CVE-2023-48804

In TOTOLINK X6000R V9.4.0cu.852B20230719, the shttpd file, sub4119A0 function obtains fields from the front-end through Uci Set The Str function when passed to the CsteSystem function creates a command execution vulnerability...

zenstruck collections 注入漏洞

zenstruck collections is a set of helpers for iterating/paging/filtering collections from the zenstruck project. An injection vulnerability exists in zenstruck collections that stems from passing callable strings e.g., system leading to function execution...

SUSE CVE-2007-2438

The sandbox for vim allows dangerous functions such as 1 writefile, 2 feedkeys, and 3 system, which might allow user-assisted attackers to execute shell commands and write files via modelines...

SUSE CVE-2008-2712

Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using 1 filetype.vim, 3 xpm.vim, 4 gzipvim, and 5 netrw. NOTE: the...

SUSE CVE-2008-3076

The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within the 1 mz and 2 mc commands, as demonstrated by the netrw.v2 and netrw.v3 test cases. NOTE: this issue...

SUSE CVE-2016-7032

sudonoexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the 1 system or 2 popen function...

EasyNAS 操作系统命令注入漏洞

EasyNAS is an EasyNAS open source storage management system for the home or small office. A command injection vulnerability exists in EasyNAS version 1.1.0, which stems from a problem with the function system of the file /backup.pl that can lead to operating system command injection...

Design/Logic Flaw

OrangeScrum version 2.0.11 allows an authenticated external attacker to execute arbitrary commands on the server. This is possible because the application injects an attacker-controlled parameter into a system function...

CVE-2023-0164

OrangeScrum version 2.0.11 allows an authenticated external attacker to execute arbitrary commands on the server. This is possible because the application injects an attacker-controlled parameter into a system function...

PT-2023-16050 · Unknown · Orangescrum

Name of the Vulnerable Software and Affected Versions: OrangeScrum version 2.0.11 Description: The issue allows an authenticated external attacker to execute arbitrary commands on the server. This is possible because the application injects an attacker-controlled parameter into a system function...

CVE-2022-4515

A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags in sort.c calls the system3...

Design/Logic Flaw

A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags in sort.c calls the system3...

CVE-2022-4515

A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags in sort.c calls the system3...

CVE-2022-37254

DolphinPHP 1.5.1 is vulnerable to Cross Site Scripting XSS via Background - System - system function - configuration management...

Cross site scripting

DolphinPHP 1.5.1 is vulnerable to Cross Site Scripting XSS via Background - System - system function - configuration management...

Remote Code Execution due to code injection

Description RCE in CP ADMIN site structure it needs admin privilege Because of the typo in the sanitization. Anyone who has admin privilege can edit “site structure”, bypass it and execute php code. And we can execute system or other system function by php, so that's a RCE vulnerability. And next...

Code injection in grav

Grav is vulnerable to Server Side Template Injection via Twig. According to a previous vulnerability report, Twig should not render dangerous functions by default, such as system...

Exploit for CVE-2022-28590

CVE-2022-28590 The original discovery and manual PoC is from...

CVE-2021-44882

D-Link device DIR878FW1.30B08Hotfix02 was discovered to contain a command injection vulnerability in the twsystem function. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request...

Command injection

D-Link devices DIR878 DIR878FW1.30B08Hotfix02 and DIR882 DIR882FW1.30B06Hotfix02 were discovered to contain a command injection vulnerability in the system function. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request...