1 results (0.002 seconds)

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

Autodesk VRED Professional 2014 before SR1 SP8 allows remote attackers to execute arbitrary code via Python os library calls in Python API commands to the integrated web server. Autodesk VRED Professional 2014 anterior a SR1 SP8 permite a atacantes remotos ejecutar código arbitrario a través de llamadas de libraría Python os en comandos Python API en el servidor web integrado. • http://www.kb.cert.org/vuls/id/402020 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •