Total
3666 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-5534 | 1 Nec | 2 Aterm Wg2600hs, Aterm Wg2600hs Firmware | 2024-02-28 | 7.7 HIGH | 8.0 HIGH |
Aterm WG2600HS firmware Ver1.3.2 and earlier allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via unspecified vectors. | |||||
CVE-2019-19609 | 1 Strapi | 1 Strapi | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to be executed by the execa function. | |||||
CVE-2020-8429 | 1 Kinetica | 1 Kinetica | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
The Admin web application in Kinetica 7.0.9.2.20191118151947 does not properly sanitise the input for the function getLogs. This lack of sanitisation could be exploited to allow an authenticated attacker to run remote code on the underlying operating system. The logFile parameter in the getLogs function was used as a variable in a command to read log files; however, due to poor input sanitisation, it was possible to bypass a replacement and break out of the command. | |||||
CVE-2012-5693 | 1 Bulbsecurity | 1 Smartphone Pentest Framework | 2024-02-28 | 8.3 HIGH | 8.8 HIGH |
Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddressTB parameter to (1) remoteAttack.pl or (2) guessPassword.pl in frameworkgui/; the filename parameter to (3) CSAttack.pl or (4) SEAttack.pl in frameworkgui/; the phNo2Attack parameter to (5) CSAttack.pl or (6) SEAttack.pl in frameworkgui/; the (7) platformDD2 parameter to frameworkgui/SEAttack.pl; the (8) agentURLPath or (9) agentControlKey parameter to frameworkgui/attach2agents.pl; or the (10) controlKey parameter to frameworkgui/attachMobileModem.pl. NOTE: The hostingPath parameter to CSAttack.pl and SEAttack.pl vectors and the appURLPath parameter to attachMobileModem.pl vector are covered by CVE-2012-5878. | |||||
CVE-2014-0163 | 1 Redhat | 1 Openshift | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
Openshift has shell command injection flaws due to unsanitized data being passed into shell commands. | |||||
CVE-2020-4211 | 2 Ibm, Linux | 2 Spectrum Protect, Linux Kernel | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175022. | |||||
CVE-2020-5535 | 1 Plathome | 2 Openblocks Iot Vx2, Openblocks Iot Vx2 Firmware | 2024-02-28 | 8.3 HIGH | 8.8 HIGH |
OpenBlocks IoT VX2 prior to Ver.4.0.0 (Ver.3 Series) allows an attacker on the same network segment to execute arbitrary OS commands with root privileges via unspecified vectors. | |||||
CVE-2019-10958 | 1 Geutebrueck | 22 G-cam Ebc-2110, G-cam Ebc-2110 Firmware, G-cam Ebc-2111 and 19 more | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to network configuration to supply system commands to the server, leading to remote code execution as root. | |||||
CVE-2019-10786 | 1 Network-manager Project | 1 Network-manager | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
network-manager through 1.0.2 allows remote attackers to execute arbitrary commands via the "execSync()" argument. | |||||
CVE-2019-3989 | 1 Amazon | 2 Blink Xt2 Sync Module, Blink Xt2 Sync Module Firmware | 2024-02-28 | 9.3 HIGH | 9.8 CRITICAL |
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when retrieving internal network configuration data. | |||||
CVE-2019-13652 | 1 Tp-link | 2 M7350, M7350 Firmware | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow serviceName OS Command Injection (issue 4 of 5). | |||||
CVE-2019-9197 | 2 Microsoft, Unity3d | 2 Windows, Unity Editor | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
The com.unity3d.kharma protocol handler in Unity Editor 2018.3 allows remote attackers to execute arbitrary code. | |||||
CVE-2019-12690 | 1 Cisco | 1 Firepower Management Center | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
A vulnerability in the web UI of the Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to inject arbitrary commands that are executed with the privileges of the root user of the underlying operating system. The vulnerability is due to insufficient validation of user-supplied input to the web UI. An attacker could exploit this vulnerability by submitting crafted input in the web UI. A successful exploit could allow an attacker to execute arbitrary commands on the device with full root privileges. | |||||
CVE-2016-11017 | 1 Akips | 1 Network Monitor | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
The application login page in AKIPS Network Monitor 15.37 through 16.5 allows a remote unauthenticated attacker to execute arbitrary OS commands via shell metacharacters in the username parameter (a failed login attempt returns the command-injection output to a limited login failure field). This is fixed in 16.6. | |||||
CVE-2020-6756 | 1 Rasilient | 2 Pixelstor 5000, Pixelstor 5000 Firmware | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
languageOptions.php in Rasilient PixelStor 5000 K:4.0.1580-20150629 (KDI Version) allows unauthenticated attackers to remotely execute code via the lang parameter. | |||||
CVE-2019-12717 | 1 Cisco | 88 Nexus 3016, Nexus 3048, Nexus 3064 and 85 more | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
A vulnerability in a CLI command related to the virtualization manager (VMAN) in Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with root privileges. The vulnerability is due to insufficient validation of arguments passed to a specific VMAN CLI command on an affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with root privileges, which may lead to complete system compromise. An attacker would need valid administrator credentials to exploit this vulnerability. | |||||
CVE-2020-10390 | 1 Chadhaajay | 1 Phpkb | 2024-02-28 | 6.5 MEDIUM | 7.2 HIGH |
OS Command Injection in export.php (vulnerable function called from include/functions-article.php) in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by saving the code to be executed as the wkhtmltopdf path via admin/save-settings.php. | |||||
CVE-2019-17625 | 1 Rambox | 1 Rambox | 2024-02-28 | 8.5 HIGH | 9.0 CRITICAL |
There is a stored XSS in Rambox 0.6.9 that can lead to code execution. The XSS is in the name field while adding/editing a service. The problem occurs due to incorrect sanitization of the name field when being processed and stored. This allows a user to craft a payload for Node.js and Electron, such as an exec of OS commands within the onerror attribute of an IMG element. | |||||
CVE-2019-5128 | 1 Youphptube | 1 Youphptube Encoder | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The parameter base64Url in /objects/getImageMP4.php is vulnerable to a command injection attack. | |||||
CVE-2019-10956 | 1 Geutebrueck | 22 G-cam Ebc-2110, G-cam Ebc-2110 Firmware, G-cam Ebc-2111 and 19 more | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated user, using a specially crafted URL command, to execute commands as root. |