/alerttags/cwe-78/ Recent content in CWE-78 on ZAP Hugo en-us /docs/alerts/200001/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/200001/ <p>OS command injection (also known as shell injection) is a web security vulnerability that allows an attacker to execute arbitrary operating system (OS) commands on the server that is running an application, and typically fully compromise the application and all its data.</p> <p>Generated by OWASP PTK DAST Module</p> /docs/alerts/10048-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10048-1/ <p>The server is running a version of the Bash shell that allows remote attackers to execute arbitrary code.</p> /docs/alerts/10048-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10048-2/ <p>The server is running a version of the Bash shell that allows remote attackers to execute arbitrary code.</p> /docs/alerts/40048/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40048/ <p>The server is running Next.js and vulnerable versions of React Server Components with Next.js which allow remote attackers to execute arbitrary code.</p> /docs/alerts/90020/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90020/ <p>Attack technique used for unauthorized execution of operating system commands. This attack is possible when an application accepts untrusted input to build operating system commands in an insecure manner involving improper data sanitization, and/or improper calling of external programs.</p> /docs/alerts/90037/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90037/ <p>Attack technique used for unauthorized execution of operating system commands. This attack is possible when an application accepts untrusted input to build operating system commands in an insecure manner involving improper data sanitization, and/or improper calling of external programs.</p> /docs/alerts/40045/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40045/ <p>The application appears to be vulnerable to CVE-2022-22965 (otherwise known as Spring4Shell) - remote code execution (RCE) via data binding.</p>