Q: What is the Command Injection Vulnerability? A: As stated in Hikvision official HSRC-202109-01 Security Notification, a Command Injection Vulnerability was found in the web server of some Hikvision products. Due to an insufficient ...
A vulnerability in the CLI of Cisco IOS XR 64-Bit Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges on the underlying Linux operating system (OS) of an affected device. This vulnerab
Command Injection in /bin/protest AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H (7.8/7.1) The /bin/protest binary on various D-Link router firmware images is vulnerable to command injection. This allows an authenticated attacker to execute arbitrary shell commands
There is a command injection vulnerability in CMA service module of FusionCompute product when processing the default certificate file. The software constructs part of a command using external special input from users, but the software does not sufficiently validate the user input. Successful exploit co...
Summary There is a command injection vulnerability in Huawei products. A module does not verify specific input sufficiently. Attackers can exploit this vulnerability by sending malicious parameters to inject command. This can compromise normal service. (Vulnerability ID: HWPSIRT-2020-96403) ...
A vulnerability in the Device Manager application of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to inject arbitrary commands on the affected device. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vu...
Potential Impact:Command Injection Severity:High Scope of Impact:Lenovo-specific CVE Identifier:CVE-2021-3723 Summary Description: A command injection vulnerability was reported in the Integrated Management Module (IMM) of legacy IBM System x 3550 M3 and IBM System x 3650 M3 servers that could allow...
(parameter injection). This problem alone does not yet allow command execution, as the values are appropriately escaped. The parameter injection has been fixed all across Composer with help by Thomas Chauchefoin fromSonarSourceby separating positional command arguments from options with the--separator...
arguments to a command line program to authenticate the user. A lack of data validation and the mechanism in which the external program is spawned results in the potential for command injection and arbitrary command execution on the Access Gateway. ...
At the beginning of September 2019, we responded to the Nexus Repository Manager 2.x command injection vulnerability (CVE-2019-5475). The general reason and steps for recurrence are onHackerone. It was announced that after emergency response to this vulnerability, we analyzed the p...