Total
3851 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-30261 | 1 Openwb | 1 Openwb | 2024-11-21 | N/A | 9.8 CRITICAL |
| Command Injection vulnerability in OpenWB 1.6 and 1.7 allows remote attackers to run arbitrary commands via crafted GET request. | |||||
| CVE-2023-30258 | 1 Magnussolution | 1 Magnusbilling | 2024-11-21 | N/A | 9.8 CRITICAL |
| Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated HTTP request. | |||||
| CVE-2023-30253 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | N/A | 8.8 HIGH |
| Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: <?PHP instead of <?php in injected data. | |||||
| CVE-2023-30054 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| TOTOLINK A7100RU V7.4cu.2313_B20191024 has a Command Injection vulnerability. An attacker can obtain a stable root shell through a specially constructed payload. | |||||
| CVE-2023-30053 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| TOTOLINK A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection. | |||||
| CVE-2023-30013 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the "command" parameter. | |||||
| CVE-2023-2625 | 1 Abb | 2 Txpert Hub Coretec 4, Txpert Hub Coretec 4 Firmware | 2024-11-21 | N/A | 9.0 CRITICAL |
| A vulnerability exists that can be exploited by an authenticated client that is connected to the same network segment as the CoreTec 4, having any level of access VIEWER to ADMIN. To exploit the vulnerability the attacker can inject shell commands through a particular field of the web user interface that will be executed by the system. | |||||
| CVE-2023-2564 | 1 Scanservjs Project | 1 Scanservjs | 2024-11-21 | N/A | 10.0 CRITICAL |
| OS Command Injection in GitHub repository sbs20/scanservjs prior to v2.27.0. | |||||
| CVE-2023-2522 | 1 Feiyuxing | 2 Vec40g, Vec40g Firmware | 2024-11-21 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability was found in Chengdu VEC40G 3.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /send_order.cgi?parameter=access_detect of the component Network Detection. The manipulation of the argument COUNT with the input 3 | netstat -an leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228013 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-2479 | 1 Appium | 1 Appium-desktop | 2024-11-21 | N/A | 9.8 CRITICAL |
| OS Command Injection in GitHub repository appium/appium-desktop prior to v1.22.3-4. | |||||
| CVE-2023-2131 | 1 Inea | 2 Me Rtu, Me Rtu Firmware | 2024-11-21 | N/A | 10.0 CRITICAL |
| Versions of INEA ME RTU firmware prior to 3.36 are vulnerable to OS command injection, which could allow an attacker to remotely execute arbitrary code. | |||||
| CVE-2023-2091 | 1 Kylinos | 1 Youker-assistant | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability classified as critical was found in KylinSoft youker-assistant on KylinOS. Affected by this vulnerability is the function adjust_cpufreq_scaling_governer. The manipulation leads to os command injection. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.4.13 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-226099. | |||||
| CVE-2023-29805 | 1 Iodata | 4 Wfs-sr03k, Wfs-sr03k Firmware, Wfs-sr03w and 1 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| WFS-SR03 v1.0.3 was discovered to contain a command injection vulnerability via the pro_stor_canceltrans_handler_part_19 function. | |||||
| CVE-2023-29804 | 1 Iodata | 4 Wfs-sr03k, Wfs-sr03k Firmware, Wfs-sr03w and 1 more | 2024-11-21 | N/A | 8.8 HIGH |
| WFS-SR03 v1.0.3 was discovered to contain a command injection vulnerability via the sys_smb_pwdmod function. | |||||
| CVE-2023-29778 | 1 Gl-inet | 2 Gl-mt3000, Gl-mt3000 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| GL.iNET MT3000 4.1.0 Release 2 is vulnerable to OS Command Injection via /usr/lib/oui-httpd/rpc/logread. | |||||
| CVE-2023-29412 | 2 Microsoft, Schneider-electric | 7 Windows 10, Windows 11, Windows Server 2016 and 4 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote code execution when manipulating internal methods through Java RMI interface. | |||||
| CVE-2023-29169 | 1 Myscada | 1 Mypro | 2024-11-21 | N/A | 8.8 HIGH |
| mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. | |||||
| CVE-2023-29150 | 1 Myscada | 1 Mypro | 2024-11-21 | N/A | 8.8 HIGH |
| mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. | |||||
| CVE-2023-29048 | 1 Open-xchange | 1 Ox App Suite | 2024-11-21 | N/A | 8.8 HIGH |
| A component for parsing OXMF templates could be abused to execute arbitrary system commands that would be executed as the non-privileged runtime user. Users and attackers could run system commands with limited privilege to gain unauthorized access to confidential information and potentially violate integrity by modifying resources. The template engine has been reconfigured to deny execution of harmful commands on a system level. No publicly available exploits are known. | |||||
| CVE-2023-28983 | 1 Juniper | 1 Junos Os Evolved | 2024-11-21 | N/A | 8.8 HIGH |
| An OS Command Injection vulnerability in gRPC Network Operations Interface (gNOI) server module of Juniper Networks Junos OS Evolved allows an authenticated, low privileged, network based attacker to inject shell commands and execute code. This issue affects Juniper Networks Junos OS Evolved 21.4 version 21.4R1-EVO and later versions prior to 22.1R1-EVO. | |||||