CVE-2023-36922

Due to programming error in function module and report, IS-OIL component in SAP ECC and SAP S/4HANA allows an authenticated attacker to inject an arbitrary operating system command into an unprotected parameter in a common default extension. On successful exploitation, the attacker can read or...

Design/Logic Flaw

Due to programming error in function module and report, IS-OIL component in SAP ECC and SAP S/4HANA allows an authenticated attacker to inject an arbitrary operating system command into an unprotected parameter in a common default extension. On successful exploitation, the attacker can read or...

CVE-2023-36922

The CVE-2023-36922 entry concerns SAP ECC/SAP S/4HANA IS-OIL with a programming error in the function module and report that permits an authenticated attacker to inject an arbitrary operating system command into an unprotected parameter of a common extension. Exploitation can allow reading/modify...

Apache Kylin vulnerable to remote code execution

Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of “-- conf=” to inject any operating system command into the comma...

Command injection

An OS common injection vulnerability exists in the ESM certificate API, whereby incorrectly neutralized special elements may have allowed an unauthorized user to execute system command injection for the purpose of privilege escalation or to execute arbitrary commands...

CVE-2023-3313

An OS common injection vulnerability exists in the ESM certificate API, whereby incorrectly neutralized special elements may have allowed an unauthorized user to execute system command injection for the purpose of privilege escalation or to execute arbitrary commands...

CVE-2023-36143

Maxprint Maxlink 1200G v3.4.11E has an OS command injection vulnerability in the "Diagnostic tool" functionality of the device...

The vulnerability of the software for processing, transforming, and generating documents using Ghostscript exists due to the lack of measures taken to eliminate the special elements used in the operating system command. This allows a perpetrator to execute arbitrary code.

The vulnerability of the software for processing, transforming, and generating Ghostscript documents exists because measures are not taken to eliminate the special elements used in the operating system command. Exploiting this vulnerability allows an attacker to execute arbitrary code by using th...

Amazon Linux 2023 : cups-filters, cups-filters-devel, cups-filters-libs (ALAS2023-2023-223)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-223 advisory. A vulnerability was found in cups-filters. This security flaw occurs if you use beh to create an accessible network printer, possibly resulting in remote code execution. CVE-2023-24805 Tenable has...

Ubuntu 16.04 ESM : cups-filters vulnerability (USN-6083-2)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-6083-2 advisory. USN-6083-1 fixed a vulnerability in cups-filters. This update provides the corresponding update for Ubuntu 16.04 LTS. Tenable has extracted the preceding...

CVE-2022-48472

A Huawei printer has a system command injection vulnerability. Successful exploitation could lead to remote code execution. Affected product versions include:BiSheng-WNM versions OTA-BiSheng-FW-2.0.0.211-beta,BiSheng-WNM FW 3.0.0.325,BiSheng-WNM FW 2.0.0.211...

CVE-2022-48472

CVE-2022-48472 concerns a system command injection in Huawei’s BiSheng-WNM printer line. Affected firmware/versions include OTA-BiSheng-FW-2.0.0.211-beta, BiSheng-WNM FW 3.0.0.325, and BiSheng-WNM FW 2.0.0.211. The vulnerability enables remote code execution via a crafted system command, as descr...

CVE-2022-48472

A Huawei printer has a system command injection vulnerability. Successful exploitation could lead to remote code execution. Affected product versions include:BiSheng-WNM versions OTA-BiSheng-FW-2.0.0.211-beta,BiSheng-WNM FW 3.0.0.325,BiSheng-WNM FW 2.0.0.211...

CVE-2022-48472

A Huawei printer has a system command injection vulnerability. Successful exploitation could lead to remote code execution. Affected product versions include:BiSheng-WNM versions OTA-BiSheng-FW-2.0.0.211-beta,BiSheng-WNM FW 3.0.0.325,BiSheng-WNM FW 2.0.0.211...

PT-2023-15805 · Unknown · Bisheng-Wnm Fw

Name of the Vulnerable Software and Affected Versions: BiSheng-WNM versions OTA-BiSheng-FW-2.0.0.211-beta through BiSheng-WNM FW 3.0.0.325 Description: A system command injection issue allows for remote code execution upon successful exploitation. Recommendations: For BiSheng-WNM versions...

Huawei BiSheng-WNM 操作系统命令注入漏洞

Huawei BiSheng-WNM is a Huawei printer from Huawei, a Chinese company. A security vulnerability exists in Huawei printer that stems from the presence of a system command injection vulnerability. Affected products and versions: Huawei BiSheng-WNM OTA-BiSheng-FW-2.0.0.211-beta, BiSheng-WNM FW versi...

LabCollector 代码问题漏洞

LabCollector is an all-in-one laboratory management platform from LabCollector, Inc. A security vulnerability exists in LabCollector versions 6.0 through 6.15. An attacker can exploit the vulnerability to upload executable PHP files and execute system commands...

PT-2023-3349 · Fortinet · Fortiadc

Name of the Vulnerable Software and Affected Versions: FortiADC versions 6.0 through 7.1.0 Description: The issue is related to an improper neutralization of special elements used in an OS command, which may allow a local and authenticated attacker to execute unauthorized commands via specificall...

PT-2023-3350 · Fortinet · Fortiadcmanager +1

Name of the Vulnerable Software and Affected Versions: FortiADC Manager versions prior to 7.1.0 FortiADC versions 7.0.0 through 7.1.2 FortiADC version 7.2.0 Description: The issue is related to the improper neutralization of special elements used in an operating system command, which can be...

KylinSoft kylin-software-properties 操作系统命令注入漏洞

KylinSoft kylin-software-properties is an application from KylinSoft China. An OS command injection vulnerability exists in KylinSoft kylin-software-properties versions prior to 0.0.1-130. An attacker could exploit this vulnerability to perform os command injection attacks...