Total
3665 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-11167 | 1 Quest | 1 Disk Backup | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 25 of 46). | |||||
CVE-2017-15108 | 2 Debian, Spice-space | 2 Debian Linux, Spice-vdagent | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed. | |||||
CVE-2017-14432 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the openvpnServer0_tmp= parameter in the "/goform/net\_Web\_get_value" uri to trigger this vulnerability. | |||||
CVE-2018-11168 | 1 Quest | 1 Disk Backup | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 26 of 46). | |||||
CVE-2018-11179 | 1 Quest | 1 Disk Backup | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 37 of 46). | |||||
CVE-2018-11174 | 1 Quest | 1 Disk Backup | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 32 of 46). | |||||
CVE-2017-14433 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the remoteNetwork0= parameter in the "/goform/net\_Web\_get_value" uri to trigger this vulnerability. | |||||
CVE-2017-17020 | 1 Dlink | 6 Dcs-5009, Dcs-5009 Firmware, Dcs-5010 and 3 more | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
On D-Link DCS-5009 devices with firmware 1.08.11 and earlier, DCS-5010 devices with firmware 1.14.09 and earlier, and DCS-5020L devices with firmware before 1.15.01, command injection in alphapd (binary responsible for running the camera's web server) allows remote authenticated attackers to execute code through sanitized /setSystemAdmin user input in the AdminID field being passed directly to a call to system. | |||||
CVE-2018-11180 | 1 Quest | 1 Disk Backup | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 38 of 46). | |||||
CVE-2018-10967 | 2 D-link, Dlink | 4 Dir-550a Firmware, Dir-604m Firmware, Dir-550a and 1 more | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can forge an HTTP request to inject operating system commands that can be executed on the device with higher privileges, aka remote code execution. | |||||
CVE-2018-11132 | 1 Quest | 1 Kace System Management Appliance | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
In order to perform actions that require higher privileges, the Quest KACE System Management Appliance 8.0.318 relies on a message queue that runs daemonized with root privileges and only allows a set of commands to be executed. A command injection vulnerability exists within this message queue which allows low-privilege users to append arbitrary commands that will be run as root. | |||||
CVE-2018-12268 | 1 Acccheck Project | 1 Acccheck.pl | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
acccheck.pl in acccheck 0.2.1 allows Command Injection via shell metacharacters in a username or password file, as demonstrated by injection into an smbclient command line. | |||||
CVE-2018-11162 | 1 Quest | 1 Disk Backup | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 20 of 46). | |||||
CVE-2018-6222 | 1 Trendmicro | 1 Email Encryption Gateway | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
Arbitrary logs location in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to change location of log files and be manipulated to execute arbitrary commands and attain command execution on a vulnerable system. | |||||
CVE-2018-1242 | 1 Emc | 2 Recoverpoint, Recoverpoint For Virtual Machines | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contains a command injection vulnerability in the Boxmgmt CLI. An authenticated malicious user with boxmgmt privileges may potentially exploit this vulnerability to read RPA files. Note that files that require root permission cannot be read. | |||||
CVE-2018-11159 | 1 Quest | 1 Disk Backup | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 17 of 46). | |||||
CVE-2017-16042 | 1 Growl Project | 1 Growl | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution. | |||||
CVE-2017-7637 | 1 Qnap | 1 Nas Proxy Server | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to run arbitrary OS commands against the system with root privileges. | |||||
CVE-2018-6926 | 1 Misp | 1 Misp | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
In app/Controller/ServersController.php in MISP 2.4.87, a server setting permitted the override of a path variable on certain Red Hed Enterprise Linux and CentOS systems (where rh_shell_fix was enabled), and consequently allowed site admins to inject arbitrary OS commands. The impact is limited by the setting being only accessible to the site administrator. | |||||
CVE-2018-11181 | 1 Quest | 1 Disk Backup | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 39 of 46). |