CVE-2020-7351 Fonality Trixbox CE Post-Authentication Command Injection

An OS Command Injection vulnerability in the endpointdevicemap.php component of Fonality Trixbox Community Edition allows an attacker to execute commands on the underlying operating system as the "asterisk" user. Note that Trixbox Community Edition has been unsupported by the vendor since 2012...

CVE-2019-19220

BMC Control-M/Agent 7.0.00.000 allows OS Command Injection issue 2 of 2...

CVE-2019-19217

BMC Control-M/Agent 7.0.00.000 allows OS Command Injection...

Command injection

BMC Control-M/Agent 7.0.00.000 allows OS Command Injection...

Command injection

BMC Control-M/Agent 7.0.00.000 allows OS Command Injection issue 2 of 2...

CVE-2019-19217

CVE-2019-19217 affects BMC Control-M/Agent 7.0.00.000. Described in CNVD-2020-26845 and NVD entry as OS command injection via the TCP protocol used between Control-M/Agent and Control-M/Server; a remote attacker could submit a crafted request to execute arbitrary commands. No remediation details ...

CVE-2019-19217

BMC Control-M/Agent 7.0.00.000 allows OS Command Injection...

CVE-2019-19220

BMC Control-M/Agent 7.0.00.000 allows OS Command Injection issue 2 of 2...

CVE-2019-19220

CVE-2019-19220 affects BMC Control-M/Agent 7.0.00.000. Descriptions across sources indicate an OS command injection vulnerability (issue 2 of 2) in Control-M/Agent. CNVD-2020-26846 notes a remote-command injection risk when using TCP, enabling arbitrary OS command execution by a crafted request. ...

CVE-2016-11061

Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, and 7970i devices before 073.xxx.086.15410 do not properly escape parameters in the support/remoteUI/configrui.php script, which can allow an unauthenticated attacker to execute OS commands on the...

Command injection

Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, and 7970i devices before 073.xxx.086.15410 do not properly escape parameters in the support/remoteUI/configrui.php script, which can allow an unauthenticated attacker to execute OS commands on the...

CVE-2016-11061

Xerox WorkCentre devices (models 3655/3655i, 58XX/58XXi, 59XX/59XXi, 6655/6655i, 72XX/72XXi, 78XX/78XXi, 7970/7970i) affected before firmware 073.xxx.086.15410. The issue stems from improper escaping of parameters in support/remoteUI/configrui.php, allowing an unauthenticated attacker to execute ...

CVE-2020-12246

Beeline Smart Box 2.0.38 routers allow "Advanced settings Other Diagnostics" OS command injection via the Ping pingipaddr parameter, the Nslookup nslookupipaddr parameter, or the Traceroute tracerouteipaddr parameter...

Command injection

Beeline Smart Box 2.0.38 routers allow "Advanced settings Other Diagnostics" OS command injection via the Ping pingipaddr parameter, the Nslookup nslookupipaddr parameter, or the Traceroute tracerouteipaddr parameter...

CVE-2020-12246

Beeline Smart Box 2.0.38 is affected by CVE-2020-12246, a OS command injection in the Diagnostics page (Advanced settings > Other > Diagnostics) via the Ping (ping_ipaddr), Nslookup (nslookup_ipaddr), and Traceroute (traceroute_ipaddr) parameters. Public sources in the connected set (NVD, R...

CVE-2020-12246

Beeline Smart Box 2.0.38 routers allow "Advanced settings Other Diagnostics" OS command injection via the Ping pingipaddr parameter, the Nslookup nslookupipaddr parameter, or the Traceroute tracerouteipaddr parameter...

CVE-2020-11941

An issue was discovered in Open-AudIT 3.2.2. There is OS Command injection in Discovery...

CVE-2020-11941

An issue was discovered in Open-AudIT 3.2.2. There is OS Command injection in Discovery...

CVE-2020-11941

Open-AudIT 3.2.2 contains multiple vulnerabilities. An authenticated attacker can exploit OS command injection in the Discovery module by unsafely handling data[attributes][other][nmap][ssh_ports], enabling remote code execution (reverse shell) on the appliance, as demonstrated in the Core Securi...

OS Command Injection

git-promise is vulnerable to OS commnad injection. User input is not validated and sanitized before being passed to the git function and executed...