Total
3665 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-11169 | 1 Quest | 1 Disk Backup | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 27 of 46). | |||||
CVE-2018-0330 | 1 Cisco | 65 Mds 9000, Nexus 172tq-xl, Nexus 3016 and 62 more | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
A vulnerability in the NX-API management application programming interface (API) in devices running, or based on, Cisco NX-OS Software could allow an authenticated, remote attacker to execute commands with elevated privileges. The vulnerability is due to a failure to properly validate certain parameters included within an NX-API request. An attacker that can successfully authenticate to the NX-API could submit a request designed to bypass NX-OS role assignment. A successful exploit could allow the attacker to execute commands with elevated privileges. This vulnerability affects the following if configured to use the NX-API feature: MDS 9000 Series Multilayer Switches, Nexus 2000 Series Switches, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode. Cisco Bug IDs: CSCvc73177, CSCve40903, CSCve40911. | |||||
CVE-2017-6229 | 1 Ruckuswireless | 30 H320, H320 Firmware, H510 and 27 more | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
Ruckus Networks Unleashed AP firmware releases before 200.6.10.1.x and Ruckus Networks Zone Director firmware releases 10.1.0.0.x, 9.10.2.0.x, 9.12.3.0.x, 9.13.3.0.x, 10.0.1.0.x or before contain authenticated Root Command Injection in the CLI that could allow authenticated valid users to execute privileged commands on the respective systems. | |||||
CVE-2018-11182 | 1 Quest | 1 Disk Backup | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 40 of 46). | |||||
CVE-2018-7890 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
A remote code execution issue was discovered in Zoho ManageEngine Applications Manager before 13.6 (build 13640). The publicly accessible testCredential.do endpoint takes multiple user inputs and validates supplied credentials by accessing a specified system. This endpoint calls several internal classes, and then executes a PowerShell script. If the specified system is OfficeSharePointServer, then the username and password parameters to this script are not validated, leading to Command Injection. | |||||
CVE-2018-6211 | 2 D-link, Dlink | 2 Dir-620 Firmware, Dir-620 | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, OS command injection is possible as a result of incorrect processing of the res_buf parameter to index.cgi. | |||||
CVE-2018-11158 | 1 Quest | 1 Disk Backup | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 16 of 46). | |||||
CVE-2018-6530 | 1 Dlink | 8 Dir-860l, Dir-860l Firmware, Dir-865l and 5 more | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter. | |||||
CVE-2018-7187 | 2 Debian, Golang | 2 Debian Linux, Go | 2024-02-28 | 9.3 HIGH | 8.8 HIGH |
The "go get" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path (get/vcs.go only checks for "://" anywhere in the string), which allows remote attackers to execute arbitrary OS commands via a crafted web site. | |||||
CVE-2018-0324 | 1 Cisco | 1 Network Functions Virtualization Infrastructure | 2024-02-28 | 4.6 MEDIUM | 6.7 MEDIUM |
A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, high-privileged, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command parameters in the CLI parser. An attacker could exploit this vulnerability by invoking a vulnerable CLI command with crafted malicious parameters. An exploit could allow the attacker to execute arbitrary commands with a non-root user account on the underlying Linux operating system of the affected device. Cisco Bug IDs: CSCvi09723. | |||||
CVE-2016-0291 | 1 Ibm | 1 Bigfix Platform | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
IBM BigFix Platform 9.0, 9.1 before 9.1.8, and 9.2 before 9.2.8 allow remote authenticated users to execute arbitrary commands by leveraging report server access. IBM X-Force ID: 111302. | |||||
CVE-2018-11152 | 1 Quest | 1 Disk Backup | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 10 of 46). | |||||
CVE-2018-1235 | 1 Emc | 2 Recoverpoint, Recoverpoint For Virtual Machines | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contain a command injection vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to execute arbitrary commands on the affected system with root privilege. | |||||
CVE-2017-14475 | 1 Mysql-mmm | 1 Mysql Multi-master Replication Manager | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
In the MMM::Agent::Helpers::Network::add_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Linux), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\_agentd process. An attacker that can initiate a TCP session with mmm\_agentd can trigger this vulnerability. | |||||
CVE-2018-11144 | 1 Quest | 1 Disk Backup | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 2 of 46). | |||||
CVE-2017-3936 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
OS Command Injection vulnerability in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, 5.3.1, 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows attackers to run arbitrary OS commands with limited privileges via not sanitizing the user input data before exporting it into a CSV format output. | |||||
CVE-2018-0506 | 1 Nootka Project | 1 Nootka | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
Nootka 1.4.4 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. | |||||
CVE-2018-0512 | 1 Iodata | 90 Bx-vp1, Bx-vp1 Firmware, Gv-ntx1 and 87 more | 2024-02-28 | 7.7 HIGH | 6.8 MEDIUM |
Devices with IP address setting tool "MagicalFinder" provided by I-O DATA DEVICE, INC. allow authenticated attackers to execute arbitrary OS commands via unspecified vectors. | |||||
CVE-2018-6791 | 2 Debian, Kde | 2 Debian Linux, Plasma-workspace | 2024-02-28 | 7.2 HIGH | 6.8 MEDIUM |
An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE Plasma Workspace before 5.12.0. When a vfat thumbdrive that contains `` or $() in its volume label is plugged in and mounted through the device notifier, it's interpreted as a shell command, leading to a possibility of arbitrary command execution. An example of an offending volume label is "$(touch b)" -- this will create a file called b in the home folder. | |||||
CVE-2018-11176 | 1 Quest | 1 Disk Backup | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 34 of 46). |