CVE-2022-29592

Tenda TX9 Pro 22.03.02.10 devices allow OS command injection via setroute called by doSystemCmdroute...

Yokogawa Electric和Yokogawa Electric CENTUM VP 操作系统操作系统命令注入漏洞

Yokogawa Electric is a server from Yokogawa, Japan.Yokogawa Electric CENTUM VP is a CENTUM distributed control system from Yokogawa Electric, Japan. Setting high standards for engineering and technical excellence while ensuring backward compatibility with previous system versions and support for...

UIC-DATA ONU4FERW 命令注入漏洞

C-DATA ONU4FERW is used for data management.C-DATA ONU4FERW is vulnerable to OS command injection, which can be exploited by attackers to execute arbitrary commands via the FormImportomCashell function...

GHSA-4V9W-PVWR-38H3 OS Command Injection in strong-nginx-controller

strong-nginx-controller through 1.0.2 is vulnerable to Command Injection. It allows execution of arbitrary command as part of the 'nginxCmd' function...

TP-Link TL-WR802N V4(JP) vulnerable to OS command injection

Overview TP-Link TL-WR802N is a wifi router for home networks. The firmware version 170705 is reported vulnerable to OS command injection CWE-78. Impact Any user who can login to the web interface of the affected product may execute any OS commands. Solution Update the Firmware Update to the late...

Lantronix PremierWave 2050 操作系统命令注入漏洞

The Lantronix PremierWave 2050 is an embedded enterprise Wi-Fi module from Lantronix, Inc. Used to provide reliable and always-on 5G Wi-Fi connectivity, the Lantronix PremierWave 2050 version 8.9.0.0R4 is vulnerable to an operating system command injection vulnerability that can be exploited by...

Git 操作系统命令注入漏洞

Git-it is a free, open-source distributed version control system. Git-it is vulnerable to an OS command injection vulnerability that could be exploited by an attacker to inject OS commands during the Branches Arent For Birds challenge step...

Lantronix PremierWave 2050 操作系统命令注入漏洞

The Lantronix PremierWave 2050 is an embedded enterprise Wi-Fi module from Lantronix, Inc. Used to provide reliable and always-on 5G Wi-Fi connectivity, the Lantronix PremierWave 2050 in version 8.9.0.0R4 is vulnerable to OS command injection, which can be exploited by attackers to execute...

Catalyst IT Mahara 操作系统命令注入漏洞

Catalyst IT Mahara is a social networking system from Catalyst IT in New Zealand. The system includes a blog, resume builder, file manager, and more. Mahara suffers from an operating system command injection vulnerability that can be exploited to conduct cross-site scripting attacks via the...

Exploit for OS Command Injection in Dlink Dir-859_Firmware

IoT-vulhub 受 Vulhub 项目的启发，希望做一个 IoT 版的固件漏洞复现环境。 安装 在 Ubuntu 20.04 下安装 docker 和 docker-compose： sh 安装 pip $ curl -s https://bootstrap.pypa.io/get-pip.py | python3 安装最新版 docker $ curl -s https://get.docker.com/ | sh 启动 docker 服务 $ systemctl start docker 安装 docker-compose $ python3 -m pip install...

多款Altus Sistemas de Automacao产品操作系统操作系统命令注入漏洞

The Altus Sistemas de Automacao Nexto NX30xx, among others, is an industrial automation device from the Brazilian company Altus Sistemas de Automacao. An operating system command injection vulnerability exists in several Altus Sistemas de Automacao devices. The vulnerability stems from the tcpdum...

VulnCheck KEV: CVE-2021-25298

Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server...

Cisco 多款产品操作系统命令注入漏洞

Cisco DNA Spaces is a set of indoor location services platform of the United States Cisco Cisco. An operating system command injection vulnerability exists in Cisco DNA Spaces Connector versions prior to 2.3.1, which can be exploited by an attacker to execute arbitrary operating system commands o...

iWT FaceSentry Access Control System 操作系统命令注入漏洞

iWT FaceSentry Access Control System is an iWT open source application. It provides an access control function. iWT FaceSentry Access Control System 6.4.8 suffers from an operating system command injection vulnerability that allows injection of authenticated OS commands using default credentials...

baserCMS 操作系统命令注入漏洞

BaserCMS is an open source enterprise-level content management system cms. An OS command injection vulnerability exists in BaserCMS versions prior to 4.4.5. A remote attacker with administrator privileges can exploit this vulnerability to execute arbitrary OS commands...

Npm port-killer 操作系统命令注入漏洞

Npm port-killer is an application from Npm. It provides a function to terminate a process running on a given port. An operating system command injection vulnerability exists in Npm port-killer, which uses sub-processes to execute functions without input checking...

react-dev-utils 操作系统命令注入漏洞

Helper create-react-app is Helper open source an application . It is used to hide code that should not burden the user when popping up. react-dev-utils prior to v11.0.4 An operating system command injection vulnerability exists, which stems from the fact that command injection is possible when th...

Kazi Mehedi docker-web-gui 操作系统命令注入漏洞

Kazi Mehedi docker-web-gui is Kazi Mehedi an open source application . It provides a simple GUI interface for Docker containers. rakibtg Docker Dashboard suffers from an operating system command injection vulnerability that allows commands to be injected into the backend tool terminal.js via shel...

Nozomi Networks CMC Operating System Command Injection Vulnerability

NOZOMI Nozomi Networks CMC is an application from NOZOMI USA. It provides centralized OT and IoT security management. Nozomi Networks CMC 20.0.7.3 version 20.0.7.3 and prior versions An operating system command injection vulnerability exists that allows an authenticated administrator to perform...

Infoscience Logstorage and Infoscience ELC Analytics Operating System Command Injection Vulnerability

Infoscience Logstorage and Infoscience ELC Analytics are both products of Infoscience Japan.Infoscience Logstorage is an integrated log management tool. The device collects logs from all company information systems for integrated management.Infoscience ELC Analytics is a server log management too...