OS command injection vulnerability exists in ELECOM wireless LAN products. A crafted request from a logged-in user may lead to an arbitrary OS command execution.
OS Command Injection in iSTAR Ultra products web application allows an authenticated attacker to gain even more privileged access ('root' user) to the device firmware.
An OS command injection vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to execute an arbitrary OS command.
An OS command injection vulnerability exists in XWEB Pro version 1.12.1
and prior, enabling an authenticated attacker to achieve remote code
execution on the system by modifying malicious input inje
The affected product is vulnerable to an attacker being able to use commands without providing a password which may allow an attacker to leak information.
A vulnerability in the command line interface of AOS-CX Switches could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.
A vulnerability in the CLI of Cisco Secure Firewall Management Center (FMC) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arb
RaspAP raspap-webgui versions prior to 3.3.6 contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed by a user who can log in to the product.
Due to an OS Command Execution vulnerability in SAP Forecasting & Replenishment, an authenticated attacker with administrative authorizations could abuse a non-remote-enabled function to execute arbit
An attacker with knowledge of creating user accounts during VM deployment on Google Cloud Platform (GCP) using the OS Login feature, can login via SSH gaining command-line control of the operating sys
A physical attacker with no privileges can gain full control of the affected device due to improper neutralization of special elements used in an OS Command ('OS Command Injection') when loading a con
OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting uns
OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “Geo Administration” permissions to execute arbitrary commands on the Loa
A vulnerability in the command line interface of affected devices could allow an authenticated remote attacker to conduct a command injection attack. Successful exploitation could allow an attacker to
Administrative Management System from Wellchoose has an OS Command Injection vulnerability, allowing remote attackers with regular privileges to inject and execute arbitrary OS commands.
A remote unauthenticated attacker may be able to bypass authentication
by utilizing a specific API route to execute arbitrary OS commands.
Waybox Enel X web management application could be used to execute arbitrary OS commands and provide administrator’s privileges over the Waybox system.
A command injection vulnerability exists in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to place arbi
An OS command injection
vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an
authenticated attacker to achieve remote code execution on the system by
configuring a maliciously cr
An authenticated remote attacker with high privileges can exploit the OpenVPN configuration via the web-based management interface of a WAGO PLC. If user-defined scripts are permitted, OpenVPN may all