Filtered by CWE-78
Total 4064 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-39236 1 Asus 2 Rt-ac86u, Rt-ac86u Firmware 2024-11-21 8.8 High
ASUS RT-AC86U Traffic Analyzer - Statistic function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services.
CVE-2023-39224 1 Tp-link 3 Archer C5, Archer C7, Archer C7 Firmware 2024-11-21 8.0 High
Archer C5 firmware all versions and Archer C7 firmware versions prior to 'Archer C7(JP)_V2_230602' allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Note that Archer C5 is no longer supported, therefore the update for this product is not provided.
CVE-2023-39222 1 Furunosystems 28 Acera 1010, Acera 1010 Firmware, Acera 1020 and 25 more 2024-11-21 8.8 High
OS command injection vulnerability in FURUNO SYSTEMS wireless LAN access point devices allows an authenticated user to execute an arbitrary OS command that is not intended to be executed from the web interface by sending a specially crafted request. Affected products and versions are as follows: ACERA 1320 firmware ver.01.26 and earlier, ACERA 1310 firmware ver.01.26 and earlier, ACERA 1210 firmware ver.02.36 and earlier, ACERA 1150i firmware ver.01.35 and earlier, ACERA 1150w firmware ver.01.35 and earlier, ACERA 1110 firmware ver.01.76 and earlier, ACERA 1020 firmware ver.01.86 and earlier, ACERA 1010 firmware ver.01.86 and earlier, ACERA 950 firmware ver.01.60 and earlier, ACERA 850F firmware ver.01.60 and earlier, ACERA 900 firmware ver.02.54 and earlier, ACERA 850M firmware ver.02.06 and earlier, ACERA 810 firmware ver.03.74 and earlier, and ACERA 800ST firmware ver.07.35 and earlier. They are affected when running in ST(Standalone) mode.
CVE-2023-38886 1 Dolibarr 1 Dolibarr Erp\/crm 2024-11-21 7.2 High
An issue in Dolibarr ERP CRM v.17.0.1 and before allows a remote privileged attacker to execute arbitrary code via a crafted command/script.
CVE-2023-38692 1 Fit2cloud 1 Cloudexplorer Lite 2024-11-21 9.8 Critical
CloudExplorer Lite is an open source, lightweight cloud management platform. Versions prior to 1.3.1 contain a command injection vulnerability in the installation function in module management. The vulnerability has been fixed in v1.3.1. There are no known workarounds aside from upgrading.
CVE-2023-38673 1 Paddlepaddle 1 Paddlepaddle 2024-11-21 9.6 Critical
PaddlePaddle before 2.5.0 has a command injection in fs.py. This resulted in the ability to execute arbitrary commands on the operating system.
CVE-2023-38588 1 Tp-link 2 Archer C3150, Archer C3150 Firmware 2024-11-21 8 High
Archer C3150 firmware versions prior to 'Archer C3150(JP)_V2_230511' allows a network-adjacent authenticated attacker to execute arbitrary OS commands.
CVE-2023-38568 1 Tp-link 2 Archer A10, Archer A10 Firmware 2024-11-21 8.8 High
Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504' allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands.
CVE-2023-38563 1 Tp-link 5 Archer C1200, Archer C1200 Firmware, Archer C9 and 2 more 2024-11-21 8.8 High
Archer C1200 firmware versions prior to 'Archer C1200(JP)_V2_230508' and Archer C9 firmware versions prior to 'Archer C9(JP)_V3_230508' allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands.
CVE-2023-38378 1 Rigol 2 Mso5000, Mso5000 Firmware 2024-11-21 9.8 Critical
The web interface on the RIGOL MSO5000 digital oscilloscope with firmware 00.01.03.00.03 allows remote attackers to execute arbitrary code via shell metacharacters in pass1 to the webcontrol changepwd.cgi application.
CVE-2023-38323 1 Opennds 1 Opennds 2024-11-21 9.8 Critical
An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the status path script entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands.
CVE-2023-38319 1 Opennds 1 Opennds 2024-11-21 9.8 Critical
An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the FAS key entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands.
CVE-2023-38318 1 Opennds 1 Opennds 2024-11-21 9.8 Critical
An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the gateway FQDN entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands.
CVE-2023-38317 1 Opennds 1 Opennds 2024-11-21 9.8 Critical
An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the network interface name entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands.
CVE-2023-38208 1 Adobe 1 Commerce 2024-11-21 9.1 Critical
Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction.
CVE-2023-38120 2024-11-21 N/A
Adtran SR400ac ping Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adtran SR400ac routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the ping command, which is available over JSON-RPC. A crafted host parameter can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-20525.
CVE-2023-38056 1 Otrs 1 Otrs 2024-11-21 7.2 High
Improper Neutralization of commands allowed to be executed via OTRS System Configuration e.g. SchedulerCronTaskModule using UnitTests modules allows any authenticated attacker with admin privileges local execution of Code.This issue affects OTRS: from 7.0.X before 7.0.45, from 8.0.X before 8.0.35; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.
CVE-2023-38033 1 Asus 2 Rt-ac86u, Rt-ac86u Firmware 2024-11-21 8.8 High
ASUS RT-AC86U unused Traffic Analyzer legacy Statistic function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services.
CVE-2023-38032 1 Asus 2 Rt-ac86u, Rt-ac86u Firmware 2024-11-21 8.8 High
ASUS RT-AC86U AiProtection security- related function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services.
CVE-2023-38031 1 Asus 2 Rt-ac86u, Rt-ac86u Firmware 2024-11-21 8.8 High
ASUS RT-AC86U Adaptive QoS - Web History function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services.