CVE-2021-31915

In JetBrains TeamCity before 2020.2.4, OS command injection leading to remote code execution was possible...

CVE-2021-31915

JetBrains TeamCity prior to 2020.2.4 is affected by CVE-2021-31915, an OS command injection that can lead to remote code execution. The vulnerability exists in TeamCity Server components and is confirmed by multiple sources (NVD entry and vendor/security bulletins). Impact is described as remote ...

OS Command Injection in falconchristmas/fpp

✍️ Description FPP - Falcon Player is vulnerable to OS Command injection attacks on ping.php because it doesnt sanitize user supplied parameters as shown below. : Vulnerable variable: count Method: GET The $count variable is constructed using the user supplied data, and then is used in a system...

Totolink X5000R Operating System Command Injection Vulnerability

Totolink X5000R is a router from China's Gion Electronics Totolink. The TOTOLINK X5000R router suffers from an operating system command injection vulnerability that can be exploited by an attacker to execute arbitrary operating system commands by sending a modified HTTP request...

OS Command Injection in pulverizr

pulverizr through 0.7.0 allows execution of arbitrary commands. Within lib/job.js, the variable filename can be controlled by the attacker. This function uses the variable "filename" to construct the argument of the exec call without any sanitization. In order to successfully exploit this...

GHSA-F8FH-8RGM-227H OS Command Injection in node-prompt-here

node-prompt-here through 1.0.1 allows execution of arbitrary commands. The runCommand is called by getDevices function in file linux/manager.js, which is required by the index. process.env.NMCLI in the file linux/manager.js. This function is used to construct the argument of function execSync,...

OS Command Injection in closure-compiler-stream

closure-compiler-stream through 0.1.15 allows execution of arbitrary commands. The argument options of the exports function in index.js can be controlled by users without any sanitization...

OS Command Injection in gulp-tape

gulp-tape through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary commands as part of gulp-tape options...

GHSA-H33P-5J96-W8QH OS Command Injection in gulkp-styledocco

gulp-styledocco through 0.0.3 allows execution of arbitrary commands. The argument options of the exports function in index.js can be controlled by users without any sanitization...

GHSA-Q6PJ-JH94-5FPR OS Command Injection in docker-compose-remote-api

docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. Within index.js of the package, the function execserviceName, cmd, fnStdout, fnStderr, fnExit uses the variable serviceName which can be controlled by users without any sanitization...

OS Command Injection

git-parse is vulnerable to OS command injection. Untrusted input in gitDiff is passed into an exec function without validation, allowing an attacker to execute arbitrary OS commands on the host OS...

CVE-2021-28151

Hongdian H8922 3.0.5 devices are vulnerable to remote command injection in tools.cgi ping via shell metacharacters in the ip-address (Destination) field, accessible with guest/guest credentials. The Nuclei template and other sources confirm that an attacker can execute arbitrary commands on the d...

CVE-2021-21527

Dell PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. This vulnerability may allow an authenticated user with ISIPRIVLOGINSSH or ISIPRIVLOGINCONSOLE privileges to escalate privileges...

CVE-2021-21550

Dell EMC PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. This vulnerability can allow an authenticated user with ISIPRIVLOGINSSH or ISIPRIVLOGINCONSOLE privileges to escalate privileges...

Command injection

Dell EMC PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. This vulnerability can allow an authenticated user with ISIPRIVLOGINSSH or ISIPRIVLOGINCONSOLE privileges to escalate privileges...

CVE-2021-21527

Dell PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. This vulnerability may allow an authenticated user with ISIPRIVLOGINSSH or ISIPRIVLOGINCONSOLE privileges to escalate privileges...

CVE-2021-21527

Summary: CVE-2021-21527 affects Dell EMC PowerScale OneFS 8.1.0–9.1.0, where an improper neutralization of special elements used in an OS command can enable privilege escalation. The vulnerability requires an authenticated user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privileges, with no...

CVE-2021-21550

Dell EMC PowerScale OneFS (versions 8.1.0–9.1.0) is affected by an elevation-of-privilege vulnerability caused by improper neutralization of special elements used in OS commands. An authenticated user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privileges can escalate privileges locally. Th...

CVE-2020-21999

iWT Ltd FaceSentry Access Control System 6.4.8 suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user via the 'strInIP' POST parameter in pingTest PHP script...

Command injection

iWT Ltd FaceSentry Access Control System 6.4.8 suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user via the 'strInIP' POST parameter in pingTest PHP script...