CWE-78

Fleet is open source device management software. Prior to version 4.81.0, a vulnerability in Fleet's software installer pipeline could allow a crafted software package to execute arbitrary commands as root (macOS/Linux) or SYSTEM (Windows) on managed endpoints when an uninstall is triggered. When a software package (.pkg, .deb, .rpm, .exe, or .msi) is uploaded to Fleet, metadata is extracted from the package binary and used to generate uninstall scripts. In affected versions, this metadata is not properly sanitized before being included in the generated scripts. A specially crafted package containing malicious values in its metadata fields could result in unintended command execution when the uninstall script runs on managed endpoints. Version 4.81.0 contains a patch. If an immediate upgrade is not possible, administrators should avoid uploading software packages obtained from untrusted or unverified sources. Additionally, administrators can manually inspect and edit auto-generated uninstall scripts before deployment.

A vulnerability in a small subset of CLI commands that are used on Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to craft Lua code that could be used on the underlying operating system as root. This vulnerability exists because user-provided input is not properly sanitized. An attacker could exploit this vulnerability by crafting valid Lua code and submitting it as a malicious parameter for a CLI command. A successful exploit could allow the attacker to inject Lua code, which could lead to arbitrary code execution as the root user. To exploit this vulnerability, an attacker must have valid Administrator credentials.

A vulnerability in the CLI of Cisco UCS Manager Software could allow an authenticated, local attacker with administrative privileges to read or create a file or overwrite any file on the file system of the underlying operating system of an affected device, including system files.   This vulnerability is due to insufficient input validation of command arguments supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to read or create a file or overwrite any file on the file system of the underlying operating system of the affected device, including system files. To exploit this vulnerability, the attacker must have valid administrative credentials on the affected device.

A vulnerability in the CLI of Cisco Secure Firewall Management Center (FMC) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root. This vulnerability is due to improper input validation for specific CLI commands. An attacker could exploit this vulnerability by injecting operating system commands into a legitimate command. A successful exploit could allow the attacker to escape the restricted command prompt and execute arbitrary commands on the underlying operating system. To successfully exploit this vulnerability, an attacker would need valid Administrator credentials. For more information about vulnerable scenarios, see the Details ["#details"] section of this advisory.

A vulnerability in the file creation process on the command line interface of AOS-8 Instant and AOS-10 AP could allow an authenticated remote attacker to perform remote code execution (RCE). Successful exploitation could allow an attacker to execute arbitrary operating system commands on the underlying operating system leading to potential system compromise.

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause command injection in BLMon that is executed in the operating system console when in a SSH session.

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause the execution of any shell command when executing a netstat command using BLMon Console in an SSH session.

A command injection vulnerability was discovered in the TrustyAI Explainability toolkit. Arbitrary commands placed in certain fields of a LMEValJob custom resource (CR) may be executed in the LMEvalJob pod's terminal. This issue can be exploited via a maliciously crafted LMEvalJob by a user with permissions to deploy a CR.

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab `v0.8.4` contains a Windows-only command injection issue in the orphaned Chrome cleanup path. When an instance is stopped, the Windows cleanup routine builds a PowerShell `-Command` string using a `needle` derived from the profile path. In `v0.8.4`, that string interpolation escapes backslashes but does not safely neutralize other PowerShell metacharacters. If an attacker can launch an instance using a crafted profile name and then trigger the cleanup path, they may be able to execute arbitrary PowerShell commands on the Windows host in the security context of the PinchTab process user. This is not an unauthenticated internet RCE. It requires authenticated, administrative-equivalent API access to instance lifecycle endpoints, and the resulting command execution inherits the permissions of the PinchTab OS user rather than bypassing host privilege boundaries. Version 0.8.5 contains a patch for the issue.

The ns_backup extension through 13.0.0 for TYPO3 allows command injection.

OS command injection vulnerability exists in BUFFALO wireless LAN routers and wireless LAN repeaters. If a user logs in to the management page and sends a specially crafted request to the affected product from the product's specific management page, an arbitrary OS command may be executed.

A vulnerability was detected in 8421bit MiniClaw 0.8.0/0.9.0. This issue affects the function resolveSkillScriptPath of the file src/kernel.ts of the component System Command Handler. The manipulation results in os command injection. The exploit is now public and may be used. The patch is identified as 223c16a1088e138838dcbd18cd65a37c35ac5a84. It is best practice to apply a patch to resolve this issue.

A vulnerability was detected in TRENDnet TEW-821DAP up to 1.12B01. The affected element is the function tools_diagnostic. The manipulation results in os command injection. The exploit is now public and may be used. The vendor explains: "That firmware version will only work on our hardware version v1.xR. We have already EOL that product 8 years ago and are no longer selling". This vulnerability only affects products that are no longer supported by the maintainer.

Vim is an open source, command line text editor. Prior to 9.2.0357, A command injection vulnerability exists in Vim's tag file processing. When resolving a tag, the filename field from the tags file is passed through wildcard expansion to resolve environment variables and wildcards. If the filename field contains backtick syntax (e.g., `command`), Vim executes the embedded command via the system shell with the full privileges of the running user.

A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_B20221024. The impacted element is the function vsetTr069Cfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument stun_pass leads to os command injection. The exploit has been disclosed publicly and may be used.

A vulnerability classified as critical was found in D-Link DI-7300G+ 19.12.25A1. Affected by this vulnerability is an unknown functionality of the file httpd_debug.asp. The manipulation of the argument Time leads to os command injection. The exploit has been disclosed to the public and may be used.

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote control over the charging station when an authenticated user modifies configuration parameters on the web server.

ejson2env allows users to decrypt EJSON secrets and export them as environment variables. Prior to version 2.0.8, the `ejson2env` tool has a vulnerability related to how it writes to `stdout`. Specifically, the tool is intended to write an export statement for environment variables and their values. However, due to inadequate output sanitization, there is a potential risk where variable names or values may include malicious content, resulting in additional unintended commands being output to `stdout`. If this output is improperly utilized in further command execution, it could lead to command injection, allowing an attacker to execute arbitrary commands on the host system. Version 2.0.8 sanitizes output during decryption. Other mitigations involve avoiding use of `ejson2env` to decrypt untrusted user secrets and/or avoiding evaluating or executing the direct output from `ejson2env` without removing nonprintable characters.

A vulnerability has been found in Legrand SMS PowerView 1.x and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument redirect leads to os command injection. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

GigaCC OFFICE ver.2.3 and earlier allows remote attackers to execute arbitrary OS commands via specially crafted mail template.