CVE-2019-5175

An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.0214. A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially...

OS Command Injection

blamer is vulnerable to OS command injection. User input is not validated and sanitized before being passed into the exec function, allowing an attacker to inject and execute arbitrary OS commands...

CloudBees Jenkins CryptoMove OS Command Injection Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . CryptoMove is used in which a secret key...

rConfig < 3.9.5 Multiple Vulnerabilities

rConfig is prone to multiple vulnerabilities. Copyright C 2020 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation;...

CVE-2020-10250

BWA DiREX‑Pro 1.2181 devices are affected by CVE-2020-10250: remote attackers can execute arbitrary OS commands through shell metacharacters in the PKG parameter to uninstall.php3. Root cause is unsafely handling the PKG input, enabling command injection. Documented impact is remote code executio...

CVE-2020-2159

Jenkins CryptoMove Plugin 0.1.33 and earlier allows attackers with Job/Configure access to execute arbitrary OS commands on the Jenkins master as the OS user account running Jenkins...

CVE-2020-2159

Jenkins CryptoMove Plugin 0.1.33 and earlier allows attackers with Job/Configure access to execute arbitrary OS commands on the Jenkins master as the OS user account running Jenkins...

Design/Logic Flaw

Jenkins CryptoMove Plugin 0.1.33 and earlier allows attackers with Job/Configure access to execute arbitrary OS commands on the Jenkins master as the OS user account running Jenkins...

CVE-2020-2159

CVE-2020-2159 affects Jenkins CryptoMove Plugin versions 0.1.33 and earlier. The vulnerability arises because the CryptoMove plugin allows configuration of an OS command to execute as part of a build step, which will run on the Jenkins controller as the OS user running Jenkins. An attacker with J...

CVE-2020-2159

Jenkins CryptoMove Plugin 0.1.33 and earlier allows attackers with Job/Configure access to execute arbitrary OS commands on the Jenkins master as the OS user account running Jenkins...

Command injection

setSystemCommand on D-Link DCS-930L devices before 2.12 allows a remote attacker to execute code via an OS command in the SystemCommand parameter...

CVE-2016-11021

setSystemCommand on D-Link DCS-930L devices before 2.12 allows a remote attacker to execute code via an OS command in the SystemCommand parameter...

CVE-2016-11021

The CVE-2016-11021 entry concerns D-Link DCS-930L devices with version 2.12 and earlier. The vulnerability arises from a flaw in the setSystemCommand handling, allowing a remote attacker to execute arbitrary OS commands via the SystemCommand parameter. The Red Hat, CISA KEV, CVE records and PT-Se...

CVE-2016-11021

setSystemCommand on D-Link DCS-930L devices before 2.12 allows a remote attacker to execute code via an OS command in the SystemCommand parameter. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

WAGO PFC200 Cloud Connectivity Multiple Command Injection Vulnerabilities

Summary An exploitable command injection vulnerability exists in the cloud connectivity feature of WAGO PFC200. An attacker can inject operating system commands into any of the parameter values contained in the firmware update command. Tested Versions WAGO PFC200 Firmware version 03.02.0214 WAGO...

CVE-2020-10221

lib/ajaxHandlers/ajaxAddTemplate.php in rConfig through 3.94 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the fileName POST parameter...

CVE-2020-10221

lib/ajaxHandlers/ajaxAddTemplate.php in rConfig through 3.94 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the fileName POST parameter...

MGASA-2020-0121 Updated ruby-rake packages fix security vulnerability

Updated ruby-rake package fixes security vulnerability: There is an OS command injection vulnerability in Rake 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character CVE-2020-8130...

Updated ruby-rake packages fix security vulnerability

Updated ruby-rake package fixes security vulnerability: There is an OS command injection vulnerability in Rake 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character CVE-2020-8130...

CVE-2019-20500

D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Save Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=configsave configBackup or downloadServerip parameter...