CVE-2019-1010200

Voice Builder Prior to commit c145d4604df67e6fc625992412eef0bf9a85e26b and f6660e6d8f0d1d931359d591dbdec580fef36d36 is affected by: CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection'. The impact is: Remote code execution with the same privileges as th...

CVE-2019-1010200

CVE-2019-1010200 affects Voice Builder components (two web servers exposing /tts and /alignment endpoints). Root cause: OS Command Injection due to improper neutralization of special elements in user-supplied input. Impact: remote code execution with the same privileges as the server. Attack vect...

Central Security Project: OS Command Injection in Nexus Repository Manager 2.x

Maven artifact groupId: org.sonatype.nexus.plugins artifactId: nexus-yum-repository-plugin version: 2.14.9-01 Vulnerability Vulnerability Description The Nexus Yum Repository Plugin is vulnerable to Remote Code Execution. All instances using CommandLineExecutor.java with user-supplied data is...

EulerOS 2.0 SP2 : libarchive (EulerOS-SA-2019-1725)

According to the versions of the libarchive package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - OpenEMR version 5.0.0 contains a Cross Site Scripting XSS vulnerability in open-flash-chart.swf and posteddata.php that can result in . This...

Ruby: OS Command Injection via egrep in Rake::FileList

When a file which has command file name of stating with | is in Rake::FileList, then egrep will execute the command. How to reproduce PoC pocrake.rb is the following. ruby require 'rake' list = Rake::FileList.newDir.glob'' p list list.egrep/something/ Example of executing. % ls -1 Gemfile...

OS Command Injection

minimagick is vulnerable to OS command injection. The input to Image.open is passed directly to Kernelopen, which accepts the | character. This allows a remote attacker to inject arbitrary OS command via a malicious image filename...

CVE-2019-11062

The SUNNET WMPro v5.0 and v5.1 for eLearning system has OS Command Injection via "/teach/course/doajaxfileupload.php". The target server can be exploited without authentication...

CVE-2019-11062

The SUNNET WMPro v5.0 and v5.1 for eLearning system has OS Command Injection via "/teach/course/doajaxfileupload.php". The target server can be exploited without authentication...

Command injection

The SUNNET WMPro v5.0 and v5.1 for eLearning system has OS Command Injection via "/teach/course/doajaxfileupload.php". The target server can be exploited without authentication...

CVE-2019-11062 SUNNET WMPro v5.0 and v5.1 has OS Command Injection

The SUNNET WMPro v5.0 and v5.1 for eLearning system has OS Command Injection via "/teach/course/doajaxfileupload.php". The target server can be exploited without authentication...

CVE-2019-11062

The CVE-2019-11062 entry affects SUNNET WMPro v5.0 and v5.1 for the eLearning system. Affected component: the API endpoint /teach/course/doajaxfileupload.php, where OS Command Injection is possible. Root cause described as unauthenticated remote command execution on the target server. Impact is h...

PT-2019-12159 · Sunnet · Sunnet Wmpro

Name of the Vulnerable Software and Affected Versions: SUNNET WMPro versions 5.0 through 5.1 Description: The issue concerns an OS Command Injection vulnerability. It can be exploited via the "/teach/course/doajaxfileupload.php" API endpoint without requiring authentication. Recommendations: For...

CVE-2019-0330

The OS Command Plugin in the transaction GPAADMIN and the OSCommand Console of SAP Diagnostic Agent LM-Service, version 7.2, allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application...

Code injection

ABAP Tests Modules SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5 of SAP NetWeaver Process Integration enables an attacker the execution of OS commands with privileged rights. An attacker could thereby impact the integrity and availability of the system...

Command injection

The OS Command Plugin in the transaction GPAADMIN and the OSCommand Console of SAP Diagnostic Agent LM-Service, version 7.2, allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application...

CVE-2019-0330

The OS Command Plugin in the transaction GPAADMIN and the OSCommand Console of SAP Diagnostic Agent LM-Service, version 7.2, allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application...

CVE-2019-0330

The CVE-2019-0330 issue affects SAP Diagnostics Agent (LM-Service) version 7.2, specifically the OS Command Plugin in GPA_ADMIN and the OSCommand Console. Root cause: insufficient input sanitization leading to OS command injection. Impact: attacker could inject commands and potentially control th...

CVE-2019-0328

CVE-2019-0328 affects SAP NetWeaver Process Integration’s ABAP Tests Modules across SAP Basis versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5. The root cause is improper handling when constructing external OS commands from input data, allowing an attacker to execute OS commands with privileged rights. Con...

OS Command Injection

kill-port is vulnerable to OS command injection. An attacker is able to inject arbitrary OS commands due to the usage of exec function, if the attacker is able to control the port...

SAP Diagnostics Agent CVE-2019-0330 OS Command Injection Vulnerability

Description SAP Diagnostics Agent is prone to an OS command-injection vulnerability because it fails to properly sanitize user-supplied input. An attacker may exploit this issue to inject and execute arbitrary commands within the context of the affected application; this may aid in further attack...