PT-2020-15262 · Palo Alto Networks · Pan-Os

Name of the Vulnerable Software and Affected Versions: PAN-OS versions prior to 9.0.10 PAN-OS versions prior to 9.1.4 PAN-OS versions prior to 10.0.1 Description: The issue is an OS Command Injection vulnerability in the management interface, allowing authenticated administrators to execute...

Yaws 2.0.7 XML Injection / Command Injection

Exploit Title: Multiple vulnerabilities in Yaws web server Date: 2020-08-10 Exploit Author: Alexey Pronin （vulnbe） Vendor Homepage: http://yaws.hyber.org/ Software Link: https://github.com/erlyaws/yaws Versions affected: 1.81 - 2.0.7 CVE: CVE-2020-24379, CVE-2020-24916 1. Description:...

EulerOS Virtualization for ARM 64 3.0.2.0 : ruby (EulerOS-SA-2020-1955)

According to the versions of the ruby packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an...

OS Command Injection

priest-runner is vulnerable to OS command injection. The vulnerability exists as it passes unsanitized input into a spawn call through a POST request into PriestController.prototype.createChild...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2020-1944)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OS Command Injection

addax is vulnerable to OS command injection. Lack of validation of user input to the presignPath function allows an attacker to inject and execute arbitrary OS commands on the host OS...

OS Command Injection

node-wifi is vulnerable to OS command injection. The vulnerability exists through the unsanitized value of ssid used in exec...

OS Command Injection

bestzip is vulnerable to OS command injection. A remote attacker is able to inject and execute arbitrary OS commands on the host OS via the destination parameter...

CVE-2020-13802

Rebar3 versions 3.0.0-beta.3 to 3.13.2 are vulnerable to OS command injection via URL parameter of dependency specification...

Command injection

Rebar3 versions 3.0.0-beta.3 to 3.13.2 are vulnerable to OS command injection via URL parameter of dependency specification...

CVE-2020-13802

Rebar3 versions 3.0.0-beta.3 to 3.13.2 are vulnerable to OS command injection via URL parameter of dependency specification...

CVE-2020-13802

Rebar3 versions 3.0.0-beta.3 to 3.13.2 are vulnerable to OS command injection via URL parameter of dependency specification...

CVE-2020-13802

CVE-2020-13802 affects Rebar3 versions 3.0.0-beta.3 to 3.13.2, exposing OS command injection via a URL parameter in dependency specifications. The vulnerability is described across multiple sources (NVD, Gentoo GLSA, Mageia, Nessus, OpenVAS, Exploit-DB) with CVSS v3.1 base score 9.8 (CRITICAL). E...

OS Command Injection in adrieankhisbe/bundle-phobia-cli

Description BundlePhobia is a tool to help you find the cost of adding a npm package to your bundle. It enables you to query package sizes. The npm-utils.js has a unsanitized exec function which leads to Arbitrary code execution Proof-of-concept const util = require'./npm-utils.js'; let a =...

Mida eFramework 2.9.0 Remote Code Execution

Exploit Title: Mida eFramework 2.9.0 - Remote Code Execution Google Dork: Server: Mida eFramework Date: 2020-08-27 Exploit Author: elbae Vendor Homepage: https://www.midasolutions.com/ Software Link: http://ova-efw.midasolutions.com/ Reference:...

Mida eFramework 2.9.0 - Remote Code Execution

Exploit Title: Mida eFramework 2.9.0 - Remote Code Execution Google Dork: Server: Mida eFramework Date: 2020-08-27 Exploit Author: elbae Vendor Homepage: https://www.midasolutions.com/ Software Link: http://ova-efw.midasolutions.com/ Reference:...

OS Command Injection

extra-asciinema is vulnerable to OS Command Injection. The vulnerability exists as it was possible to execute commands using execFile through upload, uploadSync, recSync, rec...

Exploit for OS Command Injection in Raspap

CVE-2020-24572 An issue was discovered in includes/webconsole...

OS Command Injection

extra-ffmpeg is vulnerable to OS command injection. A user input parameter is passed to the function execSync without any validation or sanitization...

CVE-2020-14324

A high severity vulnerability was found in all active versions of Red Hat CloudForms before 5.11.7.0. The out of band OS command injection vulnerability can be exploited by authenticated attacker while setuping conversion host through Infrastructure Migration Solution. This flaw allows attacker t...