Exploit for Expression Language Injection in Vmware Spring_Cloud_Gateway

漏洞简介 Spring Cloud Gateway 是 Spring Cloud 的一个全新项目，该项目是基于 Spring 5.0，Spring Boot 2.0 和 Project Reactor 等技术开发的网关，它旨在为微服务架构提供一种简单有效的统一的API路由管理方式。 前段时间springCloud Gateway被爆致命RCE CVE ,cve信息显示当应用程序启用和暴露Spring Cloud Gateway的Gateway Actuator endpoint时，会受到远程代码注入攻击，攻击者发送恶意请求从而可远程执行任意代码。目前受影响的版本如下： 3.1.0 3.0...

Delta Electronics DIAEnergie SQL Injection Vulnerability (CNVD-2022-27555)

Delta Electronics DIAEnergie is an industrial energy management system used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency.Delta Electronics...

Delta Electronics DIAEnergie SQL Injection Vulnerability (CNVD-2022-27439)

Delta Electronics DIAEnergie is an industrial energy management system used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency.Delta Electronics...

Netcommunity OG410X and OG810X VoIP gateway/Hikari VoIP adapter for business offices vulnerable to OS command injection

Overview Netcommunity OG410X and OG810X series provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION and NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contain an OS command injection vulnerability CWE-78, CVE-2022-22986. Chuya Hayakawa of 00One, Inc. reported this vulnerability to NTT Eas...

多款 Nippon Telegraph and Telephone West Corporation 产品操作系统命令注入漏洞

Nippon Telegraph and Telephone West Corporation Netcommunity OG410Xa and others are a type of firmware from Nippon Telegraph and Telephone West Corporation, Japan. A security vulnerability exists in several Nippon Telegraph and Telephone West Corporation products that originates from a system...

Delta Electronics DIAEnergie SQL注入漏洞

Delta Electronics DIAEnergie is an industrial energy management system used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency.Delta Electronics...

CVE-2021-36100

Specially crafted string in OTRS system configuration can allow the execution of any system command...

CVE-2021-36100

Specially crafted string in OTRS system configuration can allow the execution of any system command...

Command injection

Specially crafted string in OTRS system configuration can allow the execution of any system command...

CVE-2021-36100

Specially crafted string in OTRS system configuration can allow the execution of any system command...

PT-2022-10485 · Otrs +3 · Otrs +3

Name of the Vulnerable Software and Affected Versions: OTRS versions affected versions not specified OTRS ITSM versions affected versions not specified OTRS Storm versions affected versions not specified Description: The issue allows the execution of any system command through a specially crafted...

PT-2022-15319 · Unknown +1 · Sma 100 Series +1

Name of the Vulnerable Software and Affected Versions: SRA versions 8.x through 9.0.0.5-19sv SMA 100 series products versions 9.0.0.9-26sv and earlier Description: The issue is related to improper neutralization of special elements, leading to an OS Command Injection. This affects end-of-life...

CVE-2020-12775

Hicos citizen certificate client-side component does not filter special characters for command parameters in specific web URLs. An unauthenticated remote attacker can exploit this vulnerability to perform command injection attack to execute arbitrary system command, disrupt system or terminate...

CVE-2020-12775 Hicos citizen certificate client-side component - Command Injection

Hicos citizen certificate client-side component does not filter special characters for command parameters in specific web URLs. An unauthenticated remote attacker can exploit this vulnerability to perform command injection attack to execute arbitrary system command, disrupt system or terminate...

jenkins-2-plugins/docker-commons: does not sanitize the name of an image or a tag which could result in an OS command execution

An OS command execution vulnerability was found in the Jenkins Docker Commons plugin. Due to a lack of sanitization in the name of an image or a tag, an attacker with Item/Configure permission or the ability to control the contents of a previously configured job’s SCM repository may be able to...

The vulnerability of the libsal.so file in Zyxel GS1900 series switch software allows a hacker to execute arbitrary commands.

The vulnerability of the libsal.so file in Zyxel GS1900 series switch software lies in the lack of measures taken to neutralize special elements. Exploiting this vulnerability allows an attacker to execute arbitrary OS commands through the graphical interface...

jenkins-2-plugins/docker-commons: does not sanitize the name of an image or a tag which could result in an OS command execution

An OS command execution vulnerability was found in the Jenkins Docker Commons plugin. Due to a lack of sanitization in the name of an image or a tag, an attacker with Item/Configure permission or the ability to control the contents of a previously configured job’s SCM repository may be able to...

Jenkins Pipeline: Multibranch Plugin 操作系统命令注入漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. Jenkins Pipeline:...

CVE-2022-23340

Joplin 2.6.10 allows remote attackers to execute system commands through malicious code in user search results...

Joplin 代码问题漏洞

Joplin is an open source notes and to-do list application. A code issue vulnerability exists in Joplin, which arises from a product that allows execution of system commands via malicious code in user search results. The following products and versions are affected: Joplin version 2.6.10...