Cisco UCS Manager Software Operating System Command Injection Vulnerability

The Cisco UCS 6400 Series Fabric Interconnects is a 6400 series switching matrix device from Cisco USA. An operating system command injection vulnerability exists in the local management CLI in Cisco UCS Manager Software, which stems from the program's failure to perform sufficient input validati...

Debian: Security Advisory (DLA-2120-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2120-1] rake security update

Package : rake Version : 10.3.2-2+deb8u1 CVE ID : CVE-2020-8130 There is an OS command injection vulnerability in Rake a ruby make-like utility 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character |. For Debian 8 "Jessie", this problem has been fixed in version...

OS Command Injection

rake is vulnerable to OS command injection. The vulnerability exists as it improperly handles the value of the command file name in Rake::FileList, allowing OS command injection when list.egrep is called with a malicious file name such as | touch evil.txt...

CVE-2019-3999

Improper neutralization of special elements used in an OS command in Druva inSync Windows Client 6.5.0 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges...

Command injection

Improper neutralization of special elements used in an OS command in Druva inSync Windows Client 6.5.0 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges...

CVE-2019-3999

CVE-2019-3999 affects Druva inSync Windows Client (notably versions around 6.5.0/6.5.2). A local, unauthenticated attacker can exploit improper neutralization of special elements in the inSyncCPHwnet64 RPC service (on TCP port 6064) to execute arbitrary OS commands with SYSTEM privileges, i.e., a...

CVE-2019-3999

Improper neutralization of special elements used in an OS command in Druva inSync Windows Client 6.5.0 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges...

OS Command Injection

compile-sass is vulnerable to OS command injection. Lack of validation and sanitization allows an attacker to inject and execute arbitrary OS commands within the rm command in the function setupCleanupOnExitcssPath in dist/index.js...

Ruby Rake OS Command Injection Vulnerability

Rake is a software task management and formation automation tool. An operating system command injection vulnerability exists in Ruby Rake versions prior to Rake 12.3.3:: FileList. The vulnerability arises from a network system or product not properly filtering special characters, commands, etc...

CVE-2020-8130

There is an OS command injection vulnerability in Ruby Rake 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character |...

Command injection

There is an OS command injection vulnerability in Ruby Rake 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character |...

CVE-2020-8130

CVE-2020-8130 is an OS command injection in Ruby Rake prior to 12.3.3, affecting the Rake::FileList handling of filenames starting with the pipe character |. Root cause: unsafe processing of external input in FileList leads to command execution. Impact: potential arbitrary OS commands if such fil...

Moxa AWK-3131A iw_webs DecryptScriptFile file name Command Injection Vulnerability

Summary An exploitable command injection vulnerability exists in the iwwebs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iwsystem call, resulting in remote control over the device. A...

Moxa AWK-3131A Encrypted Diagnostic Script Command Injection Vulnerability

Summary An exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file can cause arbitrary busybox commands to be executed, resulting in remote control over the device. An...

CVE-2020-8813

graphrealtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege...

CVE-2020-8813

graphrealtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege...

CVE-2020-8813

CVE-2020-8813 affects Cacti (notably up to version 1.2.8) and enables remote code execution. An authenticated guest user with the graph real-time privilege can trigger arbitrary OS commands via shell metacharacters in a cookie, impacting servers running Cacti. The available connected advisory con...

CVE-2020-8813

graphrealtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege...

CVE-2020-6841

D-Link DCH-M225 1.05b01 and earlier devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the spotifyConnect.php userName parameter...