CVE-2020-24032

tz.pl on XoruX LPAR2RRD and STOR2RRD 2.70 virtual appliances allows cmd=set&tz=OS command injection via shell metacharacters in a timezone.

CVE-2014-4981

LPAR2RRD in 3.5 and earlier allows remote attackers to execute arbitrary commands due to insufficient input sanitization of the web GUI parameters.

CVE-2014-4982

LPAR2RRD ≤ 4.53 and ≤ 3.5 has arbitrary command injection on the application server.