OS Command Injection

kylin-server-base is vulnerable to OS Command Injection. The vulnerability exists as the values of srcCfgUri, dstCfgUri, and projectName, in CubeService.java is not properly handled...

Exploit for OS Command Injection in Atom Electron

CVE-2018-1000006-DEMO The Demo for CVE-2018-1000006 Analysis Electron v1.8.2-beta.4 远程命令执行漏洞—【CVE-2018-1000006】 POC 可以直接使用 elecrce\elecrce-win32-x64\elecrce.exe 也可以自己打包成exe应用,生成有漏洞的版本应用，以版本1.7.8为例： electron-packager ./test elecrce --win --out ./elecrce --arch=x64 --version=0.0.1...

Command injection

An OS command injection vulnerability in the management server component of PAN-OS allows an authenticated user to potentially execute arbitrary commands with root privileges. This issue affects: All PAN-OS 7.1 versions; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than...

Command injection

An OS command injection and external control of filename vulnerability in Palo Alto Networks PAN-OS allows authenticated administrators to execute code with root privileges or delete arbitrary system files and impact the system's integrity or cause a denial of service condition. This issue affect...

CVE-2020-2007 PAN-OS: OS command injection in management server

An OS command injection vulnerability in the management server component of PAN-OS allows an authenticated user to potentially execute arbitrary commands with root privileges. This issue affects: All PAN-OS 7.1 versions; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than...

CVE-2020-2014

CVE-2020-2014 : PAN-OS contains an OS command injection vulnerability in the management server. Authenticated users can inject and execute arbitrary shell commands with root privileges. Affected: PAN-OS 7.1 and 8.0; PAN-OS 8.1 before 8.1.14; PAN-OS 9.0 before 9.0.7. References indicate a fix/patc...

CVE-2020-2008

CVE-2020-2008 affects Palo Alto Networks PAN-OS across versions: PAN-OS 7.1 and 8.0, and 8.1 prior to 8.1.14. The vulnerability is an OS command injection and external control of filename in the management interface, allowing authenticated administrators to run code with root privileges or delete...

CVE-2020-2010

CVE-2020-2010 describes an OS command injection in PAN-OS management interface that allows an authenticated administrator to execute commands with root privileges. Affected: PAN-OS 7.1 and 8.0 all; PAN-OS 8.1 before 8.1.14; PAN-OS 9.0 before 9.0.7. Connected sources indicate remediation toward fi...

CVE-2020-2007

CVE-2020-2007 is an OS command injection vulnerability in PAN-OS management server. An authenticated user can potentially execute arbitrary commands with root privileges. Affected: PAN-OS 7.1 (all 7.1.x), PAN-OS 8.1.x before 8.1.14, and PAN-OS 9.0.x before 9.0.7. No additional exploit details or ...

PAN-OS: OS injection vulnerability in PAN-OS management server

An OS Command Injection vulnerability in PAN-OS management server allows authenticated users to inject and execute arbitrary shell commands with root privileges. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7...

Pi-Hole heisenbergCompensator Blocklist OS Command Execution

This exploits a command execution in Pi-Hole 'Pi-Hole heisenbergCompensator Blocklist OS Command Execution', 'Description' = %q This exploits a command execution in Pi-Hole = 4.4. A new blocklist is added, and then an update is forced gravity to pull in the blocklist content. PHP content is then...

OS Command Injection

logkitty is vulnerable to OS Command Injection. The vulnerability exists as the variable adbPath is not sanitized and can reach execSync...

OS Command Injection

newsbeuter is vulnerable to OS Command Injection. Improper Neutralization of Special Elements used in an OS Command in the podcast playback function of Podbeuter in Newsbeuter allows remote attackers to perform user-assisted code execution by crafting an RSS item with a media enclosure i.e., a...

Exploit for OS Command Injection in Docker

RunC-CVE-2019-5736 --- Video: https://bit.ly/2WqvIL...

TrixBox CE 2.8.0.4 Command Execution Exploit

This Metasploit module exploits an authenticated OS command injection vulnerability found in Trixbox CE versions 1.2.0 through 2.8.0.4 inclusive in the network POST parameter of the /maint/modules/endpointcfg/endpointdevicemap.php page. Successful exploitation allows for arbitrary command executi...

TP-Link NC260 and NC450 OS Command Injection Vulnerability

TP-Link NC260 and TP-Link NC450 are both a webcam from China P&L TP-Link. An operating system command injection vulnerability exists in the httpSetEncryptKeyRpm method of the ipcamera binary in the TP-Link NC260 version 1.5.2 build 200304 and the NC450 version 1.5.3 build 200304. A remote attacke...

TrixBox CE 2.8.0.4 Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'TrixBox CE endpointdevicemap.php Authenticated Command Execution', 'Description' = %q This module exploits an authenticated OS command injection...

TrixBox CE endpoint_devicemap.php Authenticated Command Execution

This module exploits an authenticated OS command injection vulnerability found in Trixbox CE version 1.2.0 to 2.8.0.4 inclusive in the "network" POST parameter of the "/maint/modules/endpointcfg/endpointdevicemap.php" page. Successful exploitation allows for arbitrary command execution on the...

CVE-2020-7351

An OS Command Injection vulnerability in the endpointdevicemap.php component of Fonality Trixbox Community Edition allows an attacker to execute commands on the underlying operating system as the "asterisk" user. Note that Trixbox Community Edition has been unsupported by the vendor since 2012...

CVE-2020-7351

CVE-2020-7351 describes an authenticated OS command injection in Fonality Trixbox Community Edition, affecting the endpoint_devicemap.php component. The vulnerability allows execution of arbitrary OS commands as the user asterisk via the network POST parameter in /maint/modules/endpointcfg/endpoi...