A: As stated in Hikvision official HSRC-202109-01 Security Notification, a Command Injection Vulnerability was found in the web server of some Hikvision products. Due to an insufficient input validation, an attacker could potentially exploi...
A vulnerability in the software upgrade process of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker with valid Administrator credentials to execute a command injection attack on the underlying operating system of...
A vulnerability in specific REST API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to inject arbitrary commands on the underlying operating system with the privileges of the logged-in user. The vulnerability is due to insufficient validation of...
A vulnerability in the CLI of Cisco IOS XR 64-Bit Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges on the underlying Linux operating system (OS) of an affected device. This vulnerab
Severity:CRITICAL DESCRIPTION A command injection vulnerability exists in the DNS Tool of HP SiteScope allowing an attacker to execute arbitrary commands in the context of the service. TREND MICRO PROTECTION INFORMATION Apply associated Trend Micro DPI Rules. ...
Command Injection in /bin/protest AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H (7.8/7.1) The /bin/protest binary on various D-Link router firmware images is vulnerable to command injection. This allows an authenticated attacker to execute arbitrary shell commands
Cisco IOS XE Software Web UI Command Injection Vulnerability Medium Advisory ID: cisco-sa-iosxe-webcmdinjsh-UFJxTgZD First Published: 2021 March 24 16:00 GMT Last Updated: 2023 October 23 18:22 GMT Version 1.2: Final Workarounds:
A vulnerability in the Device Manager application of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to inject arbitrary commands on the affected device. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vu...
As seen from the exploit, the command injection vulnerability is possible due to the insufficient input validation of the 'mac' parameter. In the payload the value is appended to the 'mac' parameter . This value is a command injection attempt. This parameter value attempts to execute the 'tel...
Last Release Date: Jun 02, 2021 Summary There is a command injection vulnerability in Huawei products. A module does not verify specific input sufficiently. Attackers can exploit this vulnerability by sending malicious parameters to inject command. This can compromise normal service. (Vulnerability ID...