Total
3877 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-28812 | 1 Qnap | 4 Qts, Quts Hero, Qutscloud and 1 more | 2024-09-16 | 8.8 High |
| A command injection vulnerability has been reported to affect certain versions of Video Station. If exploited, this vulnerability allows remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Video Station versions prior to 5.5.4 on QTS 4.5.2; versions prior to 5.5.4 on QuTS hero h4.5.2; versions prior to 5.5.4 on QuTScloud c4.5.4. This issue does not affect: QNAP Systems Inc. Video Station on QTS 4.3.6; on QTS 4.3.3. | ||||
| CVE-2020-7735 | 1 Ng-packagr Project | 1 Ng-packagr | 2024-09-16 | 6.6 Medium |
| The package ng-packagr before 10.1.1 are vulnerable to Command Injection via the styleIncludePaths option. | ||||
| CVE-2017-2848 | 1 Foscam | 2 C1 Indoor Hd Camera, C1 Indoor Hd Camera Firmware | 2024-09-16 | 8.8 High |
| In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability. | ||||
| CVE-2017-2873 | 1 Foscam | 2 C1, C1 Firmware | 2024-09-16 | 7.2 High |
| An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during the SoftAP configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability. | ||||
| CVE-2019-12651 | 1 Cisco | 5 Cloud Services Router 1000v, Cloud Services Router 1000v Firmware, Integrated Services Virtual Router and 2 more | 2024-09-16 | 8.8 High |
| Multiple vulnerabilities in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands with elevated privileges on the affected device. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2018-1238 | 1 Dell | 1 Emc Scaleio | 2024-09-16 | N/A |
| Dell EMC ScaleIO versions prior to 2.5, contain a command injection vulnerability in the Light Installation Agent (LIA). This component is used for central management of ScaleIO deployment and uses shell commands for certain actions. A remote malicious user, with network access to LIA and knowledge of the LIA administrative password, could potentially exploit this vulnerability to run arbitrary commands as root on the systems where LIAs are installed. | ||||
| CVE-2022-33955 | 1 Ibm | 1 Cics Tx | 2024-09-16 | 6.8 Medium |
| IBM CICS TX 11.1 could allow allow an attacker with physical access to the system to execute code due using a back and refresh attack. IBM X-Force ID: 229312. | ||||
| CVE-2020-7781 | 1 Connection-tester Project | 1 Connection-tester | 2024-09-16 | 9.8 Critical |
| This affects the package connection-tester before 0.2.1. The injection point is located in line 15 in index.js. The following PoC demonstrates the vulnerability: | ||||
| CVE-2010-0934 | 1 Perforce | 1 Perforce Server | 2024-09-16 | N/A |
| The triggers functionality in Perforce Server 2008.1 allows remote authenticated users with super privileges to execute arbitrary operating-system commands by using a "p4 client" command in conjunction with the form-in trigger script. | ||||
| CVE-2017-1000219 | 1 Windows-cpu Project | 1 Windows-cpu | 2024-09-16 | N/A |
| npm/KyleRoss windows-cpu all versions vulnerable to command injection resulting in code execution as Node.js user | ||||
| CVE-2021-21550 | 1 Dell | 1 Emc Powerscale Onefs | 2024-09-16 | 6 Medium |
| Dell EMC PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. This vulnerability can allow an authenticated user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privileges to escalate privileges. | ||||
| CVE-2020-3275 | 1 Cisco | 12 Rv016, Rv016 Firmware, Rv042 and 9 more | 2024-09-16 | 7.2 High |
| Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input to scripts. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending malicious requests to an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system. | ||||
| CVE-2017-14118 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2024-09-16 | N/A |
| In the EyesOfNetwork web interface (aka eonweb) 5.1-0, module\tool_all\tools\interface.php does not properly restrict exec calls, which allows remote attackers to execute arbitrary commands via shell metacharacters in the host_list parameter to module/tool_all/select_tool.php. | ||||
| CVE-2020-28439 | 1 Corenlp-js-prefab Project | 1 Corenlp-js-prefab | 2024-09-16 | 9.8 Critical |
| This affects all versions of package corenlp-js-prefab. The injection point is located in line 10 in 'index.js.' It depends on a vulnerable package 'corenlp-js-interface.' Vulnerability can be exploited with the following PoC: | ||||
| CVE-2018-0477 | 1 Cisco | 1 Ios Xe | 2024-09-16 | 6.7 Medium |
| A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affected software improperly sanitizes command arguments, failing to prevent access to certain internal data structures on an affected device. An attacker who has privileged EXEC mode (privilege level 15) access to an affected device could exploit these vulnerabilities on the device by executing CLI commands that contain custom arguments. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected device. | ||||
| CVE-2019-12699 | 1 Cisco | 7 Firepower 1000, Firepower 2100, Firepower 4100 and 4 more | 2024-09-16 | 7.8 High |
| Multiple vulnerabilities in the CLI of Cisco FXOS Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute commands on the underlying operating system (OS) with root privileges. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by including crafted arguments to specific CLI commands. A successful exploit could allow the attacker to execute commands on the underlying OS with root privileges. | ||||
| CVE-2022-33325 | 1 Robustel | 2 R1510, R1510 Firmware | 2024-09-16 | 9.8 Critical |
| Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/ajax/clear_tools_log/` API is affected by command injection vulnerability. | ||||
| CVE-2021-1147 | 1 Cisco | 9 Application Extension Platform, Rv110w, Rv110w Firmware and 6 more | 2024-09-16 | 7.2 High |
| Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. Cisco has not released software updates that address these vulnerabilities. | ||||
| CVE-2022-33189 | 1 Goabode | 2 Iota All-in-one Security Kit, Iota All-in-one Security Kit Firmware | 2024-09-16 | 9.8 Critical |
| An OS command injection vulnerability exists in the XCMD setAlexa functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send a malicious XML payload to trigger this vulnerability. | ||||
| CVE-2019-1699 | 1 Cisco | 1 Firepower Management Center | 2024-09-16 | N/A |
| A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting commands into arguments for a specific command. A successful exploit could allow the attacker to execute commands with root privileges. | ||||