Total
3851 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-12121 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the rsakey\_name= parm in the "/goform/WebRSAKEYGen" uri to trigger this vulnerability. | |||||
| CVE-2017-12120 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation, resulting in a root shell. An attacker can inject OS commands into the ip= parm in the "/goform/net_WebPingGetValue" URI to trigger this vulnerability. | |||||
| CVE-2017-11588 | 1 Cisco | 2 Residential Gateway, Residential Gateway Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is remote command execution via shell metacharacters in the pingAddr parameter to the waitPingqry.cgi URI. The command output is visible at /PingMsg.cmd. | |||||
| CVE-2017-11566 | 1 Appsec-labs | 1 Appuse | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| AppUse 4.0 allows shell command injection via a proxy field. | |||||
| CVE-2017-11395 | 1 Trendmicro | 1 Smart Protection Server | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Command injection vulnerability in Trend Micro Smart Protection Server (Standalone) 3.1 and 3.2 server administration UI allows attackers with authenticated access to execute arbitrary code on vulnerable installations. | |||||
| CVE-2017-11381 | 1 Trendmicro | 1 Deep Discovery Director | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A command injection vulnerability exists in Trend Micro Deep Discovery Director 1.1 that allows an attacker to restore accounts that can access the pre-configuration console. | |||||
| CVE-2017-11366 | 1 Codiad | 1 Codiad | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| components/filemanager/class.filemanager.php in Codiad before 2.8.4 is vulnerable to remote command execution because shell commands can be embedded in parameter values, as demonstrated by search_file_type. | |||||
| CVE-2017-11322 | 1 Ucopia | 1 Ucopia Wireless Appliance | 2024-11-21 | 7.2 HIGH | 8.2 HIGH |
| The chroothole_client executable in UCOPIA Wireless Appliance before 5.1.8 allows remote attackers to gain root privileges via a dollar sign ($) metacharacter in the argument to chroothole_client. | |||||
| CVE-2017-11321 | 1 Ucopia | 1 Wireless Appliance | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The restricted shell interface in UCOPIA Wireless Appliance before 5.1.8 allows remote authenticated users to gain 'admin' privileges via shell metacharacters in the less command. | |||||
| CVE-2017-11318 | 1 Cobiansoft | 1 Cobian Backup | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| Cobian Backup 11 client allows man-in-the-middle attackers to add and execute new backup tasks when the master server is spoofed. In addition, the attacker can execute system commands remotely by abusing pre-backup events. | |||||
| CVE-2017-11150 | 1 Synology | 1 Office | 2024-11-21 | 6.5 MEDIUM | 7.8 HIGH |
| Command injection vulnerability in Document.php in Synology Office 2.2.0-1502 and 2.2.1-1506 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the crafted file name of RTF documents. | |||||
| CVE-2017-10951 | 1 Foxitsoftware | 1 Foxit Reader | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within app.launchURL method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4724. | |||||
| CVE-2017-10904 | 1 Qt | 1 Qt | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2017-10902 | 1 Princeton | 2 Ptw-wms1, Ptw-wms1 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| PTW-WMS1 firmware version 2.000.012 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2017-10832 | 1 Nippon-antenna | 2 Scr02hd, Scr02hd Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| "Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2017-10813 | 1 Corega | 2 Wlr 300 Nm, Wlr 300 Nm Firmware | 2024-11-21 | 7.7 HIGH | 6.8 MEDIUM |
| CG-WLR300NM Firmware version 1.90 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2017-10811 | 1 Buffalo | 2 Wcr-1166ds, Wcr-1166ds Firmware | 2024-11-21 | 7.7 HIGH | 6.8 MEDIUM |
| Buffalo WCR-1166DS devices with firmware 1.30 and earlier allow an attacker to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2017-1000502 | 1 Jenkins | 1 Ec2 | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Users with permission to create or configure agents in Jenkins 1.37 and earlier could configure an EC2 agent to run arbitrary shell commands on the master node whenever the agent was supposed to be launched. Configuration of these agents now requires the 'Run Scripts' permission typically only granted to administrators. | |||||
| CVE-2017-1000487 | 2 Codehaus-plexus, Debian | 2 Plexus-utils, Debian Linux | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings. | |||||
| CVE-2017-1000473 | 1 Linux-dash Project | 1 Linux-dash | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Linux Dash up to version v2 is vulnerable to multiple command injection vulnerabilities in the way module names are parsed and then executed resulting in code execution on the server, potentially as root. | |||||