CVE-2020-9027

CVE-2020-9027 affects ELTEX NTP-RG-1402G devices (1v10, 3.25.3.32) and the NTP-2 variant. The vulnerability enables OS command injection through the TRACE field of the resource ping.cmd, caused by insufficient input filtering during OS command construction. Impact is high/critical per NVD CVSS 3....

GHSA-C5R5-7PFH-6QG6 BibTeX-Ruby vulnerable to OS command injection

BibTeX-ruby before 5.1.0 allows shell command injection due to unsanitized user input being passed directly to the built-in Ruby Kernel.open method through BibTeX.open...

BibTeX-Ruby vulnerable to OS command injection

BibTeX-ruby before 5.1.0 allows shell command injection due to unsanitized user input being passed directly to the built-in Ruby Kernel.open method through BibTeX.open...

OS command injection in git-diff-apply

In "index.js" file line 240, the run command executes the git command with a user controlled variable called remoteUrl. This affects git-diff-apply all versions prior to 0.22.2...

Design/Logic Flaw

Gocloud S2AWL 4.2.7.16471, S2A 4.2.7.17278, S2A 4.3.0.15815, S2A 4.3.0.17193, S3A K2P MTK 4.2.7.16528, S3A 4.3.0.16572, and ISP3000 4.3.0.17190 devices allows remote attackers to execute arbitrary OS commands via shell metacharacters in a ping operation, as demonstrated by the...

CVE-2020-8946

Netis WF2471 v1.2.30142 devices allow an authenticated attacker to execute arbitrary OS commands via shell metacharacters in the /cgi-bin-igd/syslogclean.cgi log3gtype parameter...

Design/Logic Flaw

Netis WF2471 v1.2.30142 devices allow an authenticated attacker to execute arbitrary OS commands via shell metacharacters in the /cgi-bin-igd/syslogclean.cgi log3gtype parameter...

CVE-2020-8947

CVE-2020-8947 affects Artica Pandora FMS 7.0. The vulnerability lets remote attackers execute arbitrary OS commands via shell metacharacters in the index.php?operation/netflow/nf_live_view parameters ip_dst, dst_port, or src_port (functions_netflow.php). Root cause appears to be unsafely handling...

CVE-2020-8946

Netis WF2471 v1.2.30142 devices allow an authenticated attacker to execute arbitrary OS commands via shell metacharacters in the /cgi-bin-igd/syslogclean.cgi log3gtype parameter...

Command injection

A Command Execution Vulnerability exists in IBM Sterling External Authentication Server 2.2.0, 2.3.01, 2.4.0, and 2.4.1 via an unspecified OS command, which could let a local malicious user execute arbitrary code...

EyesOfNetwork 5.3 - Remote Code Execution

Exploit Title: EyesOfNetwork 5.3 - Remote Code Execution Date: 2020-02-01 Exploit Author: Clément Billac Vendor Homepage: https://www.eyesofnetwork.com/ Software Link: http://download.eyesofnetwork.com/EyesOfNetwork-5.3-x8664-bin.iso Version: 5.3 CVE : CVE-2020-8654, CVE-2020-8655, CVE-2020-8656...

Design/Logic Flaw

Schmid ZI 620 V400 VPN 090 routers allow an attacker to execute OS commands as root via shell metacharacters to an entry on the SSH subcommand menu, as demonstrated by ping...

CVE-2020-6760

CVE-2020-6760 affects the Schmid ZI 620 V400 VPN 090 router. The vulnerability allows an attacker to execute OS commands as root by submitting shell metacharacters to an entry on the SSH subcommand menu, demonstrated by an example like ping. This is a network-based injection risk, with the impact...

CVE-2020-6760

Schmid ZI 620 V400 VPN 090 routers allow an attacker to execute OS commands as root via shell metacharacters to an entry on the SSH subcommand menu, as demonstrated by ping...

Exploit for OS Command Injection in Microvirt Memu

CVEID: CVE-2019-14514 Name of the affected products and...

OS Command Injection

im-resize is vulnerble to OS command injection. Lack of validation allows an attacker to inject and execute arbitrary OS commands on the system using a malicious image path value...

OS Command Injection

network-manager is vulnerable to OS command injection. The vulnerability exists as the unsanitized value of index.process.env.NMCLI in linux/manager.js, used by getDevices in linux/manager.js, reaches childprocess.execSync through runCommand...

Apache SpamAssassin Command Execution Vulnerability (CNVD-2020-07221)

Apache SpamAssassin is an open source spam filter from the Apache USA Foundation. The product provides system administrators with a filter and support for categorizing email to block spam. An operating system command execution vulnerability exists in Apache SpamAssassin versions prior to 3.4.3. T...

OS Command Injection

listening-processes is susceptible to OS Command Injection. The attack exists because it does not escape the user provided data along with the bash commands...

VulnCheck KEV: CVE-2019-7256

Nice Linear eMerge E3-Series contains an OS command injection vulnerability that allows an attacker to conduct remote code execution...