OS Command Injection

centreon/centreon is vulnerable to OS command injection. Lack of sanitization allows an attacker to inject and execute arbitrary OS commands on the system in minPlayCommand.php...

JVN#95875796: Multiple OS command injection vulnerabilities in DBA-1510P

DBA-1510P provided by D-Link Japan K.K. contains multiple OS command injection vulnerabilities listed below. OS command injection vulnerability in Command Line Interface CLI CWE-78 - CVE-2019-6013 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H| Base Score...

OS Command Injection

patch is vulnerable to OS command injection. An attacker is able to execute arbitrary OS commands through patch using a malicious patch file containing ed style diff payload with shell metacharacters...

Exploit for OS Command Injection in Jenkins Git_Client

CVE-2019-10392EXP Jenkins Git Client Authenticated RCE CVE-20...

Exploit for OS Command Injection in Sonatype Nexus_Repository_Manager

CVE-2019-5475-Nexus-Repository-Manager- Payload PUT /...

EulerOS 2.0 SP3 : libarchive (EulerOS-SA-2019-2014)

According to the versions of the libarchive package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An error in the lhareadfileheader1 function archivereadsupportformatlha.c in libarchive 3.2.2 allows remote attackers to trigger an...

OS Command Injection

gitlabhook is vulnerable to OS Command Injection. The vulnerability exists as it does not sanitize the values of the user input passed into execFile...

CVE-2019-16293

The Create Discoveries feature of Open-AudIT before 3.2.0 allows an authenticated attacker to execute arbitrary OS commands via a crafted value for a URL field...

CVE-2019-16293

The Create Discoveries feature of Open-AudIT before 3.2.0 allows an authenticated attacker to execute arbitrary OS commands via a crafted value for a URL field...

CVE-2019-10392

Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection...

Command injection

Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection...

CVE-2019-10392

CVE-2019-10392 affects Jenkins Git Client Plugin (versions ≤2.8.4 and 3.0.0-rc): improper restriction of values passed to git ls-remote enables OS command injection. Exploitation details are present in a public exploit repository (GitHub). NVD CVSSv3.1 base score 8.8 (HIGH). Connected advisories ...

CVE-2019-10392

Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection...

PT-2019-11786 · Jenkins · Jenkins Git Client Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Git Client Plugin versions 2.8.4 and earlier Jenkins Git Client Plugin version 3.0.0-rc Description: The issue results from improper restriction of values passed as URL arguments to an invocation of git ls-remote, leading to OS comman...

OS Command Injection in Nexus Yum Repository Plugin

The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Execution when instances using CommandLineExecutor.java are supplied vulnerable data, such as the Yum Configuration Capability...

OS Command Injection

LibreNMS is vulnerable to OS command injection. It does not properly validate the user input via the graphing options html/includes/graphs/common.inc.php and html/includes/graphs/graphs.inc.php, allowing an attacker to inject any RRDtool commands such as cd and ls via html/graph.php script...

OS Command Injection

librenms/librenms is vulnerable to OS command injection. A remote attacker is able to inject arbitrary OS commands through the RRDtool via the graphtitle parameter...

OS Command Injection

librenms/librenms is vulnerable to OS command injection. User supplied parameters that are sanitized with the mysqliescaperealstring function does not validated to contain various command line syntactical characters such as the backtick character, allowing an attacker to inject arbitrary OS...

Enigma NMS 65.0.0 - OS Command Injection Exploit

Exploit for multiple platform in category web applications !/usr/bin/python -------------------------------------------------------------------- Exploit Title: Enigma NMS OS Command Injection NETSAS Pty Ltd Enigma NMS Author: Mark Cross @xerubus | mogozobo.com Vendor: NETSAS Pty Ltd Vendor...

Enigma NMS 65.0.0 OS Command Injection

!/usr/bin/python -------------------------------------------------------------------- Exploit Title: Enigma NMS OS Command Injection NETSAS Pty Ltd Enigma NMS Date: 21 July 2019 Author: Mark Cross @xerubus | mogozobo.com Vendor: NETSAS Pty Ltd Vendor Homepage: https://www.netsas.com.au/ Software...