Command Injection

Overview Insufficient input validation in npm package jison = 0.4.18 may lead to OS command injection attacks. Recommendation No fix is currently available. Consider using an alternative package until a fix is made available. References - https://github.com/advisories/GHSA-vr9x-mm65-2438...

CVE-2020-25803

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker template exposed objects. This issue affects: Crafter Software Crafter CMS 3.0 versions prior to 3.0.27; 3.1 versions prior t...

CVE-2020-25803

Crafter CMS Crafter Studio is affected by an SSTI/SSRF-like flaw in FreeMarker exposed objects that allows an authenticated developer to execute OS commands, potentially achieving RCE. The publicly documented impact indicates that Crafter CMS 3.0.x before 3.0.27 and 3.1.x before 3.1.7 are vulnera...

CVE-2020-25802 Authenticated attackers with developer privileges in Crafter Studio may execute OS commands via Groovy scripting.

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy scripting. This issue affects: Crafter Software Crafter CMS 3.0 versions prior to 3.0.27; 3.1 versions prior to 3.1.7...

CVE-2020-25802

The vulnerability CVE-2020-25802 affects Crafter CMS Crafter Studio and allows authenticated developers to execute OS commands through Groovy scripting due to improper control of dynamically-managed code resources. Based on the connected advisory, affected versions are Crafter CMS 3.0 prior to 3....

CVE-2020-5634

ELECOM LAN routers WRC-2533GST2 firmware versions prior to v1.14, WRC-1900GST2 firmware versions prior to v1.14, WRC-1750GST2 firmware versions prior to v1.14, and WRC-1167GST2 firmware versions prior to v1.10 allow an attacker on the same network segment to execute arbitrary OS commands with a...

CVE-2020-5634

CVE-2020-5634 affects ELECOM LAN routers (WRC-2533GST2, WRC-1900GST2, WRC-1750GST2, WRC-1167GST2). The root cause is an OS command injection vulnerability that allows a remote attacker on the same network segment to execute arbitrary commands with root privileges via unspecified vectors. Affected...

OS Command Injection

ng-packagr vulnerable to OS command injection. An attacker is able to inject and execute arbitrary OS commands via the styleIncludePaths option...

Mida eFramework 2.8.9 - Remote Code Execution

Exploit Title: Mida eFramework 2.8.9 - Remote Code Execution Google Dork: Server: Mida eFramework Date: 2020-08-27 Exploit Author: elbae Vendor Homepage: https://www.midasolutions.com/ Software Link: http://ova-efw.midasolutions.com/ Reference:...

Exploit for OS Command Injection in Secudos Domos

CVE-2020-14293 This vulnerablity was discovered and disclosed...

OS Command Injection

@knutkirkhorn/free-space is vulnerable to OS command injection. The vulnerability exists as command injection is possible through the usage of the user controlled variable, $disk, which is passed into the exec function without validation...

Exploit for OS Command Injection in Ritecms

CVE-2020-23934 References 1 https://www.exploit-db.co...

CVE-2020-24916

CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection...

CVE-2020-24916

CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection...

CVE-2020-24916

CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection...

CVE-2020-24916

CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection...

CVE-2020-24916

CVE-2020-24916 affects the Yaws web server CGI implementation, with versions 1.81–2.0.7 vulnerable. The root cause is that CGI requests are not properly sanitized, enabling a remote attacker to execute arbitrary shell commands by crafting CGI executable names. This is a remote, unauthenticated co...

CVE-2020-24916

CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection...

CVE-2020-2037

CVE-2020-2037 is an OS command injection in PAN-OS management Web Interface. The vulnerability affects PAN-OS versions before: 8.1.16, 9.0.x before 9.0.10, and 9.1.x before 9.1.3. It requires authenticated administrative access to the management interface and can allow execution of arbitrary OS c...

CVE-2020-2038 PAN-OS: OS command injection vulnerability in the management web interface

An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. This issue impacts: PAN-OS 9.0 versions earlier than 9.0.10; PAN-OS 9.1 versions earlier than 9.1.4; PAN-OS 10.0 versions earlie...