CVE-2021-33885

An Insufficient Verification of Data Authenticity vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows a remote unauthenticated attacker to send the device malicious data that will be used in place of the correct data. This results in full system command access and execution because of...

CVE-2021-41738

ZeroShell 3.9.5 has a command injection vulnerability in /cgi-bin/kerbynet IP parameter, which may allow an authenticated attacker to execute system commands...

CVE-2020-29390

Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet StartSessionSubmit parameter that could allow an unauthenticated attacker to execute a system command by using shell metacharacters and the %0a character...

CVE-2019-14514

An issue was discovered in Microvirt MEmu all versions prior to 7.0.2. A guest Android operating system inside the MEmu emulator contains a /system/bin/systemd binary that is run with root privileges on startup this is unrelated to Red Hat's systemd init program, and is a closed-source proprietar...

CVE-2019-15708

A system command injection vulnerability in the FortiAP-S/W2 6.2.1, 6.2.0, 6.0.5 and below, FortiAP 6.0.5 and below and FortiAP-U below 6.0.0 under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted ifconfig commands...

CVE-2019-16733

processCommandSetUid in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user...

CVE-2019-17270

Yachtcontrol through 2019-10-06: It's possible to perform direct Operating System commands as an unauthenticated user via the "/pages/systemcall.php?command=COMMAND" page and parameter, where COMMAND will be executed and returning the results to the client. Affects Yachtcontrol webservers disclos...

CVE-2012-3501

The squidclamavcheckpreviewhandler function in squidclamav.c in SquidClamav 5.x before 5.8 and 6.x before 6.7 passes an unescaped URL to a system command call, which allows remote attackers to cause a denial of service daemon crash via a URL with certain characters, as demonstrated using %0D or %...

Cisco Unified Communications 安全漏洞

Cisco Unified Communications is an enterprise call control and session management platform from Cisco USA that connects people anywhere using any device. A security vulnerability exists in Cisco Unified Communications that stems from excessive system command privileges, which could lead to elevat...

xterm: code execution via OSC 50 input sequences

A flaw was found in xterm. This issue may allow code execution via font ops...

F5 iControl REST和F5 BIG-IP TMOS Shell 命令注入漏洞

F5 iControl REST and F5 BIG-IP TMOS Shell are both products of F5 Corporation, U.S.A. F5 iControl REST is a development framework. and F5 BIG-IP TMOS Shell is a command line. A command injection vulnerability exists in F5 iControl REST and F5 BIG-IP TMOS Shell that stems from command injection an...

CicadasCMS 命令注入漏洞

CicadasCMS is a content management framework based on SpringBoot Mybatis SpringSecurity Vue developed by westboy individual developer in China. A command injection vulnerability exists in CicadasCMS version 2.0, which stems from an os command injection issue in the schedule component of file...

CVE-2025-2947

IBM i 7.6 contains a privilege escalation vulnerability due to incorrect profile swapping in an OS command. A malicious actor can use the command to elevate privileges to gain root access to the host operating system...

CVE-2025-2947

IBM i 7.6 contains a privilege escalation vulnerability due to incorrect profile swapping in an OS command. A malicious actor can use the command to elevate privileges to gain root access to the host operating system...

Security Bulletin: Multiple vulnerabilities in XCC affect Cloud Pak System

Summary Multiple vulnerabilities in XCC affect Cloud Pak System. Vulnerability Details CVEID:CVE-2024-8281 DESCRIPTION: Lenovo XClarity Controller could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by an input validation weakness. An attacker could...

ABB Cylon FLXeon 9.3.4 - Remote Code Execution (RCE)

Exploit title: ABB Cylon FLXeon 9.3.4 - Remote Code Execution RCE Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: FLXeon Series FBXi Series, FBTi Series, FBVi Series CBX Series FLX Series CBT Series CBV Series Firmware: =9.3.4 Summary: BACnet® Smart Building Controller...

Inaba Denki Sangyo Wi-Fi AP UNIT 操作系统命令注入漏洞

The Inaba Denki Sangyo Wi-Fi AP UNIT is a Wi-Fi AP unit from Inaba Denki Sangyo, a Japanese company. An operating system command injection vulnerability exists in Inaba Denki Sangyo Wi-Fi AP UNIT v2.0.03P and prior versions, which stems from a service-specific operating system command injection...

Fortinet FortiIsolator 操作系统命令注入漏洞

Fortinet FortiIsolator is a Fortinet application that provides remote security isolation capabilities for browsers. The application adds additional advanced threat protection capabilities to the Fortinet Security Fabric and protects critical business data from sophisticated threats on the Web...

Exploit for Out-of-bounds Write in Gibbonedu Gibbon

CVE-2023-45878 GibbonEdu Arbitrary File Write to Web Shell...

CVE-2025-24377

Dell Unity, versions 5.4 and prior, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of privileges...