Total
3665 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-15156 | 1 Open-emr | 1 Openemr | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/fax/faxq.php after modifying the "hylafax_server" global variable in interface/super/edit_globals.php. | |||||
| CVE-2018-18858 | 1 Liquidvpn | 1 Liquidvpn | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel extension because com.smr.liquidvpn.OVPNHelper uses the system function to execute the "tun_path" or "tap_path" pathname within a shell command. | |||||
| CVE-2018-17208 | 1 Linksys | 2 Velop, Velop Firmware | 2024-02-28 | 9.3 HIGH | 8.8 HIGH |
| Linksys Velop 1.1.2.187020 devices allow unauthenticated command injection, providing an attacker with full root access, via cgi-bin/zbtest.cgi or cgi-bin/zbtest2.cgi (scripts that can be discovered with binwalk on the firmware, but are not visible in the web interface). This occurs because shell metacharacters in the query string are mishandled by ShellExecute, as demonstrated by the zbtest.cgi?cmd=level&level= substring. This can also be exploited via CSRF. | |||||
| CVE-2018-16055 | 1 Netgate | 1 Pfsense | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| An authenticated command injection vulnerability exists in status_interfaces.php via dhcp_relinquish_lease() in pfSense before 2.4.4 due to its passing user input from the $_POST parameters "ifdescr" and "ipv" to a shell without escaping the contents of the variables. This allows an authenticated WebGUI user with privileges for the affected page to execute commands in the context of the root user when submitting a request to relinquish a DHCP lease for an interface which is configured to obtain its address via DHCP. | |||||
| CVE-2018-19659 | 1 Moxa | 2 Nport W2x50a, Nport W2x50a Firmware | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| An exploitable authenticated command-injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware before 2.2 Build_18082311. A specially crafted HTTP POST request to /goform/net_WebPingGetValue can result in running OS commands as the root user. This is similar to CVE-2017-12120. | |||||
| CVE-2018-4021 | 1 Netgate | 1 Pfsense | 2024-02-28 | 6.5 MEDIUM | 7.2 HIGH |
| An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to send authenticated POST requests to the administration web interface. Command injection is possible in the `powerd_battery_mode` POST parameter. | |||||
| CVE-2018-16334 | 1 Tendacn | 4 Ac10, Ac10 Firmware, Ac9 and 1 more | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN and AC10 V15.03.06.23_CN devices. The mac parameter in a POST request is used directly in a doSystemCmd call, causing OS command injection. | |||||
| CVE-2018-17532 | 1 Teltonika | 6 Rut900, Rut900 Firmware, Rut950 and 3 more | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| Teltonika RUT9XX routers with firmware before 00.04.233 are prone to multiple unauthenticated OS command injection vulnerabilities in autologin.cgi and hotspotlogin.cgi due to insufficient user input sanitization. This allows remote attackers to execute arbitrary commands with root privileges. | |||||
| CVE-2018-0639 | 1 Nec | 2 Aterm Hc100rc, Aterm Hc100rc Firmware | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
| Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via tools_firmware.cgi date parameter, time parameter, and offset parameter. | |||||
| CVE-2018-12483 | 1 Ocsinventory-ng | 1 Ocsinventory Ng | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| OCS Inventory 2.4.1 is prone to a remote command-execution vulnerability. Specifically, this issue occurs because the content of the ipdiscover_analyser rzo GET parameter is concatenated to a string used in an exec() call in the PHP code. Authentication is needed in order to exploit this vulnerability. | |||||
| CVE-2018-19239 | 1 Trendnet | 2 Tew-673gru, Tew-673gru Firmware | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
| TRENDnet TEW-673GRU v1.00b40 devices have an OS command injection vulnerability in the start_arpping function of the timer binary, which allows remote attackers to execute arbitrary commands via three parameters (dhcpd_start, dhcpd_end, and lan_ipaddr) passed to the apply.cgi binary through a POST request. | |||||
| CVE-2018-15726 | 1 Pulsesecure | 1 Pulse Secure Desktop Client | 2024-02-28 | 4.6 MEDIUM | 5.3 MEDIUM |
| The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Privilege Escalation Vulnerability. | |||||
| CVE-2018-0636 | 1 Nec | 2 Aterm Hc100rc, Aterm Hc100rc Firmware | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
| Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via FactoryPassword parameter of a certain URL, different URL from CVE-2018-0634. | |||||
| CVE-2018-0694 | 1 Soliton | 1 Filezen | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| FileZen V3.0.0 to V4.2.1 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2018-9076 | 1 Lenovo | 22 Iomega Ez Media \& Backup Center, Iomega Storcenter Ix2, Iomega Storcenter Ix2-dl and 19 more | 2024-02-28 | 9.3 HIGH | 8.1 HIGH |
| For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "``" characters in the name parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter. | |||||
| CVE-2018-0631 | 1 Nec | 2 Aterm W300p, Aterm W300p Firmware | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
| Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via targetAPSsid parameter. | |||||
| CVE-2018-15368 | 1 Cisco | 1 Ios Xe | 2024-02-28 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerability is due to the affected software improperly sanitizing command arguments to prevent modifications to the underlying Linux filesystem on a device. An attacker who has privileged EXEC mode (privilege level 15) access to an affected device could exploit this vulnerability on the device by executing CLI commands that contain crafted arguments. A successful exploit could allow the attacker to gain access to the underlying Linux shell of the affected device and execute arbitrary commands with root privileges on the device. | |||||
| CVE-2019-8319 | 1 Dlink | 2 Dir-878, Dir-878 Firmware | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetStaticRouteIPv4Settings API function, as demonstrated by shell metacharacters in the Gateway field. | |||||
| CVE-2018-14933 | 1 Nuuo | 2 Nvrmini, Nvrmini Firmware | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command. | |||||
| CVE-2018-3955 | 1 Linksys | 4 E1200, E1200 Firmware, E2500 and 1 more | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
| An exploitable operating system command injection exists in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04). Specially crafted entries to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An attacker can send an authenticated HTTP request to trigger this vulnerability. Data entered into the 'Domain Name' input field through the web portal is submitted to apply.cgi as the value to the 'wan_domain' POST parameter. The wan_domain data goes through the nvram_set process described above. When the 'preinit' binary receives the SIGHUP signal it enters a code path that calls a function named 'set_host_domain_name' from its libshared.so shared object. | |||||