attacker needs to modify a plugin's install hooks, causing a local execution attack. To perform thi...

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

In Helm before versions 2.16.11 and 3.3.2, a Helm plugin can contain duplicates of the same entry, with the last one always used. If a plugin is compromised, this lowers the level of access that an attacker needs to modify a plugin's install hooks, causing a local execution attack. To perform thi...

Command injection

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker via the vulnerable /sqfs/lib/libsal.so.0.0 library used by a CGI application, as demonstrated by setup.cgi?token=';$HTTPUSERAGENT;' with an OS command in the User-Agent field. This affects GC108P before...

CVE-2021-33514

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker via the vulnerable /sqfs/lib/libsal.so.0.0 library used by a CGI application, as demonstrated by setup.cgi?token=';$HTTPUSERAGENT;' with an OS command in the User-Agent field. This affects GC108P before...

Cisco DNA Spaces Connector 操作系统命令注入漏洞

Cisco DNA Spaces is a set of indoor location services platform of the United States Cisco Cisco. An operating system command injection vulnerability exists in Cisco DNA Spaces Connector versions prior to 2.3.1, which can be exploited by an attacker to execute arbitrary operating system commands o...

GHSA-6M8P-4FXJ-PGC2 OS Command Injection in mversion

The issue occurs because tagName user input is formatted inside the exec function is executed without any checks...

GitHub Security Lab: [Java] CWE-078: Add JSch lib OS Command Injection sink

This bug was reported directly to GitHub Security Lab...

RFNTPS vulnerable to OS command injection

Overview RFNTPS provided by NIPPON ANTENNA Co.,Ltd. is a terrestrial reception type NTP server. RFNTPS contains an OS command injection vulnerability CWE-78. Tomoomi Iwata of NEC Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

JVN#13076220: RFNTPS vulnerable to OS command injection

RFNTPS provided by NIPPON ANTENNA Co.,Ltd. is a terrestrial reception type NTP server. RFNTPS contains an OS command injection vulnerability CWE-78. Impact A user on the same LAN who can access the product may execute an arbitrary OS command with root privilege. Solution Update the Firmware Updat...

Adobe After Effects < 18.2 Multiple Vulnerabilities (APSB21-33)

The version of Adobe After Effects installed on the remote Windows host is prior to 18.2. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB21-33 advisory. - After Effects version 18.0 and earlier are affected by an out-of-bounds write vulnerability that could result...

OS Command Injection in falconchristmas/fpp

✍️ Description In https://github.com/FalconChristmas/fpp/blob/123cdf2eb11062766da333a7a4d85bc0bf620e47/www/runEventScript.phpL32 a command is built using unsanitized user input : php \n"; echo "\n"; system$SUDO . " $fppDir/scripts/eventScript $scriptDirectory/$script $args"; // scripts and args ar...

OS Command Injection in falconchristmas/fpp

✍️ Description Hi, in https://github.com/FalconChristmas/fpp/blob/721c99aed6897792bf7f79fa02a280995e27d409/www/gitCheckoutVersion.phpL38 : php A system function is called with a user input, a malicious user could profit from it if the version variable contains a command 🕵️‍♂️ Proof of Concept...

Adobe After Effects OS Command Injection Vulnerability

Adobe After Effects referred to as "AE" is a graphic video processing software from Adobe, suitable for organizations engaged in design and video stunts, including television stations, animation production companies, individual post-production studios and multimedia studios. An OS command injecti...

JetBrains TeamCity Remote Code Execution Vulnerability

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. A remote code execution vulnerability exists in...

CVE-2021-32605

zzzcms zzzphp before 2.0.4 allows remote attackers to execute arbitrary OS commands by placing them in the keys parameter of a ?location=search URI, as demonstrated by an OS command within an "if" "end if" block...

Design/Logic Flaw

zzzcms zzzphp before 2.0.4 allows remote attackers to execute arbitrary OS commands by placing them in the keys parameter of a ?location=search URI, as demonstrated by an OS command within an "if" "end if" block...

CVE-2021-32605

The CVE-2021-32605 entry concerns zzzcms/zzzphp before 2.0.4, where the parserIfLabel template processing fails to validate user-provided keys in the ?location=search flow, enabling remote code execution. The vulnerability allows an attacker to run arbitrary OS commands or code via a crafted keys...

CVE-2021-31915

In JetBrains TeamCity before 2020.2.4, OS command injection leading to remote code execution was possible...

CVE-2021-31915

In JetBrains TeamCity before 2020.2.4, OS command injection leading to remote code execution was possible...

Command injection

In JetBrains TeamCity before 2020.2.4, OS command injection leading to remote code execution was possible...