Soliton Systems K.K FileZen contains an OS command injection vulnerability when an user logs-in to the affected product and sends a specially crafted HTTP request.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 12 of 46).
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 2 of 46).
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 27 of 46).
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 30 of 46).
An issue was discovered on D-Link DIR-823G devices with firmware 1.02B03. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the IPAddress or Gateway field to SetStaticRouteSettings.
In Loopchain through 2.2.1.3, an attacker can escalate privileges from a low-privilege shell by changing the environment (aka injection in the DEFAULT_SCORE_HOST environment variable).
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 23 of 46).
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 17 of 46).
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 41 of 46).
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the key passwd in Routing RIP Settings.
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the Private Port in Add Virtual Server.
In OrangeHRM 4.3.1 and before, there is an input validation error within admin/listMailConfiguration (txtSendmailPath parameter) that allows authenticated attackers to achieve arbitrary command execution.
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 14 of 46).
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 10 of 46).
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 6 of 46).
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 5 of 46).
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 43 of 46).
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 7 of 46).
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 25 of 46).
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 45 of 46).
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 11 of 46).
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 19 of 46).
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 20 of 46).
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 35 of 46).
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 18 of 46).
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 44 of 46).
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 29 of 46).
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 28 of 46).
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 22 of 46).
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 16 of 46).
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 1 of 6).
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 13 of 46).
On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can forge an HTTP request to inject operating system commands that can be executed on the device with higher privileges, aka remote code execution.
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 3 of 46).
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 26 of 46).
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 4 of 46).
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 40 of 46).
The '/common/ajax_email_connection_test.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by any authenticated user and can be abused to execute arbitrary commands on the system. This script is vulnerable to command injection via the unsanitized user input 'TEST_SERVER' sent to the script via the POST method.
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 8 of 46).
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 46 of 46).
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 24 of 46).
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 37 of 46).
A potential vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user on the local network to execute arbitrary commands on the device.
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 33 of 46).
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 31 of 46).
OpenEMR version 5.0.0 contains a OS Command Injection vulnerability in fax_dispatch.php that can result in OS command injection by an authenticated attacker with any role. This vulnerability appears to have been fixed in 5.0.0 Patch 2 or higher.
Certain models of NVR developed by Digiever has an OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device.
The N-Reporter, N-Cloud, and N-Probe developed by N-Partner has an OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server.
A command injection remote command execution vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw in the LauncherServer. Authentication is required to exploit this vulnerability.
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 6 of 6).