OS Command Injection

node-ps is vulnerable to OS command injection. The vulnerability exists as untrusted input is passed to childProcess.exec is not validated and sanitized...

OS Command Injection

total.js is vulnerable to OS command injection. The type parameter is not properly sanitized and validated, and is used to build the command which is subsequently executed using childprocess.spawn...

LOGITEC CORPORATION LAN-W300N/PGRB OS Command Injection Vulnerability (CNVD-2021-58248)

LOGITEC CORPORATION LAN-W300N/PGRB is a wireless router device. LOGITEC CORPORATION LAN-W300N/PGRB is vulnerable to OS command injection, which can be exploited by attackers to execute arbitrary OS commands via unspecified vectors...

OS Command Injection in async-git

The async-git package before 1.13.2 for Node.js allows OS Command Injection via shell metacharacters, as demonstrated by git.reset and git.tag. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. Ensure to sanitize untrusted us...

GHSA-6C3F-P5WP-34MH OS Command Injection in async-git

The async-git package before 1.13.2 for Node.js allows OS Command Injection via shell metacharacters, as demonstrated by git.reset and git.tag. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. Ensure to sanitize untrusted us...

CVE-2020-5626

CVE-2020-5626 affects Logstorage up to v8.0.0 and ELC Analytics up to v3.0.0, where a specially crafted log file can lead to remote OS command execution via the log processing component. The connected records corroborate this as an OS command injection vulnerability in Infoscience log tools, with...

CVE-2020-5626

Logstorage version 8.0.0 and earlier, and ELC Analytics version 3.0.0 and earlier allow remote attackers to execute arbitrary OS commands via a specially crafted log file...

Command Injection

async-git is vulnerable to command injection. An attacker is able to inject malicious OS command to the system shell via the getter function in the index.js file...

JVN#41853173: OS command injection vulnerability in multiple Infoscience Corporation log management tools

Infoscience Corporation's multiple log management tools provide an FTP upload function as one of the log collection methods, and is able to set to allow the adminitrators to accept FTP uploads. In a situation where the FTP upload function is enabled and there is a flaw of input value handling in...

CVE-2021-3291

Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by inspecting an HTML radio input element within the modules edit page and inserting a command...

CVE-2021-3190

The async-git package before 1.13.2 for Node.js allows OS Command Injection via shell metacharacters, as demonstrated by git.reset and git.tag...

Command injection

The async-git package before 1.13.2 for Node.js allows OS Command Injection via shell metacharacters, as demonstrated by git.reset and git.tag...

CVE-2020-27298

Philips Interventional Workspot Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5, Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live Release 1.0, ViewForum Release 6.3V1L10. The software constructs all or part of an OS command using externally influenced input from an upstream component but does no...

Input validation

Philips Interventional Workspot Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5, Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live Release 1.0, ViewForum Release 6.3V1L10. The software constructs all or part of an OS command using externally influenced input from an upstream component but does no...

CVE-2021-3291

CVE-2021-3291 affects Zen Cart 1.5.7b. The vulnerability allows an authenticated admin to execute arbitrary OS commands by inspecting an HTML radio input element on the modules edit page and inserting a command. The provided connected documents describe the impact and PoC/exploit references but d...

JVN#96783542: Multiple vulnerabilities in multiple LOGITEC products

Multiple products provided by LOGITEC CORPORATION contain multiple vulnerabilities listed below. Improper restriction of excessive authentication attempts CWE-307 - CVE-2021-20635 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N| Base Score: 4.3 CVSS v2|...

CVE-2020-12513

Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection...

Command injection

Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection...

CVE-2020-12513

Pepperl+Fuchs Comtrol IO-Link Master Series is affected by CVE-2020-12513. Vulnerable versions include System 1.36 and Application 1.5.28 (and 1.5.48 and earlier per CVE listing) with an authenticated blind OS Command Injection. Fixed versions are System 1.52 and Application 1.6.11. The vulnerabi...

Exploit for OS Command Injection in Xstream

Description XStream can be used for Remote Code Execution...