Total
3852 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20057 | 2 D-link, Dlink | 4 Dir-605l Firmware, Dir-619l Firmware, Dir-605l and 1 more | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices. goform/formSysCmd allows remote authenticated users to execute arbitrary OS commands via the sysCmd POST parameter. | |||||
| CVE-2018-1998 | 1 Ibm | 1 Websphere Mq | 2024-11-21 | 7.2 HIGH | 8.8 HIGH |
| IBM WebSphere MQ 8.0.0.0 through 9.1.1 could allow a local user to inject code that could be executed with root privileges. This is due to an incomplete fix for CVE-2018-1792. IBM X-ForceID: 154887. | |||||
| CVE-2018-1242 | 1 Emc | 2 Recoverpoint, Recoverpoint For Virtual Machines | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contains a command injection vulnerability in the Boxmgmt CLI. An authenticated malicious user with boxmgmt privileges may potentially exploit this vulnerability to read RPA files. Note that files that require root permission cannot be read. | |||||
| CVE-2018-1239 | 1 Dell | 2 Emc Unity Operating Environment, Emc Unityvsa Operating Environment | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| Dell EMC Unity Operating Environment (OE) versions prior to 4.3.0.1522077968 are affected by multiple OS command injection vulnerabilities. A remote application admin user could potentially exploit the vulnerabilities to execute arbitrary OS commands as system root on the system where Dell EMC Unity is installed. | |||||
| CVE-2018-1238 | 1 Dell | 1 Emc Scaleio | 2024-11-21 | 8.5 HIGH | 7.5 HIGH |
| Dell EMC ScaleIO versions prior to 2.5, contain a command injection vulnerability in the Light Installation Agent (LIA). This component is used for central management of ScaleIO deployment and uses shell commands for certain actions. A remote malicious user, with network access to LIA and knowledge of the LIA administrative password, could potentially exploit this vulnerability to run arbitrary commands as root on the systems where LIAs are installed. | |||||
| CVE-2018-1235 | 1 Emc | 2 Recoverpoint, Recoverpoint For Virtual Machines | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contain a command injection vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to execute arbitrary commands on the affected system with root privilege. | |||||
| CVE-2018-1185 | 1 Dell | 2 Emc Recoverpoint, Emc Recoverpoint For Virtual Machines | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
| An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. Command injection vulnerability in Admin CLI may allow a malicious user with admin privileges to escape from the restricted shell to an interactive shell and run arbitrary commands with root privileges. | |||||
| CVE-2018-1184 | 1 Dell | 2 Emc Recoverpoint, Emc Recoverpoint For Virtual Machines | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
| An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. Command injection vulnerability in Boxmgmt CLI may allow a malicious user with boxmgmt privileges to bypass Boxmgmt CLI and run arbitrary commands with root privileges. | |||||
| CVE-2018-1167 | 1 Spotify | 1 Spotify | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Spotify Music Player 1.0.69.336. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of URI handlers. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5501. | |||||
| CVE-2018-1144 | 1 Belkin | 2 N750, N750 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A remote unauthenticated user can execute commands as root in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to proxy.cgi. | |||||
| CVE-2018-1143 | 1 Belkin | 2 N750, N750 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A remote unauthenticated user can execute commands as root in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to twonky_command.cgi. | |||||
| CVE-2018-19990 | 2 D-link, Dlink | 2 Dir-822 Firmware, Dir-822 | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In the /HNAP1/SetWiFiVerifyAlpha message, the WPSPIN parameter is vulnerable, and the vulnerability affects D-Link DIR-822 B1 202KRb06 devices. In the SetWiFiVerifyAlpha.php source code, the WPSPIN parameter is saved in the $rphyinf1."/media/wps/enrollee/pin" and $rphyinf2."/media/wps/enrollee/pin" and $rphyinf3."/media/wps/enrollee/pin" internal configuration memory without any regex checking. And in the do_wps function of the wps.php source code, the data in $rphyinf3."/media/wps/enrollee/pin" is used with the wpatalk command without any regex checking. A vulnerable /HNAP1/SetWiFiVerifyAlpha XML message could have shell metacharacters in the WPSPIN element such as the `telnetd` string. | |||||
| CVE-2018-19989 | 2 D-link, Dlink | 3 Dir-822 Firmware, Dir-822, Dir-822 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In the /HNAP1/SetQoSSettings message, the uplink parameter is vulnerable, and the vulnerability affects D-Link DIR-822 Rev.B 202KRb06 and DIR-822 Rev.C 3.10B06 devices. In the SetQoSSettings.php source code, the uplink parameter is saved in the /bwc/entry:1/bandwidth and /bwc/entry:2/bandwidth internal configuration memory without any regex checking. And in the bwc_tc_spq_start, bwc_tc_wfq_start, and bwc_tc_adb_start functions of the bwcsvcs.php source code, the data in /bwc/entry:1/bandwidth and /bwc/entry:2/bandwidth is used with the tc command without any regex checking. A vulnerable /HNAP1/SetQoSSettings XML message could have shell metacharacters in the uplink element such as the `telnetd` string. | |||||
| CVE-2018-19988 | 2 D-link, Dlink | 2 Dir-868l Firmware, Dir-868l | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In the /HNAP1/SetClientInfoDemo message, the AudioMute and AudioEnable parameters are vulnerable, and the vulnerabilities affect D-Link DIR-868L Rev.B 2.05B02 devices. In the SetClientInfoDemo.php source code, the AudioMute and AudioEnble parameters are saved in the ShellPath script file without any regex checking. After the script file is executed, the command injection occurs. It needs to bypass the wget command option with a single quote. A vulnerable /HNAP1/SetClientInfoDemo XML message could have single quotes and backquotes in the AudioMute or AudioEnable element, such as the '`telnetd`' string. | |||||
| CVE-2018-19987 | 2 D-link, Dlink | 13 Dir-818lw Firmware, Dir-822 Firmware, Dir-860l Firmware and 10 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link DIR-822 Rev.B 202KRb06, DIR-822 Rev.C 3.10B06, DIR-860L Rev.B 2.03.B03, DIR-868L Rev.B 2.05B02, DIR-880L Rev.A 1.20B01_01_i3se_BETA, and DIR-890L Rev.A 1.21B02_BETA devices mishandle IsAccessPoint in /HNAP1/SetAccessPointMode. In the SetAccessPointMode.php source code, the IsAccessPoint parameter is saved in the ShellPath script file without any regex checking. After the script file is executed, the command injection occurs. A vulnerable /HNAP1/SetAccessPointMode XML message could have shell metacharacters in the IsAccessPoint element such as the `telnetd` string. | |||||
| CVE-2018-19986 | 2 D-link, Dlink | 4 Dir-818lw Firmware, Dir-822 Firmware, Dir-818lw and 1 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In the /HNAP1/SetRouterSettings message, the RemotePort parameter is vulnerable, and the vulnerability affects D-Link DIR-818LW Rev.A 2.05.B03 and DIR-822 B1 202KRb06 devices. In the SetRouterSettings.php source code, the RemotePort parameter is saved in the $path_inf_wan1."/web" internal configuration memory without any regex checking. And in the IPTWAN_build_command function of the iptwan.php source code, the data in $path_inf_wan1."/web" is used with the iptables command without any regex checking. A vulnerable /HNAP1/SetRouterSettings XML message could have shell metacharacters in the RemotePort element such as the `telnetd` string. | |||||
| CVE-2018-19977 | 1 Auerswald | 2 Comfortel 1200 Ip, Comfortel 1200 Ip Firmware | 2024-11-21 | 7.7 HIGH | 8.0 HIGH |
| A command injection (missing input validation, escaping) in the ftp upgrade configuration interface on the Auerswald COMfort 1200 IP phone 3.4.4.1-10589 allows an authenticated remote attacker (simple user) -- in the same network as the device -- to trigger OS commands (like starting telnetd or opening a reverse shell) via a POST request to the web server. | |||||
| CVE-2018-19908 | 1 Misp | 1 Misp | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in MISP 2.4.9x before 2.4.99. In app/Model/Event.php (the STIX 1 import code), an unescaped filename string is used to construct a shell command. This vulnerability can be abused by a malicious authenticated user to execute arbitrary commands by tweaking the original filename of the STIX import. | |||||
| CVE-2018-19907 | 1 Craftercms | 1 Crafter Cms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A Server-Side Template Injection issue was discovered in Crafter CMS 3.0.18. Attackers with developer privileges may execute OS commands by Creating/Editing a template file (.ftl filetype) that triggers a call to freemarker.template.utility.Execute in the FreeMarker library during rendering of a web page. | |||||
| CVE-2018-19660 | 1 Moxa | 2 Nport W2x50a, Nport W2x50a Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An exploitable authenticated command-injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware before 2.2 Build_18082311. A specially crafted HTTP POST request to /goform/webSettingProfileSecurity can result in running OS commands as the root user. | |||||