CVE-2019-12929

The QMP guestexec command in QEMU 4.0.0 and earlier is prone to OS command injection, which allows the attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been disputed as a non-issue since QEMU'...

CVE-2019-12929

Summary: CVE-2019-12929 affects QEMU 4.0.0 and earlier, specifically the QMP guest_exec command. The vulnerability is OS command injection via a crafted QMP command sent to the listening server, which could lead to code execution, denial of service, or information disclosure. Some sources note th...

CVE-2019-12929

The QMP guestexec command in QEMU 4.0.0 and earlier is prone to OS command injection, which allows the attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been disputed as a non-issue since QEMU'...

CVE-2019-12928

The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection, which allows the remote attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been disputed as a...

CVE-2019-12928

CVE-2019-12928 affects QEMU's QMP migrate command in versions 4.0.0 and earlier. A crafted QMP command sent to the listening server can lead to OS command injection, enabling code execution, denial of service, or information disclosure. Public sources describe this as a remote vulnerability over ...

CVE-2019-12928

The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection, which allows the remote attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been disputed as a...

CVE-2018-16117

Sophos XG firewall  Admin Portal (17.0.8 MR-8) contains a shell escape vulnerability in /webconsole/Controller where the POST parameter dbName can be tainted with shell metacharacters. An authenticated remote attacker can execute arbitrary OS commands on the device. The CVE is CVE-2018-16117; CV...

Command injection

Cerio DT-300N 1.1.6 through 1.1.12 devices allow OS command injection because of improper input validation of the web-interface PING feature's use of Save.cgi to execute a ping command, as exploited in the wild in October 2018...

CVE-2018-18852

Cerio DT-300N 1.1.6 through 1.1.12 devices allow OS command injection because of improper input validation of the web-interface PING feature's use of Save.cgi to execute a ping command, as exploited in the wild in October 2018...

CVE-2018-18852

Cerio DT-300N devices, version 1.1.6–1.1.12, are affected by an OS command injection due to improper input validation in the web-interface PING feature (Save.cgi). The issue allows execution of arbitrary commands on the device; exploitation was observed in the wild in October 2018. CVSS details p...

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in @apollo/gateway...

VulnCheck KEV: CVE-2018-14933

NUUO NVRmini devices contain an OS command injection vulnerability. This vulnerability allows remote command execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command...

Command injection

Gemalto DS3 Authentication Server 2.6.1-SP01 allows OS Command Injection...

CVE-2019-9156

Gemalto DS3 Authentication Server 2.6.1-SP01 allows OS Command Injection...

CVE-2019-9156

Gemalto DS3 Authentication Server 2.6.1-SP01 allows OS Command Injection...

CVE-2019-9156

Gemalto DS3 Authentication Server (Ezio/DS3) before version 3.1.0 is vulnerable to OS command injection (CVE-2019-9156). The SEC Consult advisory describes multiple vulnerabilities in Ezio/DS3, with the fixed release being Ezio DS3 server v3.1.0. Impact details per sources indicate command execut...

CVE-2019-12735

getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assertfails or nviminput in Neovim...

CVE-2019-12735

CVE-2019-12735 affects Vim and the Neovim fork, where the ":source!" command was not filtered inside a sandbox, enabling shell command execution via a crafted file opened in Vim/Neovim. Connected documents confirm affected products include vim (and Neovim) across multiple distributions (Debian, C...

Geutebrück G-Cam and G-Code

1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Geutebrück Equipment: G-Cam and G-Code Vulnerabilities: Cross-site Scripting, OS Command Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow remote code...

NVIDIA GeForce Experience OS Command InjectionCVE-2019-5678

The post NVIDIA GeForce Experience OS Command Injection CVE-2019-5678 appeared first on Rhino Security Labs...