Total
2086 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-4086 | 1 Cisco | 1 Unified Computing System | 2024-08-06 | N/A |
| A setup script for fabric interconnect devices in Cisco Unified Computing System (UCS) allows remote attackers to execute arbitrary commands via invalid parameters, aka Bug ID CSCtg20790. | ||||
| CVE-2013-7416 | 1 Canto | 1 Canto Curses | 2024-08-06 | N/A |
| canto_curses/guibase.py in Canto Curses before 0.9.0 allows remote feed servers to execute arbitrary commands via shell metacharacters in a URL in a feed. | ||||
| CVE-2013-7377 | 1 Codem-transcode Project | 1 Codem-transcode | 2024-08-06 | N/A |
| The codem-transcode module before 0.5.0 for Node.js, when ffprobe is enabled, allows remote attackers to execute arbitrary commands via a POST request to /probe. | ||||
| CVE-2013-7471 | 1 Dlink | 10 Dir-300, Dir-300 Firmware, Dir-600 and 7 more | 2024-08-06 | 9.8 Critical |
| An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request. | ||||
| CVE-2013-6924 | 1 Seagate | 2 Blackarmor Nas 220, Blackarmor Nas 220 Firmware | 2024-08-06 | N/A |
| Seagate BlackArmor NAS devices with firmware sg2000-2000.1331 allow remote attackers to execute arbitrary commands via shell metacharacters in the ip parameter to backupmgt/getAlias.php. | ||||
| CVE-2024-7443 | 1 Vivotek | 2 Ib8367a, Ib8367a Firmware | 2024-08-06 | 6.3 Medium |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in Vivotek IB8367A VVTK-0100b. Affected is the function getenv of the file upload_file.cgi. The manipulation of the argument QUERY_STRING leads to command injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-273528. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the affected release tree is end-of-life. | ||||
| CVE-2024-7442 | 1 Vivotek | 2 Sd9364, Sd9364 Firmware | 2024-08-06 | 6.3 Medium |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Vivotek SD9364 VVTK-0103f. It has been rated as critical. This issue affects the function getenv of the file upload_file.cgi. The manipulation of the argument QUERY_STRING leads to command injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-273527. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the affected release tree is end-of-life. | ||||
| CVE-2013-4663 | 1 Redmine | 1 Redmine Git Hosting Plugin | 2024-08-06 | N/A |
| git_http_controller.rb in the redmine_git_hosting plugin for Redmine allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the service parameter to info/refs, related to the get_info_refs function or (2) the reqfile argument to the file_exists function. | ||||
| CVE-2024-7397 | 1 Korenix | 1 Jetport5601v3 | 2024-08-06 | N/A |
| Improper filering of special characters result in a command ('command injection') vulnerability in Korenix JetPort 5601v3.This issue affects JetPort 5601v3: through 1.2. | ||||
| CVE-2013-2810 | 1 Emerson | 6 Dl 8000 Remote Terminal Unit, Dl 8000 Remote Terminal Unit Firmware, Roc 800 Remote Terminal Unit and 3 more | 2024-08-06 | N/A |
| Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to execute arbitrary commands via a TCP replay attack. | ||||
| CVE-2013-2513 | 1 Milboj | 1 Flash Tool | 2024-08-06 | 9.8 Critical |
| The flash_tool gem through 0.6.0 for Ruby allows command execution via shell metacharacters in the name of a downloaded file. | ||||
| CVE-2013-2516 | 1 Fileutils Project | 1 Fileutils | 2024-08-06 | N/A |
| Vulnerability in FileUtils v0.7, Ruby Gem Fileutils <= v0.7 Command Injection vulnerability in user supplied url variable that is passed to the shell. | ||||
| CVE-2024-28545 | 2024-08-06 | 9.8 Critical | ||
| Tenda AC18 V15.03.05.05 contains a command injection vulnerablility in the deviceName parameter of formsetUsbUnload function. | ||||
| CVE-2024-7215 | 1 Totolink | 2 Lr1200, Lr1200 Firmware | 2024-08-06 | 6.3 Medium |
| A vulnerability was found in TOTOLINK LR1200 9.3.1cu.2832 and classified as critical. Affected by this issue is the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument host_time leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-272786 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-7214 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2024-08-06 | 6.3 Medium |
| A vulnerability has been found in TOTOLINK LR350 9.3.5u.6369_B20220309 and classified as critical. Affected by this vulnerability is the function setWanCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272785 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2014-9682 | 1 Dns-sync Project | 1 Dns-sync | 2024-08-06 | N/A |
| The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function. | ||||
| CVE-2014-9622 | 1 Gentoo | 1 Xdg-utils | 2024-08-06 | N/A |
| Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open. | ||||
| CVE-2014-9277 | 1 Mediawiki | 1 Mediawiki | 2024-08-06 | N/A |
| The wfMangleFlashPolicy function in OutputHandler.php in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7 allows remote attackers to conduct PHP object injection attacks via a crafted string containing <cross-domain-policy> in a PHP format request, which causes the string length to change when converting the request to <NOT-cross-domain-policy>. | ||||
| CVE-2014-9144 | 1 Technicolor | 1 Td5130 Router Firmware | 2024-08-06 | N/A |
| Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to execute arbitrary commands via shell metacharacters in the ping field (setobject_ip parameter). | ||||
| CVE-2014-9114 | 3 Fedoraproject, Kernel, Opensuse | 3 Fedora, Util-linux, Opensuse | 2024-08-06 | N/A |
| Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code. | ||||