Filtered by CWE-78
Total 4024 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-42744 1 Totolink 2 X5000r, X5000r Firmware 2024-08-15 8.8 High
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setModifyVpnUser. Authenticated Attackers can send malicious packet to execute arbitrary commands.
CVE-2017-3506 1 Oracle 1 Weblogic Server 2024-08-14 7.4 High
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data as well as unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
CVE-2021-36380 1 Sunhillo 1 Sureline 2024-08-14 9.8 Critical
Sunhillo SureLine before 8.7.0.1.1 allows Unauthenticated OS Command Injection via shell metacharacters in ipAddr or dnsAddr /cgi/networkDiag.cgi.
CVE-2023-43208 1 Nextgen 1 Mirth Connect 2024-08-14 9.8 Critical
NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that this vulnerability is caused by the incomplete patch of CVE-2023-37679.
CVE-2024-23789 2024-08-14 9.8 Critical
Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary OS command on the affected product.
CVE-2023-50094 1 Yogeshojha 1 Rengine 2024-08-14 8.8 High
reNgine before 2.1.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an api/tools/waf_detector/?url= string. The commands are executed as root via subprocess.check_output.
CVE-2024-42738 1 Totolink 2 X5000r, X5000r Firmware 2024-08-14 8.8 High
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setDmzCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.
CVE-2024-42739 1 Totolink 2 X5000r, X5000r Firmware 2024-08-14 8.8 High
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setAccessDeviceCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.
CVE-2020-9377 1 Dlink 2 Dir-610, Dir-610 Firmware 2024-08-14 8.8 High
D-Link DIR-610 devices allow Remote Command Execution via the cmd parameter to command.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVE-2024-7728 1 Cayintech 3 Cms-se, Cms-se\(18.04\), Cms-se\(22.04\) 2024-08-14 7.2 High
The specific CGI of the CAYIN Technology CMS does not properly validate user input, allowing a remote attacker with administrator privileges to inject OS commands into the specific parameter and execute them on the remote server.
CVE-2024-39091 1 Annke 2 Crater 2, Crater 2 Firmware 2024-08-13 8.8 High
An OS command injection vulnerability in the ccm_debug component of MIPC Camera firmware prior to v5.4.1.240424171021 allows attackers within the same network to execute arbitrary code via a crafted HTML request.
CVE-2024-40641 2024-08-13 7.4 High
Nuclei is a fast and customizable vulnerability scanner based on simple YAML based DSL. In affected versions it a way to execute code template without -code option and signature has been discovered. Some web applications inherit from Nuclei and allow users to edit and execute workflow files. In this case, users can execute arbitrary commands. (Although, as far as I know, most web applications use -t to execute). This issue has been addressed in version 3.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2024-42742 1 Totolink 2 X5000r, X5000r Firmware 2024-08-13 8.8 High
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUrlFilterRules. Authenticated Attackers can send malicious packet to execute arbitrary commands.
CVE-2024-42743 1 Totolink 2 X5000r, X5000r Firmware 2024-08-13 8.8 High
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setSyslogCfg . Authenticated Attackers can send malicious packet to execute arbitrary commands.
CVE-2019-7256 1 Nortekcontrol 4 Linear Emerge Elite, Linear Emerge Elite Firmware, Linear Emerge Essential and 1 more 2024-08-13 9.8 Critical
Linear eMerge E3-Series devices allow Command Injections.
CVE-2024-42737 1 Totolink 2 X5000r, X5000r Firmware 2024-08-13 9.8 Critical
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in delBlacklist. Authenticated Attackers can send malicious packet to execute arbitrary commands.
CVE-2024-6917 1 Veribase 2 Order Management, Veribase Order Management 2024-08-13 9.8 Critical
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Veribilim Software Veribase Order Management allows OS Command Injection.This issue affects Veribase Order Management: before v4.010.2.
CVE-2024-42747 1 Totolink 2 X5000r, X5000r Firmware 2024-08-13 7.3 High
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWanIeCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.
CVE-2024-42741 1 Totolink 2 X5000r, X5000r Firmware 2024-08-13 7.8 High
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setL2tpServerCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.
CVE-2024-42740 1 Totolink 1 X5000r Firmware 2024-08-13 6.8 Medium
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setLedCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands.