KylinSoft kylin-software-properties 操作系统命令注入漏洞

KylinSoft kylin-software-properties is an application from KylinSoft China. An OS command injection vulnerability exists in KylinSoft kylin-software-properties versions prior to 0.0.1-130. An attacker could exploit this vulnerability to perform os command injection attacks...

Command injection

Hitron CODA-5310 has insufficient filtering for specific parameters in the connection test function. A remote attacker authenticated as an administrator, can use the management page to perform command injection attacks, to execute arbitrary system command, manipulate system or disrupt service...

CVE-2022-47616 Hitron Technologies Inc. CODA-5310 - Remote Command Execution

Hitron CODA-5310 has insufficient filtering for specific parameters in the connection test function. A remote attacker authenticated as an administrator, can use the management page to perform command injection attacks, to execute arbitrary system command, manipulate system or disrupt service...

CVE-2022-46361 Physical access to the WDM enables use of USB device to gain access to the WDM

An attacker having physical access to WDM can plug USB device to gain access and execute unwanted commands. A malicious user could enter a system command along with a backup configuration, which could result in the execution of unwanted commands. This issue affects OneWireless all versions up to...

CVE-2023-2868 Remote Code injection in Barracuda Email Security Gateway

A remote command injection vulnerability exists in the Barracuda Email Security Gateway appliance form factor only product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file tape archives. The vulnerability ste...

Input validation

cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. If you use the Backend Error Handler beh to create an accessible network printer, this security vulnerability can cause remote code execution. beh.c...

多款WAGO产品操作系统命令注入漏洞

WAGO PFC100 is a programmable logic controller PLC.WAGO Compact Controller CC100 is a compact controller.WAGO Edge Controller is an edge controller.WAGO Compact Controller CC100 is a programmable logic controller PLC.WAGO Edge Controller is an edge controller.WAGO Compact Controller CC100 is a...

CVE-2023-29944

Metersphere v1.20.20-lts-79d354a6 is vulnerable to Remote Command Execution. The system command reverse-shell can be executed at the custom code snippet function of the metersphere system workbench...

Command injection

Metersphere v1.20.20-lts-79d354a6 is vulnerable to Remote Command Execution. The system command reverse-shell can be executed at the custom code snippet function of the metersphere system workbench...

CVE-2023-29944

Metersphere v1.20.20-lts-79d354a6 is vulnerable to Remote Command Execution. The system command reverse-shell can be executed at the custom code snippet function of the metersphere system workbench...

CVE-2023-29944

Metersphere v1.20.20-lts-79d354a6 is vulnerable to Remote Command Execution. The system command reverse-shell can be executed at the custom code snippet function of the metersphere system workbench...

CVE-2023-28716

CVE-2023-28716 affects mySCADA myPRO 8.26.0 and earlier. Affected component: parameters handling in myPRO that allow an authenticated user to inject arbitrary operating system commands (OS command injection). Root cause: improper validation/handling of command-related parameters leading to code e...

Aigital Wireless-N Repeater Mini_Router 安全漏洞

Aigital Wireless-N Repeater Mini-Router is a wireless router repeater from Aigital. A security vulnerability exists in Aigital Wireless-N Repeater MiniRouter version v0.131229, which stems from the discovery of a Remote Code Execution RCE vulnerability via the sysCmd parameter in the formSysCmd...

Arbitrary Code Execution in Apache BRPC

Description BRPC is an Industrial-grade RPC framework using C++ Language, which is often used in high performance system such as Search, Storage, Machine learning, Advertisement, Recommendation etc. In server.cpp there are function call to wordexp, it used for expanding path from user input. Due ...

CVE-2023-28122

A local privilege escalation LPE vulnerability in UI Desktop for Windows Version 0.59.1.71 and earlier allows a malicious actor with local access to a Windows device running said application to submit arbitrary commands as SYSTEM.This vulnerability is fixed in Version 0.62.3 and later...

Command injection

A CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that allows a local privilege escalation on the appliance when a maliciously crafted Operating System command is entered on the device. Affected products: StruxureWare Data Cent...

CVE-2023-25554

A CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that allows a local privilege escalation on the appliance when a maliciously crafted Operating System command is entered on the device. Affected products: StruxureWare Data Cent...

CVE-2023-29006

The Order GLPI plugin allows users to manage order management within GLPI. Starting with version 1.8.0 and prior to versions 2.7.7 and 2.10.1, an authenticated user that has access to standard interface can craft an URL that can be used to execute a system command. Versions 2.7.7 and 2.10.1 conta...

Design/Logic Flaw

The Order GLPI plugin allows users to manage order management within GLPI. Starting with version 1.8.0 and prior to versions 2.7.7 and 2.10.1, an authenticated user that has access to standard interface can craft an URL that can be used to execute a system command. Versions 2.7.7 and 2.10.1 conta...

CVE-2023-29006 Order GLPI plugin vulnerable to remote code execution from authenticated user

The Order GLPI plugin allows users to manage order management within GLPI. Starting with version 1.8.0 and prior to versions 2.7.7 and 2.10.1, an authenticated user that has access to standard interface can craft an URL that can be used to execute a system command. Versions 2.7.7 and 2.10.1 conta...