Any OS commands can be injected by an authenticated attacker with any role. This is a serious vulnerability as the chance for the system to be compromised is high.
The Claymore's Dual ETH + DCR/SC/LBC/PASC GPU Miner version 10.0 allows remote attackers to execute arbitrary commands via a crafted miner_getstat1 command to the remote management interface on port 3333.
This exploit targets the "SaveXMLFile()" method in NVR SP2 2.0 nvUtility.Utility.1 (nvUtility.dll v. 1.0.14.0). It allows an attacker to execute arbitrary commands on the target system.
You can bypass the controlled folder feature in Defender in Windows 10 1709 using a local UNC admin share. By opening the target file for write/delete access through the UNC path, the controlled folders feature can be circumvented.
This exploit demonstrates a command injection vulnerability in the KLoader binary that ships with Proxifier <= 2.18. The vulnerability allows an attacker to execute arbitrary commands as root.
This exploit targets the nvUnifiedControl.AUnifiedControl.1 control in NVR SP2 2.0, specifically the SetText() function. By exploiting a heap spray technique, an attacker can trigger a remote buffer overflow vulnerability in the nvUnifiedControl.dll version 1.1.45.0. This vulnerability allows the attacker to execute arbitrary code on the target system.
The vulnerability allows an attacker to inject sql commands....
This exploit takes advantage of a stack overflow in p_mode in BitchX-1.1 Final. Due to input size restrictions, the overflow can't occur on the stack, but it can overwrite a structure containing pointers to heap data, allowing the attacker to overwrite the GOT.
This exploit takes advantage of a buffer overflow vulnerability in VX Search Enterprise v10.2.14. The vulnerability allows an attacker to overwrite the Structured Exception Handler (SEH) and execute arbitrary code. The exploit requires enabling the web server and having login credentials for the VX Search webpage.
The exploit allows for a local buffer overflow in the "Input Directory" field of Dup Scout Enterprise v10.0.18. It takes advantage of a SEH (Structured Exception Handler) Unicode vulnerability.