CVE-2021-21386

The CVE-2021-21386 entry concerns APKLeaks, an open-source APK scanner. The vulnerability arises in APKLeaks prior to v2.0.3, where a crafted package name inside an Android app manifest can lead to remote command execution on the host system. This could allow an attacker to run arbitrary OS comma...

OS Command Injection

shescape is vulnerable to OS command injection. The function escapeShellArg does not strip null characters from user-provided input, causing errors and potentially execute arbitrary commands...

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Command Injection (Authenticated)

Exploit Title: KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Command Injection Authenticated Date: 03.02.2021 Exploit Author: LiquidWorm Vendor Homepage: http://www.kzbtech.com http://www.jatontec.com https://www.neotel.mk Vendor: KZ Broadband Technologies, Ltd. | Jaton Technology, Ltd. Produ...

OS Command Injection

portkiller is vulnerable to OS command injection. An attacker is able to inject and execute malicious command via the use of the childprocess exec function as it does not sanitize the input...

SonicWall SMA100 OS Command Injection Vulnerability (CNVD-2021-29478)

The SonicWall SMA100 is a secure access gateway appliance from SonicWALL USA. An operating system command injection vulnerability exists in SonicWall SMA100 version 10.2.0.5 and earlier versions, which can be exploited by an authenticated attacker to execute operating system commands on the targe...

GHSA-5Q6M-3H65-W53X react-dev-utils OS Command Injection in function `getProcessForPort`

react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts in Create React App projects, where the usage is safe. Only when this function is manually invok...

react-dev-utils OS Command Injection in function `getProcessForPort`

react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts in Create React App projects, where the usage is safe. Only when this function is manually invok...

OS Command Injection

react-dev-utils is vulnerable to OS command injection. An attacker is able to inject and execute arbitrary OS commands on the host OS due to the usage of childprocess.execFileSync in the function getProcessIdOnPort...

OS Command Injection

madge is vulnerable to OS command injection. An attacker is able to inject and execute arbitrary OS commands via the graphVizPath option parameter...

Adobe Creative Cloud < 5.4 Multiple Vulnerabilities (APSB21-18)

The version of Adobe Creative Cloud installed on the remote Windows host is prior to 5.4. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB21-18 advisory. - Adobe Creative Cloud Desktop Application version 5.3 and earlier is affected by a local privilege escalation...

Adobe Critical Code-Execution Flaws Plague Windows Users

Adobe has issued patches for a slew of critical security vulnerabilities, which, if exploited, could allow for arbitrary code execution on vulnerable Windows systems. Affected products include Adobe’s Framemaker document processor, designed for writing and editing large or complex documents;...

Exploit for Improper Input Validation in Vmware View_Planner

CVE-2021-21978 A simpler way to bring back the vulnerable expl...

EPrints Command Injection Vulnerability

EPrints is a free open source software package for building open access repositories compliant with the OAI-PMH protocol. EPrints 3.4.2 suffers from a command injection vulnerability. A remote attacker can exploit this vulnerability by entering specially crafted data into cgi/cal?year= URI to...

CVE-2021-26476

EPrints 3.4.2 allows remote attackers to execute OS commands via crafted LaTeX input to a cgi/cal?year= URI...

CVE-2021-26476

EPrints 3.4.2 allows remote attackers to execute OS commands via crafted LaTeX input to a cgi/cal?year= URI...

OS Command Injection

salt is vulnerable to OS command injection. An attacker is able to inject and execute arbitrary OS commands via a malicious process name through the restartcheck function...

OS Command Injection

salt is vulnerable to OS command injection. The ssh client in salt API allows an attacker to inject and execute arbitrary OS commands via ProxyCommand or sshoptions...

CVE-2021-20658

SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to execute arbitrary OS commands with the web server privilege via unspecified vectors...

CVE-2021-20658

CVE-2021-20658 affects SolarView Compact SV-CPT-MC310. The vulnerability is an OS command injection in the web server context, allowing an attacker to execute arbitrary OS commands with the web server’s privileges via unspecified vectors. Affected product/version: SolarView Compact SV-CPT-MC310 p...

CVE-2021-20658

SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to execute arbitrary OS commands with the web server privilege via unspecified vectors...