1227 matches found
The vulnerability of the libsal.so file in Zyxel GS1900 series switch software allows a hacker to execute arbitrary commands.
The vulnerability of the libsal.so file in Zyxel GS1900 series switch software lies in the lack of measures taken to neutralize special elements. Exploiting this vulnerability allows an attacker to execute arbitrary OS commands through the graphical interface...
jenkins-2-plugins/docker-commons: does not sanitize the name of an image or a tag which could result in an OS command execution
An OS command execution vulnerability was found in the Jenkins Docker Commons plugin. Due to a lack of sanitization in the name of an image or a tag, an attacker with Item/Configure permission or the ability to control the contents of a previously configured job’s SCM repository may be able to...
Jenkins Pipeline: Multibranch Plugin 操作系统命令注入漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. Jenkins Pipeline:...
CVE-2022-23340
Joplin 2.6.10 allows remote attackers to execute system commands through malicious code in user search results...
Joplin 代码问题漏洞
Joplin is an open source notes and to-do list application. A code issue vulnerability exists in Joplin, which arises from a product that allows execution of system commands via malicious code in user search results. The following products and versions are affected: Joplin version 2.6.10...
CVE-2021-29393
The CVE-2021-29393 entry concerns Northstar Club Management 6.3. Affected component: web interfaces cominput.jsp and comoutput.jsp. Root cause: unsanitized user-controlled parameters command and commandvalues enable an OS command injection, allowing remote unauthenticated users to inject and exec...
CVE-2021-40410
An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.13620121102. At 4 the dnsdata-dns1 variable, that has the value of the dns1 parameter provided through the SetLocal API, is not validated properly. This would lead to an OS command...
gegl: shell expansion via a crafted pathname
Due to the use of the system command in the Magick-Load op used by gegl an attacker is able to craft a command line path that is able to lead to the execution of arbitrary shell commands that impacts availability, confidentiality and integrity...
Security Bulletin: IBM FileNet Content Manager Operating System command injection security vulnerability
Summary FileNet Content Manager component Administration Console for Content Platform Engine ACCE user Operating System command injection security vulnerability Vulnerability Details CVEID: CVE-2021-38965 DESCRIPTION: IBM FileNet Content Manager could allow a remote authenticated attacker to...
Lantronix PremierWave 2050 OS Command Injection Vulnerability (CNVD-2022-04975)
The Lantronix PremierWave 2050 is an embedded Wi-Fi module manufactured by Lantronix. The Lantronix PremierWave 2050 is vulnerable to an operating system command injection vulnerability that could be exploited by an attacker to cause arbitrary command execution in the "EC keypasswd" parameter wit...
SAP NetWeaver AS 操作系统命令注入漏洞
SAP NetWeaver AS is a SAP network application server from SAP. It not only provides network services, but is also the basic platform for SAP software. SAP NetWeaver AS ABAP suffers from an operating system command injection vulnerability that originates from allowing an attacker with elevated...
PT-2021-15419
Name of the Vulnerable Software and Affected Versions Atlassian Confluence versions prior to 7.4.11 Atlassian Confluence versions 7.3.0 through 7.3.6 Atlassian Confluence versions 7.0.0 through 7.0.14 Atlassian Confluence versions 6.13.0 through 6.15.9 Description The issue allows authenticated...
Lantronix PremierWave 2050 OS Command Injection Vulnerability (CNVD-2022-04980)
The Lantronix PremierWave 2050 is an embedded enterprise Wi-Fi module from Lantronix, Inc. The Lantronix PremierWave 2050 is vulnerable to an operating system command injection vulnerability that could be exploited by attackers to cause arbitrary command execution...
Lantronix PremierWave 2050 OS Command Injection Vulnerability
The Lantronix PremierWave 2050 is an embedded enterprise Wi-Fi module from Lantronix, Inc. The Lantronix PremierWave 2050 is vulnerable to an operating system command injection vulnerability that could be exploited by attackers to cause arbitrary command execution...
PT-2021-22546
Name of the Vulnerable Software and Affected Versions: ohmyzsh affected versions not specified Description: The issue concerns Improper Neutralization of Special Elements used in an OS Command. Recommendations: At the moment, there is no information about a newer version that contains a fix for...
VulnCheck KEV: CVE-2016-11021
setSystemCommand on D-Link DCS-930L devices allows a remote attacker to execute code via an OS command...
Open Game Panel 操作系统命令注入漏洞
Open Game Panel is an open source game server control panel. It uses a web interface PHP/MySQL to control the agent Perl running on the server hosting the game. It is used to start/stop/monitor game server instances. A security vulnerability exists in Open Game Panel OGP-Agent-Linux, which stems...
Microsoft OMI Management Interface Authentication Bypass
By removing the authentication exchange, an attacker can issue requests to the local OMI management socket that will cause it to execute an operating system command as the root user. This vulnerability was patched in OMI version 1.6.8-1 released September 8th 2021. Module Options msf use...
Microsoft OMI Management Interface Authentication Bypass Exploit
By removing the authentication header, an attacker can issue an HTTP request to the OMI management endpoint that will cause it to execute an operating system command as the root user. This vulnerability was patched in OMI version 1.6.8-1 released September 8th 2021. This module requires Metasploi...
CVE-2021-22037
Under certain circumstances, when manipulating the Windows registry, InstallBuilder uses the reg.exe system command. The full path to the command is not enforced, which results in a search in the search path until a binary can be identified. This makes the installer/uninstaller vulnerable to Path...