Keijiban Tsumiki vulnerable to OS command injection

Overview Keijiban Tsumiki provided by Mash room - Free CGI - is a CGI to provide Bulletin Board System BBS functions. Keijiban Tsumiki contains an OS command injection vulnerability CWE-78. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on Januar...

JVN#63834780: Shihonkanri Plus GOOUT vulnerable to OS command injection

Shihonkanri Plus GOOUT provided by EKAKIN is a CGI that enables to view data stored in Shihonkanri Plus outside. Shihonkanri Plus GOOUT contains an OS command injection CWE-78 vulnerability. Impact A remote attacker may execute an arbitrary OS command. Solution Consider stop using Shihonkanri Plu...

JVN#88277644: Keijiban Tsumiki vulenrable to OS command injection

Keijiban Tsumiki provided by Mash room - Free CGI - is a CGI to provide Bulletin Board System BBS functions. Keijiban Tsumiki contains an OS command injection vulnerability CWE-78. Impact A remote attacker may execute an arbitrary OS command. Solution Consider stop using Keijiban Tsumiki v1.15...

JVN#27951364: WL-Enq (WEB Enquete) vulnerable to OS command injection

WL-Enq WEB Enquete provided by WonderLink is a CGI to provide web enquete functions. WL-Enq WEB Enquete contains an OS command injection vulnerability CWE-78. Impact A remote attacker may execute arbitrary OS commands with the administrative privilege. Solution Consider stop using WL-Enq 1.12 Sin...

CVE-2020-8130

There is an OS command injection vulnerability in Ruby Rake 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character |. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria...

CVE-2019-16072

Affected product: NETSAS Enigma NMS (65.0.0 and earlier). Vulnerability: OS command injection in the discover_and_manage CGI script, caused by improper neutralization of shell metacharacters in the ip_address variable within an snmp_browser action. Impact: attacker (authenticated) can execute arb...

Design/Logic Flaw

PerlSpeak through 2.01 allows attackers to execute arbitrary OS commands, as demonstrated by use of system and 2-argument open...

CVE-2020-10674

CVE-2020-10674 affects PerlSpeak up to version 2.01, where an attacker can execute arbitrary operating-system commands via Perl’s system call and a two-argument open. This is documented across multiple sources (NVD, Red Hat CVE entry, and related feeds). The Red Hat entry reiterates the same desc...

CVE-2020-10674

PerlSpeak through 2.01 allows attackers to execute arbitrary OS commands, as demonstrated by use of system and 2-argument open...

CVE-2019-18582

Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71 contain a server-side template injection vulnerability in the REST API. A remote authenticated malicious user with administrative privileges may potentially exploit this...

Sql injection

Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71 contain a server-side template injection vulnerability in the REST API. A remote authenticated malicious user with administrative privileges may potentially exploit this...

CVE-2019-18582

Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71 contain a server-side template injection vulnerability in the REST API. A remote authenticated malicious user with administrative privileges may potentially exploit this...

CVE-2019-18582

Dell EMC Data Protection Advisor (DPA) REST API versions 6.3/6.4/6.5, 18.2 before patch 83, and 19.1 before patch 71 are affected by a server-side template injection vulnerability. A remote authenticated attacker with admin privileges can inject scripts via the report generation feature, potentia...

CVE-2019-18581

Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71 contain a server missing authorization vulnerability in the REST API. A remote authenticated malicious user with administrative privileges may potentially exploit this...

OS Command Injection

node-rules is vulnerable to OS command injection. The argument rules in the fromJSON in node-rules.js is passed to the eval function without any validation or sanitization, allowing an attacker to inject and execute arbitrary OS commands...

OS Command Injection

docker-compose-remote-api is vulnerable to OS command injection. An attacker is able to inject and execute arbitrary OS commands via the serviceName parameter due to lack of validation before passing to the exec function...

OS Command Injection

pulverizr is vulnerable to OS Command Injection. The vulnerability exists as the value of filename is improperly handled by lib/job.js...

Razer: 🐞 OS Command Injection at https://sea-web.gold.razer.com/lab/ws-lookup via IP parameter

The tester discovered a Razer Gold Thailand site that suffered from a service with a command injection vulnerability. Razer thanks the tester for his report and clear PoC. a real world CTF-Like challenge 😅 Burpsuite Collaborator Client was very helpful Thanks @Razer for the bounty 🥳...

CVE-2020-10390

OS Command Injection in export.php vulnerable function called from include/functions-article.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by saving the code to be executed as the wkhtmltopdf path via admin/save-settings.php...

CVE-2020-10390

CVE-2020-10390 affects Chadha PHPKB Standard Multi-Language 9. The OS command injection exists in export.php (called from include/functions-article.php) allowing remote code execution by saving malicious code into the wkhtmltopdf path via admin/save-settings.php. This is documented across multipl...