CVE-2020-11581

An issue was discovered in Pulse Secure Pulse Connect Secure PCS through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, allows a man-in-the-middle attacker to perform OS command injection attacks against a client via shell...

OS Command Injection

node-key-sender is vulnerable to OS command injection. The vulnerability exists through the unsanitized value of arrParams used in exec...

OS Command Injection

effect is vulnerable to OS command injection. The vulnerability exists as it does not sanitize the value of cmd that used by exec...

OS Command Injection

install-package and umount are vulnerable to OS command injection. The vulnerabilities exists as the values of args were not sanitized when used in exec...

OS Command Injection

strong-nginx-controller is vulnerable to OS command injection. Lack of validation and sanitization of the action parameter allows an attacker to inject and execute arbitrary OS commands via the nginxCmd function...

OS Command Injection

jscover is vulnerable to OS Command Injection. The vulnerability exists as the source argument is not sanitized and can be controlled by users...

OS Command Injection

get-git-data is vulnerable to OS command injection. The vulnerability exists as the values of cmd is not sanitized...

CVE-2020-11490

Manage::Certificates in Zen Load Balancer 3.10.1 allows remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the index.cgi certissuer, certdivision, certorganization, certlocality, certstate, certcountry, or certemail parameter...

CVE-2019-10392

Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection...

CVE-2019-14905

A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxosfilecopy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS...

CVE-2019-14905

A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxosfilecopy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS...

CVE-2019-14905

A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxosfilecopy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS...

CVE-2019-14905

A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxosfilecopy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS...

CVE-2019-14905

A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxosfilecopy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS...

CVE-2019-14905

The CVE-2019-14905 issue affects Ansible Engine’s nxos_file_copy module, where the filename parameter could be crafted to inject OS commands on NXOS devices. This is a local attack with potential confidentiality, integrity, and availability impacts as described (loss of confidentiality, etc.). Af...

CVE-2019-14905

A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxosfilecopy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS...

DLINK DWL-2600 Authenticated Remote Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'DLINK DWL-2600 Authenticated Remote Command Injection', 'Description' = %q Some DLINK Access Points are vulnerable to an authenticated OS command...

Design/Logic Flaw

openITCOCKPIT before 3.7.3 has a web-based terminal that allows attackers to execute arbitrary OS commands via shell metacharacters that are mishandled on an su command line in app/Lib/SudoMessageInterface.php...

CVE-2020-10789

openITCOCKPIT before 3.7.3 has a web-based terminal that allows attackers to execute arbitrary OS commands via shell metacharacters that are mishandled on an su command line in app/Lib/SudoMessageInterface.php...

CVE-2020-10789

OpenITCOCKPIT prior to version 3.7.3 exposes a web-based terminal that can execute arbitrary OS commands due to mishandling of shell metacharacters in the su path (app/Lib/SudoMessageInterface.php). Affected product/component: OpenITCOCKPIT web UI; root cause: improper handling of shell metachara...