21 matches found
CVE-2019-25441
thesystem 1.0 contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious input to the runcommand endpoint. Attackers can send POST requests with shell commands in the command parameter to execute arbitrary code on...
CVE-2019-25441 thesystem 1.0 Command Injection via run_command endpoint
thesystem 1.0 contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious input to the runcommand endpoint. Attackers can send POST requests with shell commands in the command parameter to execute arbitrary code on...
CVE-2019-25441 thesystem 1.0 Command Injection via run_command endpoint
thesystem 1.0 contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious input to the runcommand endpoint. Attackers can send POST requests with shell commands in the command parameter to execute arbitrary code on...
CVE-2024-44844
DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the name parameter in the runcommand function...
CVE-2024-12952 melMass comfy_mtb Dependency endpoint.py run_command code injection
A vulnerability classified as critical was found in melMass comfymtb up to 0.1.4. Affected by this vulnerability is the function runcommand of the file comfymtb/endpoint.py of the component Dependency Handler. The manipulation leads to code injection. The attack can be launched remotely. The...
CVE-2024-44844
DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the name parameter in the runcommand function...
CVE-2024-44844
CVE-2024-44844 affects DrayTek Vigor3900 v1.5.1.6. An authenticated command injection vulnerability exists in the run_command function through the name parameter, enabling arbitrary commands with low privileges required and no user interaction. Impact is high on confidentiality, integrity, and av...
CVE-2024-44844
DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the name parameter in the runcommand function...
Ansible: Improper shell escaping in ansible-runner
A flaw was found in ansible-runner. An improper escaping of the shell command, while calling the ansiblerunner.interface.runcommand, can lead to parameters getting executed as host's shell command. A developer could unintentionally write code that gets executed in the host rather than the virtual...
EulerOS Virtualization for ARM 64 3.0.3.0 : git (EulerOS-SA-2019-2310)
According to the version of the git packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - Git before 2.19.2 on Linux and UNIX executes commands from the current working directory as if '.' were at the end of $PATH ...
Updated git packages fix security vulnerability
Git before 2.19.2 on Linux and UNIX executes commands from the current working directory as if '.' were at the end of $PATH in certain cases involving the runcommand API and run-command.c, because there was a dangerous change from execvp to execv during 2017 CVE-2018-19486...
Amazon Linux 2 : git (ALAS-2018-1136)
Git before 2.19.2 on Linux and UNIX executes commands from the current working directory as if '.' were at the end of $PATH in certain cases involving the runcommand API and run-command.c, because there was a dangerous change from execvp to execv during 2017.CVE-2018-19486 C Tenable Network...
CVE-2018-19486
Git before 2.19.2 on Linux and UNIX executes commands from the current working directory as if '.' were at the end of $PATH in certain cases involving the runcommand API and run-command.c, because there was a dangerous change from execvp to execv during 2017...
CVE-2018-19486
Git before 2.19.2 on Linux and UNIX executes commands from the current working directory as if '.' were at the end of $PATH in certain cases involving the runcommand API and run-command.c, because there was a dangerous change from execvp to execv during 2017...
CVE-2018-19486
Git before 2.19.2 on Linux and UNIX executes commands from the current working directory as if '.' were at the end of $PATH in certain cases involving the runcommand API and run-command.c, because there was a dangerous change from execvp to execv during 2017...
Design/Logic Flaw
Git before 2.19.2 on Linux and UNIX executes commands from the current working directory as if '.' were at the end of $PATH in certain cases involving the runcommand API and run-command.c, because there was a dangerous change from execvp to execv during 2017...
CVE-2018-19486
Git before 2.19.2 on Linux and UNIX executes commands from the current working directory as if '.' were at the end of $PATH in certain cases involving the runcommand API and run-command.c, because there was a dangerous change from execvp to execv during 2017...
CVE-2018-19486
Git before 2.19.2 on Linux and UNIX executes commands from the current working directory as if '.' were at the end of $PATH in certain cases involving the runcommand API and run-command.c, because there was a dangerous change from execvp to execv during 2017...
CVE-2018-19486
Git before 2.19.2 on Linux and UNIX executes commands from the current working directory as if '.' were at the end of $PATH in certain cases involving the runcommand API and run-command.c, because there was a dangerous change from execvp to execv during 2017...
UBUNTU-CVE-2018-19486
Git before 2.19.2 on Linux and UNIX executes commands from the current working directory as if '.' were at the end of $PATH in certain cases involving the runcommand API and run-command.c, because there was a dangerous change from execvp to execv during 2017...