1227 matches found
CVE-2021-27102
Accellion FTA 912411 and earlier is affected by OS command execution via a local web service call. The fixed version is FTA912416 and later...
Accellion FTA 操作系统命令注入漏洞
Accellion File Transfer Appliance FTA is a secure file transfer service that allows users to share and synchronize files online, all encrypted with AES 128/256. An OS command injection vulnerability exists in Accellion FTA 912411 and earlier versions. The vulnerability can be exploited to execute...
CVE-2021-25297
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command...
Nagios XI 安全漏洞
Nagios XI is a commercial monitoring solution built on Nagios Core, including dashboards, web-based configuration, advanced reporting and rich data visualization. An OS command injection vulnerability exists in /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php in Nagio...
DELL EMC PowerScale 操作系统命令注入漏洞
Dell EMC PowerScale OneFS is an API-powered file system. An OS command injection vulnerability exists in Dell EMC PowerScale OneFS 8.1.0 - 9.1.0. An attacker with the ISIPRIVCLUSTER privilege could exploit this vulnerability to execute arbitrary OS commands on the underlying OS of an application...
CVE-2021-3122
CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH servers permits the submission of a runCommand parameter within an XML document sent to port 8089 that enables the remote, unauthenticated execution of an arbitrary command as SYSTEM, as exploited in the wild in 2020 and/or 2021. NOTE: th...
Command execution vulnerability exists in SEACMS (CNVD-2021-15533)
SEACMS is a video-on-demand system designed for webmasters with different needs. A command execution vulnerability exists in SEACMS. An attacker can exploit this vulnerability to inject malicious code, execute system commands, and obtain system privileges...
Multiple Cisco Products OS Command Injection Vulnerabilities
The Cisco Small Business RV Series Routers is an RV series router from Cisco. An operating system command injection vulnerability exists in the Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers, which can be exploited by an authenticated, remote attacker to inject arbitra...
LOGITEC CORPORATION LAN-W300N/PGRB Operating System Command Injection Vulnerability
LOGITEC CORPORATION LAN-W300N/PGRB is a wireless router device. LOGITEC CORPORATION LAN-W300N/PGRB is vulnerable to OS command injection, which can be exploited by attackers to execute arbitrary OS commands via unspecified vectors...
OS command injection vulnerability in multiple Infoscience Corporation log management tools
Overview Infoscience Corporation's multiple log management tools provide an FTP upload function as one of the log collection methods, and is able to set to allow the adminitrators to accept FTP uploads. In a situation where the FTP upload function is enabled and there is a flaw of input value...
VulnCheck KEV: CVE-2020-8283
An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9...
VulnCheck KEV: CVE-2020-8269
An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9...
北京坤豆 Mubu 授权问题漏洞
Mubu is a platform for online writing from Mubu, a company based in Beijing, China. An authorization issue vulnerability exists in Mubu version 2.2.1, which stems from its failure to strictly limit user privileges and can be exploited by a local attacker to execute system commands...
TP-Link TL-WR840N OS Command Injection Vulnerability
The TP-LINK TL-WR840N is a wireless router with a channel count of 13 and VPN support. An OS command injection vulnerability exists in oaliptaddBridgeIsolationRules in TP-Link TL-WR840N 6EU0.9.14.16. The vulnerability stems from raw strings entered from the web interface being used to call system...
KLog Server OS Command Injection Vulnerability
KLog is ZhaoKaiQiang KLog individual developers of a logging tool for Android development . The tool's main functions are to print line numbers, function calls, Json parsing, XML parsing, click to jump, Log information saved and other functions. KLog Server 2.4.1 suffers from an OS command...
The vulnerability of the Ansible configuration management system lies in its lack of mechanisms to neutralize special elements used in operating system commands. This allows attackers to escalate their privileges and execute arbitrary code.
The vulnerability of the Ansible configuration management system is related to the lack of measures to neutralize special elements used in the OS command. Exploiting this vulnerability can allow an attacker to enhance their privileges and execute arbitrary code...
CVE-2020-25757
A lack of input validation and access controls in Lua CGIs on D-Link DSR VPN routers may result in arbitrary input being passed to system command APIs, resulting in arbitrary command execution with root privileges. This affects DSR-150, DSR-250, DSR-500, and DSR-1000AC with firmware 3.14 and 3.17...
CVE-2020-25757
CVE-2020-25757 affects D-Link DSR-series VPN routers (DSR-150, DSR-250, DSR-500, DSR-1000AC) running firmware 3.14 and 3.17. The root cause is inadequate input validation and access controls in Lua CGI handlers, allowing user-supplied data to reach system command APIs (os.popen) and enabling arbi...
CVE-2020-5639
Directory traversal vulnerability in FileZen versions from V3.0.0 to V4.2.2 allows remote attackers to upload an arbitrary file in a specific directory via unspecified vectors. As a result, an arbitrary OS command may be executed...
Command Execution Vulnerability in the ad***_ip***.php File in SeaCMS-v10.9 (SeaCMS)
Ocean CMS, also known as SeaCMS, using php + mysql development, completely open source and free of charge, adaptive to computers, cell phones, tablets, APP multi-terminal, no encryption, more secure, is a very good tool to build the station! Ocean CMS-v10.9 SeaCMS adip.php file has a command...