CWE-77

Certain Zyxel products allow command injection by an admin via an input string to chg_exp_pwd during a password-change action. This affects VPN On-premise before ZLD V4.39 week38, VPN Orchestrator before SD-OS V10.03 week32, USG before ZLD V4.39 week38, USG FLEX before ZLD V4.55 week38, ATP before ZLD V4.55 week38, and NSG before 1.33 patch 4.

Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation or Code Execution as root via vectors related to corrupt component installation in cmd_subsys.php.

Command Injection in Nagios Fusion 4.1.8 and earlier allows Privilege Escalation from apache to root in cmd_subsys.php.

Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to nagios.

This affects all versions of package sonar-wrapper. The injection point is located in lib/sonarRunner.js.

This affects all versions of package npm-help. The injection point is located in line 13 in index.js file in export.latestVersion() function.