Total
3060 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-10849 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
cPanel before 11.54.0.4 allows certain file-chmod operations in scripts/secureit (SEC-82).
|
|||||
| CVE-2016-10843 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
|
cPanel before 11.54.0.4 allows code execution in the context of shared users via JSON-API (SEC-76).
|
|||||
| CVE-2016-10762 | 1 Automattic | 1 Camptix Event Ticketing | 2024-11-21 | 5.1 MEDIUM | 7.5 HIGH |
|
The CampTix Event Ticketing plugin before 1.5 for WordPress allows CSV injection when the export tool is used.
|
|||||
| CVE-2016-10760 | 1 Seowonintech | 8 Swr-300a, Swr-300a Firmware, Swr-300b and 5 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
On Seowon Intech routers, there is a Command Injection vulnerability in diagnostic.cgi via shell metacharacters in the ping_ipaddr parameter.
|
|||||
| CVE-2016-10729 | 3 Debian, Redhat, Zmanda | 3 Debian Linux, Enterprise Linux, Amanda | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. The "runtar" setuid root binary does not check for additional arguments supplied after --create, allowing users to manipulate commands and perform command injection as root.
|
|||||
| CVE-2016-1000282 | 1 Haraka Project | 1 Haraka | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Haraka version 2.8.8 and earlier comes with a plugin for processing attachments for zip files. Versions 2.8.8 and earlier can be vulnerable to command injection.
|
|||||
| CVE-2016-0324 | 1 Ibm | 1 Security Identity Manager Virtual Appliance | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote authenticated users to execute arbitrary code with administrator privileges via unspecified vectors. IBM X-Force ID: 111640.
|
|||||
| CVE-2015-1877 | 2 Debian, Freedesktop | 2 Debian Linux, Xdg-utils | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
The open_generic_xdg_mime function in xdg-open in xdg-utils 1.1.0 rc1 in Debian, when using dash, does not properly handle local variables, which allows remote attackers to execute arbitrary commands via a crafted file.
|
|||||
| CVE-2015-10096 | 1 Irc Twitter Announcer Bot Project | 1 Irc Twitter Announcer Bot | 2024-11-21 | 4.6 MEDIUM | 5.0 MEDIUM |
|
A vulnerability, which was classified as critical, was found in Zarthus IRC Twitter Announcer Bot up to 1.1.0. This affects the function get_tweets of the file lib/twitterbot/plugins/twitter_announcer.rb. The manipulation of the argument tweet leads to command injection. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 1.1.1 is able to address this issue. The patch is named 6b1941b7fc2c70e ...
Show More |
|||||
| CVE-2014-8888 | 1 Dlink | 2 Dir-815, Dir-815 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
The remote administration interface in D-Link DIR-815 devices with firmware before 2.03.B02 allows remote attackers to execute arbitrary commands via vectors related to an "HTTP command injection issue."
|
|||||
| CVE-2014-6633 | 1 Tryton | 1 Tryton | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
The safe_eval function in trytond in Tryton before 2.4.15, 2.6.x before 2.6.14, 2.8.x before 2.8.11, 3.0.x before 3.0.7, and 3.2.x before 3.2.3 allows remote authenticated users to execute arbitrary commands via shell metacharacters in (1) the collection.domain in the webdav module or (2) the formula field in the price_list module.
|
|||||
| CVE-2014-6120 | 1 Ibm | 2 Rational Appscan Source, Security Appscan Source | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through 8.5.0.1 and Security AppScan Source 8.6 through 8.6.0.2, 8.7 through 8.7.0.1, 8.8, 9.0 through 9.0.0.1, and 9.0.1 allow remote attackers to execute arbitrary commands on the installation server via unspecified vectors. IBM X-Force ID: 96721.
|
|||||
| CVE-2014-5470 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
|
Actual Analyzer through 2014-08-29 allows code execution via shell metacharacters because untrusted input is used for part of the input data passed to an eval operation.
|
|||||
| CVE-2014-5220 | 2 Mdadm Project, Opensuse | 2 Mdadm, Opensuse | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
The mdcheck script of the mdadm package for openSUSE 13.2 prior to version 3.3.1-5.14.1 does not properly sanitize device names, which allows local attackers to execute arbitrary commands as root.
|
|||||
| CVE-2014-5014 | 1 Tinywebgallery | 1 Wordpress Flash Uploader | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The WordPress Flash Uploader plugin before 3.1.3 for WordPress allows remote attackers to execute arbitrary commands via vectors related to invalid characters in image_magic_path.
|
|||||
| CVE-2014-4982 | 1 Xorux | 1 Lpar2rrd | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
LPAR2RRD ≤ 4.53 and ≤ 3.5 has arbitrary command injection on the application server.
|
|||||
| CVE-2014-3114 | 1 Ezpz-one-click-backup Project | 1 Ezpz-one-click-backup | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The EZPZ One Click Backup (ezpz-one-click-backup) plugin 12.03.10 and earlier for WordPress allows remote attackers to execute arbitrary commands via the cmd parameter to functions/ezpz-archive-cmd.php.
|
|||||
| CVE-2014-1834 | 1 Echor Project | 1 Echor | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to inject arbitrary code by adding a semi-colon in their username or password.
|
|||||
| CVE-2014-10075 | 1 Karo Project | 1 Karo | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The karo gem 2.3.8 for Ruby allows Remote command injection via the host field.
|
|||||
| CVE-2013-7471 | 1 Dlink | 10 Dir-300, Dir-300 Firmware, Dir-600 and 7 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request.
|
|||||
| CVE-2013-2516 | 1 Fileutils Project | 1 Fileutils | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
|
Vulnerability in FileUtils v0.7, Ruby Gem Fileutils <= v0.7 Command Injection vulnerability in user supplied url variable that is passed to the shell.
|
|||||
| CVE-2013-2513 | 1 Milboj | 1 Flash Tool | 2024-11-21 | N/A | 9.8 CRITICAL |
|
The flash_tool gem through 0.6.0 for Ruby allows command execution via shell metacharacters in the name of a downloaded file.
|
|||||
| CVE-2011-4182 | 1 Opensuse | 1 Sysconfig | 2024-11-21 | 6.8 MEDIUM | 7.3 HIGH |
|
Missing escaping of ESSID values in sysconfig of SUSE Linux Enterprise allows attackers controlling an access point to cause execute arbitrary code. Affected releases are sysconfig prior to 0.83.7-2.1.
|
|||||
| CVE-2009-5157 | 1 Linksys | 2 Wag54g2, Wag54g2 Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
On Linksys WAG54G2 1.00.10 devices, there is authenticated command injection via shell metacharacters in the setup.cgi c4_ping_ipaddr variable.
|
|||||
| CVE-2009-5156 | 1 Veracomp | 2 Asmax Ar-804gu, Asmax Ar-804gu Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
An issue was discovered on ASMAX AR-804gu 66.34.1 devices. There is Command Injection via the cgi-bin/script query string.
|
|||||
| CVE-2024-52308 | 1 Github | 1 Cli | 2024-11-20 | N/A | 9.6 CRITICAL |
|
The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using `gh codespace ssh` or `gh codespace logs` commands. This has been patched in the cli v2.62.0.
Developers connect to remote codespaces through an SSH server running within the devcontainer, which is generally provided through the [default devcontainer image]( https://docs.github.com/en/codespaces/setting-up-your-project-for-codespaces/adding-a-dev-container-... htt ...
Show More |
|||||
| CVE-2022-1884 | 2 Gogs, Microsoft | 2 Gogs, Windows | 2024-11-19 | N/A | 9.8 CRITICAL |
|
A remote command execution vulnerability exists in gogs/gogs versions <=0.12.7 when deployed on a Windows server. The vulnerability arises due to improper validation of the `tree_path` parameter during file uploads. An attacker can set `tree_path=.git.` to upload a file into the .git directory, allowing them to write or rewrite the `.git/config` file. If the `core.sshCommand` is set, this can lead to remote command execution.
|
|||||
| CVE-2024-49026 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2024-11-16 | N/A | 7.8 HIGH |
|
Microsoft Excel Remote Code Execution Vulnerability
|
|||||
| CVE-2021-27702 | 2024-11-15 | N/A | 7.3 HIGH | ||
|
Sercomm Router Etisalat Model S3- AC2100 is affected by Incorrect Access Control via the diagnostic utility in the router dashboard.
|
|||||
| CVE-2024-49557 | 1 Dell | 1 Smartfabric Os10 | 2024-11-15 | N/A | 7.8 HIGH |
|
Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
|
|||||
| CVE-2024-49560 | 1 Dell | 1 Smartfabric Os10 | 2024-11-15 | N/A | 7.8 HIGH |
|
Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) a command injection vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.
|
|||||
| CVE-2024-11046 | 1 Dlink | 2 Di-8003, Di-8003 Firmware | 2024-11-13 | 6.5 MEDIUM | 9.8 CRITICAL |
|
A vulnerability was found in D-Link DI-8003 16.07.16A1. It has been classified as critical. Affected is the function upgrade_filter_asp of the file /upgrade_filter.asp. The manipulation of the argument path leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-10429 | 1 Wavlink | 6 Wn530h4, Wn530h4 Firmware, Wn530hg4 and 3 more | 2024-11-13 | 8.3 HIGH | 7.2 HIGH |
|
A vulnerability classified as critical has been found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. Affected is the function set_ipv6 of the file internet.cgi. The manipulation of the argument IPv6OpMode/IPv6IPAddr/IPv6WANIPAddr/IPv6GWAddr leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2024-10428 | 1 Wavlink | 6 Wn530h4, Wn530h4 Firmware, Wn530hg4 and 3 more | 2024-11-13 | 8.3 HIGH | 7.2 HIGH |
|
A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been rated as critical. This issue affects the function set_ipv6 of the file firewall.cgi. The manipulation of the argument dhcpGateway leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2024-28726 | 2024-11-13 | N/A | 8.0 HIGH | ||
|
An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to execute arbitrary code via a crafted payload to the Diagnostics function.
|
|||||
| CVE-2024-39226 | 1 Gl-inet | 56 A1300, A1300 Firmware, Ap1300 and 53 more | 2024-11-12 | N/A | 9.8 CRITICAL |
|
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a vulnerability can be exploited to manipulate routers by passing malicious shell commands through the s2s API.
|
|||||
| CVE-2024-43601 | 2 Linux, Microsoft | 2 Linux Kernel, Visual Studio Code | 2024-11-08 | N/A | 7.8 HIGH |
|
Visual Studio Code for Linux Remote Code Execution Vulnerability
|
|||||
| CVE-2024-9579 | 1 Hp | 16 Poly Studio G62, Poly Studio G62 Firmware, Poly Studio G7500 and 13 more | 2024-11-08 | N/A | 7.5 HIGH |
|
A potential vulnerability was discovered in certain Poly video conferencing devices. The firmware flaw does not properly sanitize user input. The exploitation of this vulnerability is dependent on a layered attack and cannot be exploited by itself.
|
|||||
| CVE-2024-20418 | 2024-11-06 | N/A | 10.0 CRITICAL | ||
|
A vulnerability in the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points could allow an unauthenticated, remote attacker to perform command injection attacks with root privileges on the underlying operating system.
This vulnerability is due to improper validation of input to the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based ...
Show More |
|||||
| CVE-2024-47461 | 2024-11-06 | N/A | 7.2 HIGH | ||
|
An authenticated command injection vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. A successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying host operating system.
|
|||||