Node.js third-party modules: OS Command Injection on Jison [all-parser-ports]

I would like to report OS Command Injection vulnerability on Jison in parser ports. CSharp, PHP It allows arbitrary OS shell command execution through a crafted command-line argument. Basic Information Module: jison Version: 0.4.18 NPM Project Page: https://www.npmjs.com/package/jison Module...

Central Security Project: OS Command Injection in Nexus Repository Manager 2.x(bypass CVE-2019-5475)

OS Command Injection in Nexus Repository Manager 2.xbypass CVE-2019-5475 Maven artifact groupId: org.sonatype.nexus.plugins artifactId: nexus-yum-repository-plugin version: 2.14.14-01 Vulnerability Vulnerability Description The Nexus Yum Repository Plugin is vulnerable to Remote Code Execution. A...

CVE-2019-11364

CVE-2019-11364 describes an OS command injection in Snare Central prior to 7.4.5. The vulnerability allows remote authenticated attackers to inject arbitrary OS commands via the ServerConf/DataManagement/DiskManager.php FORMNAS_share parameter. Affected product is Snare Central; root cause is uns...

CVE-2019-15503

cgi-cpn/xcoding/prontusvideocut.cgi in AltaVoz Prontus aka ProntusCMS through 12.0.3.0 has "Improper Neutralization of Special Elements used in an OS Command," allowing attackers to execute OS commands via an HTTP GET parameter...

CVE-2019-15503

cgi-cpn/xcoding/prontusvideocut.cgi in AltaVoz Prontus aka ProntusCMS through 12.0.3.0 has "Improper Neutralization of Special Elements used in an OS Command," allowing attackers to execute OS commands via an HTTP GET parameter...

CVE-2019-15503

The CVE-2019-15503 in AltaVoz Prontus (ProntusCMS) up to version 12.0.3.0 is tied to an Improper Neutralization of Special Elements used in an OS Command (command injection) in cgi-cpn/xcoding/prontus_videocut.cgi. It allows an attacker to execute OS commands via an HTTP GET parameter, enabling r...

Exploit for OS Command Injection in Fusionpbx

CVE-2019-15029 The official exploit code for FusionPBX v4.4.8...

Design/Logic Flaw

cgi-bin/cmh/webcam.sh in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via --output argument injection in the username parameter to /cgi-bin/cmh/webcam.sh...

CVE-2019-15498

cgi-bin/cmh/webcam.sh in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via --output argument injection in the username parameter to /cgi-bin/cmh/webcam.sh...

Design/Logic Flaw

The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to upload any file type to a candidate's profile picture folder via a crafted recruitmentonline/personalData/actpersonaltab.cfm multiple-part POST request with a predictable WRC01USERID...

CVE-2019-15130

The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to upload any file type to a candidate's profile picture folder via a crafted recruitmentonline/personalData/actpersonaltab.cfm multiple-part POST request with a predictable WRC01USERID...

Mitsubishi Electric smartRTU INEA ME-RTU - Unauthenticated OS Command Injection Bind Shell

Mitsubishi Electric smartRTU INEA ME-RTU - Unauthenticated OS Command Injection Bind Shell !/usr/bin/python Exploit Title: Mitsubishi Electric smartRTU & INEA ME-RTU Unauthenticated OS Command Injection Date: 29 June 2019 Exploit Author: @xerubus | mogozobo.com Vendor Homepage:...

MicroDigital N-series cameras Operating System Command Injection Vulnerability

MicroDigital N-series cameras is an N-series network camera from MicroDigital Korea. An operating system command injection vulnerability exists in MicroDigital N-series cameras. An attacker can exploit this vulnerability to execute illegal operating system commands...

CVE-2019-14699

An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker can exploit OS Command Injection in the filename parameter for remote code execution as root. This occurs in the Mainproc executable file, which can be run from the HTTPD web server...

Command injection

An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker can exploit OS Command Injection in the filename parameter for remote code execution as root. This occurs in the Mainproc executable file, which can be run from the HTTPD web server...

CVE-2019-14699

CVE-2019-14699 affects MicroDigital N-series network cameras with firmware up to 6400.0.8.5. The vulnerability lies in the filename parameter processed by the Mainproc executable, which can be invoked via the HTTPD web server and is susceptible to OS command injection. Successful exploitation yie...

CVE-2019-14699

An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker can exploit OS Command Injection in the filename parameter for remote code execution as root. This occurs in the Mainproc executable file, which can be run from the HTTPD web server...

CVE-2019-14260

CVE-2019-14260 affects the Alcatel-Lucent Enterprise (ALE) 8008 Cloud Edition Deskphone VoIP, firmware 1.50.13. The vulnerability is a command injection in the Change Password interface’s password-change field, allowing an authenticated remote attacker on the same network to trigger OS commands v...

Prima Systems FlexAir

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Prima Systems Equipment: FlexAir Vulnerabilities : OS Command Injection, Unrestricted Upload of File with Dangerous Type, Cross-site Request Forgery, Small Space of Random Values, Cross-site...

CVE-2019-1010200

Voice Builder Prior to commit c145d4604df67e6fc625992412eef0bf9a85e26b and f6660e6d8f0d1d931359d591dbdec580fef36d36 is affected by: CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection'. The impact is: Remote code execution with the same privileges as th...