CVE-2021-29393

The CVE-2021-29393 entry concerns Northstar Club Management 6.3. Affected component: web interfaces cominput.jsp and comoutput.jsp. Root cause: unsanitized user-controlled parameters command and commandvalues enable an OS command injection, allowing remote unauthenticated users to inject and exec...

CVE-2021-40410

An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.13620121102. At 4 the dnsdata-dns1 variable, that has the value of the dns1 parameter provided through the SetLocal API, is not validated properly. This would lead to an OS command...

gegl: shell expansion via a crafted pathname

Due to the use of the system command in the Magick-Load op used by gegl an attacker is able to craft a command line path that is able to lead to the execution of arbitrary shell commands that impacts availability, confidentiality and integrity...

Security Bulletin: IBM FileNet Content Manager Operating System command injection security vulnerability

Summary FileNet Content Manager component Administration Console for Content Platform Engine ACCE user Operating System command injection security vulnerability Vulnerability Details CVEID: CVE-2021-38965 DESCRIPTION: IBM FileNet Content Manager could allow a remote authenticated attacker to...

Lantronix PremierWave 2050 OS Command Injection Vulnerability (CNVD-2022-04975)

The Lantronix PremierWave 2050 is an embedded Wi-Fi module manufactured by Lantronix. The Lantronix PremierWave 2050 is vulnerable to an operating system command injection vulnerability that could be exploited by an attacker to cause arbitrary command execution in the "EC keypasswd" parameter wit...

SAP NetWeaver AS 操作系统命令注入漏洞

SAP NetWeaver AS is a SAP network application server from SAP. It not only provides network services, but is also the basic platform for SAP software. SAP NetWeaver AS ABAP suffers from an operating system command injection vulnerability that originates from allowing an attacker with elevated...

PT-2021-15419

Name of the Vulnerable Software and Affected Versions Atlassian Confluence versions prior to 7.4.11 Atlassian Confluence versions 7.3.0 through 7.3.6 Atlassian Confluence versions 7.0.0 through 7.0.14 Atlassian Confluence versions 6.13.0 through 6.15.9 Description The issue allows authenticated...

Lantronix PremierWave 2050 OS Command Injection Vulnerability (CNVD-2022-04980)

The Lantronix PremierWave 2050 is an embedded enterprise Wi-Fi module from Lantronix, Inc. The Lantronix PremierWave 2050 is vulnerable to an operating system command injection vulnerability that could be exploited by attackers to cause arbitrary command execution...

Lantronix PremierWave 2050 OS Command Injection Vulnerability

The Lantronix PremierWave 2050 is an embedded enterprise Wi-Fi module from Lantronix, Inc. The Lantronix PremierWave 2050 is vulnerable to an operating system command injection vulnerability that could be exploited by attackers to cause arbitrary command execution...

PT-2021-22546

Name of the Vulnerable Software and Affected Versions: ohmyzsh affected versions not specified Description: The issue concerns Improper Neutralization of Special Elements used in an OS Command. Recommendations: At the moment, there is no information about a newer version that contains a fix for...

VulnCheck KEV: CVE-2016-11021

setSystemCommand on D-Link DCS-930L devices allows a remote attacker to execute code via an OS command...

Open Game Panel 操作系统命令注入漏洞

Open Game Panel is an open source game server control panel. It uses a web interface PHP/MySQL to control the agent Perl running on the server hosting the game. It is used to start/stop/monitor game server instances. A security vulnerability exists in Open Game Panel OGP-Agent-Linux, which stems...

Microsoft OMI Management Interface Authentication Bypass

By removing the authentication exchange, an attacker can issue requests to the local OMI management socket that will cause it to execute an operating system command as the root user. This vulnerability was patched in OMI version 1.6.8-1 released September 8th 2021. Module Options msf use...

Microsoft OMI Management Interface Authentication Bypass Exploit

By removing the authentication header, an attacker can issue an HTTP request to the OMI management endpoint that will cause it to execute an operating system command as the root user. This vulnerability was patched in OMI version 1.6.8-1 released September 8th 2021. This module requires Metasploi...

CVE-2021-22037

Under certain circumstances, when manipulating the Windows registry, InstallBuilder uses the reg.exe system command. The full path to the command is not enforced, which results in a search in the search path until a binary can be identified. This makes the installer/uninstaller vulnerable to Path...

Microsoft OMI Management Interface Authentication Bypass

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/SCXOperatingSystem' .freeze def initializeinfo = super updateinfo info, 'Name' = 'Microsoft OMI...

Code Injection in zoujingli/thinkadmin

Description remote code execution Proof of Concept Bellow request is vulnerable to arbitary system command injection .\ During file upload it does not properly check file upload which allow to upload php file and this php file will execute system command POST /admin/api.upload/file.html HTTP/2...

Fortinet FortiClient 操作系统命令注入漏洞

Fortinet FortiClient is a structured agent from Fortinet, Inc. It is used to provide protection, compliance, and secure access in a single modular lightweight client. Fortinet FortiClient suffers from an operating system command injection vulnerability that can be exploited by an unauthenticated,...

Aruba Networks Aruba Operating System 命令注入漏洞

Aruba Operating System is the operating system for Aruba Controller-managed wireless LANs and Aruba Mobility Controllers from Aruba Networks, Inc. A command injection vulnerability exists in the Aruba Operating System that can be exploited by an attacker to trigger remote command execution via th...

CVE-2021-34066

An issue was discovered in EdgeGallery/developer before v1.0. There is a "Deserialization of yaml file" vulnerability that can allow attackers to execute system command through uploading the malicious constructed YAML file...