Total
3876 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-1560 | 1 Cisco | 1 Dna Spaces\ | 2024-09-17 | 6.5 Medium |
| Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an authenticated, remote attacker to perform a command injection attack on an affected device. These vulnerabilities are due to insufficient input sanitization when executing affected commands. A high-privileged attacker could exploit these vulnerabilities on a Cisco DNA Spaces Connector by injecting crafted input during command execution. A successful exploit could allow the attacker to execute arbitrary commands as root within the Connector docker container. | ||||
| CVE-2020-7357 | 1 Cayintech | 11 Cms, Cms-20, Cms-20 Firmware and 8 more | 2024-09-17 | 9.6 Critical |
| Cayin CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the 'NTP_Server_IP' HTTP POST parameter in system.cgi page. This issue affects several branches and versions of the CMS application, including CME-SE, CMS-60, CMS-40, CMS-20, and CMS version 8.2, 8.0, and 7.5. | ||||
| CVE-2021-21569 | 1 Dell | 1 Emc Networker | 2024-09-17 | 6.8 Medium |
| Dell NetWorker, versions 18.x and 19.x contain a Path traversal vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and gain access to unauthorized information. | ||||
| CVE-2021-1538 | 1 Cisco | 1 Common Services Platform Collector | 2024-09-17 | 4.7 Medium |
| A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to execute arbitrary code. This vulnerability is due to insufficient sanitization of configuration entries. An attacker could exploit this vulnerability by logging in as a super admin and entering crafted input to configuration options on the CSPC configuration dashboard. A successful exploit could allow the attacker to execute remote code as root. | ||||
| CVE-2021-33554 | 1 Geutebrueck | 32 G-cam Ebc-2110, G-cam Ebc-2110 Firmware, G-cam Ebc-2111 and 29 more | 2024-09-17 | 7.2 High |
| Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. | ||||
| CVE-2020-2007 | 1 Paloaltonetworks | 1 Pan-os | 2024-09-17 | 7.2 High |
| An OS command injection vulnerability in the management server component of PAN-OS allows an authenticated user to potentially execute arbitrary commands with root privileges. This issue affects: All PAN-OS 7.1 versions; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7. | ||||
| CVE-2022-26670 | 1 Dlink | 2 Dir-878, Dir-878 Firmware | 2024-09-17 | 8.8 High |
| D-Link DIR-878 has inadequate filtering for special characters in the webpage input field. An unauthenticated LAN attacker can perform command injection attack to execute arbitrary system commands to control the system or disrupt service. | ||||
| CVE-2018-11077 | 2 Dell, Vmware | 3 Emc Avamar, Emc Integrated Data Protection Appliance, Vsphere Data Protection | 2024-09-17 | N/A |
| 'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege. | ||||
| CVE-2019-8312 | 1 Dlink | 2 Dir-878, Dir-878 Firmware | 2024-09-17 | 8.8 High |
| An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the twsystem function with untrusted input from the request body for the SetSysLogSettings API function, as demonstrated by shell metacharacters in the IPAddress field. | ||||
| CVE-2019-8315 | 1 Dlink | 2 Dir-878, Dir-878 Firmware | 2024-09-17 | 8.8 High |
| An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the twsystem function with untrusted input from the request body for the SetIPv4FirewallSettings API function, as demonstrated by shell metacharacters in the SrcIPv4AddressRangeStart field. | ||||
| CVE-2020-7784 | 1 Ts-process-promises Project | 1 Ts-process-promises | 2024-09-17 | 9.8 Critical |
| This affects all versions of package ts-process-promises. The injection point is located in line 45 in main entry of package in lib/process-promises.js. The vulnerability is demonstrated with the following PoC: | ||||
| CVE-2021-1138 | 1 Cisco | 1 Smart Software Manager Satellite | 2024-09-17 | 9.8 Critical |
| Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2021-23399 | 1 Wincred Project | 1 Wincred | 2024-09-17 | 7.3 High |
| This affects all versions of package wincred. If attacker-controlled user input is given to the getCredential function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. | ||||
| CVE-2013-4983 | 1 Sophos | 2 Web Appliance, Web Appliance Firmware | 2024-09-17 | N/A |
| The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to end-user/index.php. | ||||
| CVE-2022-26075 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2024-09-17 | 8.8 High |
| An OS command injection vulnerability exists in the console infactory_wlan functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. | ||||
| CVE-2020-3176 | 1 Cisco | 6 Remote Phy 120, Remote Phy 120 Firmware, Remote Phy 220 and 3 more | 2024-09-17 | 6.7 Medium |
| A vulnerability in Cisco Remote PHY Device Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exists because the affected software does not properly sanitize user-supplied input. An attacker who has valid administrator access to an affected device could exploit this vulnerability by supplying certain CLI commands with crafted arguments. A successful exploit could allow the attacker to run arbitrary commands as the root user, which could result in a complete system compromise. | ||||
| CVE-2019-1776 | 1 Cisco | 134 7000 10-slot, 7000 18-slot, 7000 4-slot and 131 more | 2024-09-17 | 6.7 Medium |
| A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. | ||||
| CVE-2020-3377 | 1 Cisco | 1 Data Center Network Manager | 2024-09-17 | 6.3 Medium |
| A vulnerability in the Device Manager application of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to inject arbitrary commands on the affected device. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted arguments to a specific field within the application. A successful exploit could allow the attacker to run commands as the administrator on the DCNM. | ||||
| CVE-2014-9727 | 1 Avm | 1 Fritz\!box | 2024-09-17 | N/A |
| AVM Fritz!Box allows remote attackers to execute arbitrary commands via shell metacharacters in the var:lang parameter to cgi-bin/webcm. | ||||
| CVE-2018-17208 | 1 Linksys | 2 Velop, Velop Firmware | 2024-09-17 | N/A |
| Linksys Velop 1.1.2.187020 devices allow unauthenticated command injection, providing an attacker with full root access, via cgi-bin/zbtest.cgi or cgi-bin/zbtest2.cgi (scripts that can be discovered with binwalk on the firmware, but are not visible in the web interface). This occurs because shell metacharacters in the query string are mishandled by ShellExecute, as demonstrated by the zbtest.cgi?cmd=level&level= substring. This can also be exploited via CSRF. | ||||