1227 matches found
CVE-2020-29390
Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet StartSessionSubmit parameter that could allow an unauthenticated attacker to execute a system command by using shell metacharacters and the %0a character...
CVE-2020-29390
Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet StartSessionSubmit parameter that could allow an unauthenticated attacker to execute a system command by using shell metacharacters and the %0a character...
TotoLink A850r-v1 安全漏洞
TOTOLINK A850R-V1 is a wireless dual-band router.TOTOLINK A850R-V1 version 1.0.1-B20150707.1612 and F1-V2 version 1.1-B20150708.1646 contain a security vulnerability that could be exploited by attackers to execute remote code via the formSysCmd sysCmd parameter in the management interface to...
VulnCheck KEV: CVE-2018-13023
System command injection vulnerability in wifiaccess in Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute system commands via the "timeout" URL parameter...
CVE-2020-2276
Jenkins Selection tasks Plugin 1.0 and earlier executes a user-specified program on the Jenkins controller, allowing attackers with Job/Configure permission to execute an arbitrary system command on the Jenkins controller as the OS user that the Jenkins process is running as...
CVE-2020-2276
Jenkins Selection tasks Plugin 1.0 and earlier executes a user-specified program on the Jenkins controller, allowing attackers with Job/Configure permission to execute an arbitrary system command on the Jenkins controller as the OS user that the Jenkins process is running as...
CVE-2020-2276
CVE-2020-2276 affects the Jenkins Selection tasks Plugin (version 1.0 and earlier). The issue allows attackers with Job/Configure permission to run an arbitrary system command on the Jenkins controller by executing a user-specified program, effectively substituting the OS user that the Jenkins pr...
CVE-2020-15692
In Nim 1.2.4, the standard library browsers mishandles the URL argument to browsers.openDefaultBrowser. This argument can be a local file path that will be opened in the default explorer. An attacker can pass one argument to the underlying open command to execute arbitrary registered system...
Command injection
DKIM key management page vulnerability on Micro Focus Secure Messaging Gateway SMG. Affecting all SMG Appliance running releases prior to July 2020. The vulnerability could allow a logged in user with rights to generate DKIM key information to inject system commands into the call to the DKIM syst...
CVE-2020-11852
CVE-2020-11852 is a command-injection vulnerability in Micro Focus Secure Messaging Gateway (SMG) affecting the DKIM key management page. The issue allows a logged-in user with rights to generate DKIM key information to inject system commands into the DKIM system command call. Affected are SMG Ap...
CVE-2020-7352
The GalaxyClientService component of GOG Galaxy runs with elevated SYSTEM privileges in a Windows environment. Due to the software shipping with embedded, static RSA private key, an attacker with this key material and local user permissions can effectively send any operating system command to the...
CVE-2020-7356 Cayin xPost SQL Injection
CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Input passed via the GET parameter 'wayfinderseqid' in wayfindermeetinginput.jsp is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injectin...
CVE-2020-7352 GOG Galaxy GalaxyClientService Privilege Escalation
The GalaxyClientService component of GOG Galaxy runs with elevated SYSTEM privileges in a Windows environment. Due to the software shipping with embedded, static RSA private key, an attacker with this key material and local user permissions can effectively send any operating system command to the...
Eaton Intelligent Power Manager system_srv Command Injection (CVE-2020-6651)
A command injection vulnerability exists in Eaton Intelligent Power Manager. The vulnerability is due to a lack of validation of a user-supplied string in requests handled by systemsrv.js before using it to execute a system command...
Cayin Digital Signage System xPost 2.5 Pre-Auth SQLi Remote Code Execution
Summary CAYIN xPost is the web-based application software, which offers a combination of essential tools to create rich contents for digital signage in different vertical markets. It provides an easy-to-use platform for instant data entry and further extends the usage of CAYIN SMP players to meet...
IBM Security Guardium OS Command Injection Vulnerability (CNVD-2020-32648)
IBM Security Guardium is a suite of platforms from IBM in the United States that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. IBM Security Guardium suffers from an operating system command injecti...
PT-2020-15410 · Jenkins · Jenkins Selenium Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Selenium Plugin versions 3.141.59 and earlier Description: The issue concerns a lack of CSRF protection for HTTP endpoints in the Jenkins Selenium Plugin, allowing attackers to perform administrative actions. Specifically, this enable...
Cisco Firepower Threat Defense Software Shell Access Vulnerability
A vulnerability in the support tunnel feature of Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to access the shell of an affected device even though expert mode is disabled. The vulnerability is due to improper configuration of the support tunnel feature...
Fedora 30 : php (2020-96cb012029)
PHP version 7.3.17 16 Apr 2020 Core: - Fixed bug php79364 When copy empty array, next key is unspecified. cmb - Fixed bug php78210 Invalid pointer address. cmb, Nikita CURL: - Fixed bug php79199 curlcopyhandle memory leak. cmb Date: - Fixed bug php79396 DateTime hour incorrect during DST jump...
NETGEAR D3600, D6000 and XR500 OS Command Injection Vulnerability (CNVD-2020-27256)
NETGEAR XR500 and others are products of NETGEAR Corporation.NETGEAR XR500 is a wireless router.NETGEAR D3600 is a wireless modem.NETGEAR D6000 is a wireless modem.NETGEAR XR500 is a wireless router.NETGEAR XR500 is a wireless router.NETGEAR XR500 is a wireless router.NETGEAR XR500 is a wireless...