Total
3665 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-7844 | 1 Gigaccsecure | 1 Gigacc Office | 2024-02-28 | 6.0 MEDIUM | 5.5 MEDIUM |
| GigaCC OFFICE ver.2.3 and earlier allows remote attackers to execute arbitrary OS commands via specially crafted mail template. | |||||
| CVE-2017-2827 | 1 Foscam | 2 C1 Indoor Hd Camera, C1 Indoor Hd Camera Firmware | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during account creation resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability. | |||||
| CVE-2017-11150 | 1 Synology | 1 Office | 2024-02-28 | 6.5 MEDIUM | 7.8 HIGH |
| Command injection vulnerability in Document.php in Synology Office 2.2.0-1502 and 2.2.1-1506 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the crafted file name of RTF documents. | |||||
| CVE-2017-2849 | 1 Foscam | 2 C1 Indoor Hd Camera, C1 Indoor Hd Camera Firmware | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during NTP server configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability. | |||||
| CVE-2014-8389 | 1 Airlive | 10 Bu-2015, Bu-2015 Firmware, Bu-3026 and 7 more | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| cgi-bin/mft/wireless_mft.cgi in AirLive BU-2015 with firmware 1.03.18 16.06.2014, AirLive BU-3026 with firmware 1.43 21.08.2014, AirLive MD-3025 with firmware 1.81 21.08.2014, AirLive WL-2000CAM with firmware LM.1.6.18 14.10.2011, and AirLive POE-200CAM v2 with firmware LM.1.6.17.01 uses hard-coded credentials in the embedded Boa web server, which allows remote attackers to obtain user credentials via crafted HTTP requests. | |||||
| CVE-2017-1000159 | 1 Gnome | 1 Evince | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
| Command injection in evince via filename when printing to PDF. This affects versions earlier than 3.25.91. | |||||
| CVE-2017-14705 | 1 Denyall | 2 I-suite, Web Application Firewall | 2024-02-28 | 9.3 HIGH | 8.1 HIGH |
| DenyAll WAF before 6.4.1 allows unauthenticated remote command execution via TCP port 3001 because shell metacharacters can be inserted into the type parameter to the tailDateFile function in /webservices/stream/tail.php. An iToken authentication parameter is required but can be obtained by exploiting CVE-2017-14706. This affects DenyAll i-Suite LTS 5.5.0 through 5.5.12, i-Suite 5.6, Web Application Firewall 5.7, and Web Application Firewall 6.x before 6.4.1, with On Premises or AWS/Azure cloud deployments. | |||||
| CVE-2017-13713 | 1 Twsz | 2 Wifi Repeater, Wifi Repeater Firmware | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| T&W WIFI Repeater BE126 allows remote authenticated users to execute arbitrary code via shell metacharacters in the user parameter to cgi-bin/webupg. | |||||
| CVE-2017-16923 | 1 Tenda | 6 Ac15, Ac15 Firmware, Ac18 and 3 more | 2024-02-28 | 8.3 HIGH | 8.8 HIGH |
| Command Injection vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01, Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01, and Ac18 ac18_kf_V15.03.05.19(6318_)_cn devices allows remote unauthenticated attackers to execute arbitrary OS commands via a crafted cgi-bin/luci/usbeject?dev_name= GET request from the LAN. This occurs because the "sub_A6E8 usbeject_process_entry" function executes a system function with untrusted input. | |||||
| CVE-2017-2890 | 1 Meetcircle | 2 Circle With Disney, Circle With Disney Firmware | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request trigger this vulnerability. | |||||
| CVE-2016-7819 | 1 Iodata | 4 Ts-wrla, Ts-wrla Firmware, Ts-wrlp and 1 more | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
| I-O DATA DEVICE TS-WRLP firmware version 1.01.02 and earlier and TS-WRLA firmware version 1.01.02 and earlier allows an attacker with administrator rights to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2017-15103 | 2 Heketi Project, Redhat | 2 Heketi, Enterprise Linux | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| A security-check flaw was found in the way the Heketi 5 server API handled user requests. An authenticated Heketi user could send specially crafted requests to the Heketi server, resulting in remote command execution as the user running Heketi server and possibly privilege escalation. | |||||
| CVE-2017-2185 | 1 Kddi | 2 Home Spot Cube 2, Home Spot Cube 2 Firmware | 2024-02-28 | 5.2 MEDIUM | 8.8 HIGH |
| HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via WebUI. | |||||
| CVE-2017-16960 | 1 Tp-link | 93 Tl-er3210g, Tl-er3210g Firmware, Tl-er3220g and 90 more | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/interface command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/interface.lua in uhttpd. | |||||
| CVE-2017-14001 | 1 Digium | 1 Asterisk Gui | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| An Improper Neutralization of Special Elements used in an OS Command issue was discovered in Digium Asterisk GUI 2.1.0 and prior. An OS command injection vulnerability has been identified that may allow the execution of arbitrary code on the system through the inclusion of OS commands in the URL request of the program. | |||||
| CVE-2017-2848 | 1 Foscam | 2 C1 Indoor Hd Camera, C1 Indoor Hd Camera Firmware | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability. | |||||
| CVE-2017-2275 | 1 Sony | 2 Wg-c10, Wg-c10 Firmware | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
| WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2017-16641 | 1 Cacti | 1 Cacti | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
| lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php. | |||||
| CVE-2017-2866 | 1 Meetcircle | 2 Circle With Disney, Circle With Disney Firmware | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| An exploitable vulnerability exists in the /api/CONFIG/backup functionality of Circle with Disney. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2017-18025 | 1 Innotube | 1 Itguard Manager | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| cgi-bin/drknow.cgi in Innotube ITGuard-Manager 0.0.0.1 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the username field, as demonstrated by a username beginning with "admin|" to use the '|' metacharacter. | |||||