charlottensa.blogg.se

Nagios XI Switch Wizard before version 2.5.7 is vulnerable to remote code execution through improper neutralisation of special elements used in an OS Command (OS Command injection).ĭ-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to OS command injection. Nagios XI WatchGuard Wizard before version 1.4.8 is vulnerable to remote code execution through Improper neutralisation of special elements used in an OS Command (OS Command injection). Zoho ManageEngine ADManager Plus version 7110 and prior has a Post-Auth OS command injection vulnerability.

Network Attached Storage on LG N1T1*** 10124 devices allows an unauthenticated attacker to gain root access via OS command injection in the en/ajp/plugins/access.ssh/checkInstall.php destServer parameter. If you are eligible, please update to the new version as soon as possible.Ī SQL Injection in the custom filter query component in Genesys intelligent Workload Distribution (IWD) 9.0.017.07 allows an attacker to execute arbitrary SQL queries via the value attribute, with which all data in the database can be extracted and OS command execution is possible depending on the permissions and/or database engine.Ī SQL Injection in the custom filter query component in Genesys intelligent Workload Distribution (IWD) before 9.0.013.11 allows an attacker to execute arbitrary SQL queries via the ql_expression parameter, with which all data in the database can be extracted and OS command execution is possible depending on the permissions and/or database engine. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. Users with permissions to upload files may upload crafted zip files which may execute arbitrary commands on the host operating system.

There is a Potential Zip Slip Vulnerability and OS Command Injection Vulnerability on the management system of baserCMS. OS Command Injection vulnerability in debug_fcgi of D-Link DWR-932C E1 firmware allows a remote attacker to perform command injection via a crafted HTTP request. During the verification process, it attempts to run the reflog command followed by the current branch name (which is not sanitized for execution). Git-it through 4.4.0 allows OS command injection at the Branches Aren't Just For Birds challenge step.