Total
5311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-10823 | 1 Dlink | 8 Dwr-111, Dwr-111 Firmware, Dwr-116 and 5 more | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
An issue was discovered on D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. An authenticated attacker may execute arbitrary code by injecting the shell command into the chkisg.htm page Sip parameter. This allows for full control over the device internals.
|
|||||
| CVE-2018-10730 | 1 Phoenixcontact | 58 Fl Switch 3004t-fx, Fl Switch 3004t-fx Firmware, Fl Switch 3004t-fx St and 55 more | 2024-11-21 | 9.0 HIGH | 9.1 CRITICAL |
|
All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to OS command injection.
|
|||||
| CVE-2018-10702 | 1 Moxa | 2 Awk-3121, Awk-3121 Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administrator can run scripts on the device to troubleshoot any issues. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "iw_filename" is susceptible to command injection via shell metacharacters.
|
|||||
| CVE-2018-10699 | 1 Moxa | 2 Awk-3121, Awk-3121 Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered on Moxa AWK-3121 1.14 devices. The Moxa AWK 3121 provides certfile upload functionality so that an administrator can upload a certificate file used for connecting to the wireless network. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "iw_privatePass" is susceptible to this injection. By crafting a packet that contains shell metacharacters, it is possible for an attacker to execute the attack.
|
|||||
| CVE-2018-10697 | 1 Moxa | 2 Awk-3121, Awk-3121 Firmware | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
|
An issue was discovered on Moxa AWK-3121 1.14 devices. The Moxa AWK 3121 provides ping functionality so that an administrator can execute ICMP calls to check if the network is working correctly. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "srvName" is susceptible to this injection. By crafting a packet that contains shell metacharacters, it is possible for an attacker to execute the attack.
|
|||||
| CVE-2018-10660 | 1 Axis | 780 A1001, A1001 Firmware, A8004-v and 777 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
An issue was discovered in multiple models of Axis IP Cameras. There is Shell Command Injection.
|
|||||
| CVE-2018-10587 | 1 Netgain-systems | 1 Enterprise Manager | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
NetGain Enterprise Manager (EM) is affected by OS Command Injection vulnerabilities in versions before 10.0.57. These vulnerabilities could allow remote authenticated attackers to inject arbitrary code, resulting in remote code execution.
|
|||||
| CVE-2018-10431 | 2 D-link, Dlink | 2 Dir-615 Firmware, Dir-615 | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
D-Link DIR-615 2.5.17 devices allow Remote Code Execution via shell metacharacters in the Host field of the System / Traceroute screen.
|
|||||
| CVE-2018-10354 | 1 Trendmicro | 1 Email Encryption Gateway | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
A command injection remote command execution vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw in the LauncherServer. Authentication is required to exploit this vulnerability.
|
|||||
| CVE-2018-1000885 | 1 Phkp Project | 1 Phkp | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
PHKP version including commit 88fd9cfdf14ea4b6ac3e3967feea7bcaabb6f03b contains a Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in function pgp_exec() phkp.php:98 that can result in It is possible to manipulate gpg-keys or execute commands remotely. This attack appear to be exploitable via HKP-Api: /pks/lookup?search.
|
|||||
| CVE-2018-1000666 | 2 Gig, Openvcloud Project | 2 Jumpscale, Openvcloud | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
GIG Technology NV JumpScale Portal 7 version before commit 15443122ed2b1cbfd7bdefc048bf106f075becdb contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in method: notifySpaceModification; that can result in Improper validation of parameters results in command execution. This attack appear to be exploitable via Network connectivity, required minimal auth privileges (everyone can register an account). This vulnerability appear ...
Show More |
|||||
| CVE-2018-1000118 | 1 Electronjs | 1 Electron | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
|
Github Electron version Electron 1.8.2-beta.4 and earlier contains a Command Injection vulnerability in Protocol Handler that can result in command execute. This attack appear to be exploitable via the victim opening an electron protocol handler in their browser. This vulnerability appears to have been fixed in Electron 1.8.2-beta.5. This issue is due to an incomplete fix for CVE-2018-1000006, specifically the black list used was not case insensitive allowing an attacker to potentially bypass it ...
Show More |
|||||
| CVE-2018-1000043 | 1 Securityonion | 1 Squert | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Security Onion Solutions Squert version 1.0.1 through 1.6.7 contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) vulnerability in .inc/callback.php that can result in execution of OS Commands. This attack appear to be exploitable via Web request to .inc/callback.php with the payload in the txdata parameter, used in tx()/transcript(), or the catdata parameter, used in cat(). This vulnerability appears to have been fixed in 1.7.0.
|
|||||
| CVE-2018-1000042 | 1 Securityonion | 1 Squert | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Security Onion Solutions Squert version 1.3.0 through 1.6.7 contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) vulnerability in .inc/callback.php that can result in execution of OS Commands. This attack appear to be exploitable via Web request to .inc/callback.php with the payload in the data or obj parameters, used in autocat(). This vulnerability appears to have been fixed in 1.7.0.
|
|||||
| CVE-2018-1000019 | 1 Open-emr | 1 Openemr | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
OpenEMR version 5.0.0 contains a OS Command Injection vulnerability in fax_dispatch.php that can result in OS command injection by an authenticated attacker with any role. This vulnerability appears to have been fixed in 5.0.0 Patch 2 or higher.
|
|||||
| CVE-2018-1000006 | 2 Atom, Microsoft | 4 Electron, Windows 10, Windows 7 and 1 more | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
|
GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and earlier, 1.6.15 and earlier has a vulnerability in the protocol handler, specifically Electron apps running on Windows 10, 7 or 2008 that register custom protocol handlers can be tricked in arbitrary command execution if the user clicks on a specially crafted URL. This has been fixed in versions 1.8.2-beta.4, 1.7.11, and 1.6.16.
|
|||||
| CVE-2018-0710 | 1 Qnap | 1 Q\'center | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
Command injection vulnerability in SSH of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.
|
|||||
| CVE-2018-0709 | 1 Qnap | 1 Q\'center | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
Command injection vulnerability in date of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.
|
|||||
| CVE-2018-0708 | 1 Qnap | 1 Q\'center | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
Command injection vulnerability in networking of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.
|
|||||
| CVE-2018-0707 | 1 Qnap | 1 Q\'center | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
Command injection vulnerability in change password of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.
|
|||||
| CVE-2018-0694 | 1 Soliton | 1 Filezen | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
FileZen V3.0.0 to V4.2.1 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
|
|||||
| CVE-2018-0677 | 1 Panasonic | 2 Bn-sdwbp3, Bn-sdwbp3 Firmware | 2024-11-21 | 7.7 HIGH | 6.8 MEDIUM |
|
BN-SDWBP3 firmware version 1.0.9 and earlier allows attacker with administrator rights on the same network segment to execute arbitrary OS commands via unspecified vectors.
|
|||||
| CVE-2018-0643 | 2 Canonical, Orcamo | 2 Ubuntu Linux, Online Receipt Computer Advantage | 2024-11-21 | 7.4 HIGH | 6.6 MEDIUM |
|
Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 4.8.0 (panda-server) 1:1.4.9+p41-u4jma1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via unspecified vectors.
|
|||||
| CVE-2018-0639 | 1 Nec | 2 Aterm Hc100rc, Aterm Hc100rc Firmware | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via tools_firmware.cgi date parameter, time parameter, and offset parameter.
|
|||||
| CVE-2018-0638 | 1 Nec | 2 Aterm Hc100rc, Aterm Hc100rc Firmware | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via import.cgi encKey parameter.
|
|||||
| CVE-2018-0637 | 1 Nec | 2 Aterm Hc100rc, Aterm Hc100rc Firmware | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via export.cgi encKey parameter.
|
|||||
| CVE-2018-0636 | 1 Nec | 2 Aterm Hc100rc, Aterm Hc100rc Firmware | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via FactoryPassword parameter of a certain URL, different URL from CVE-2018-0634.
|
|||||
| CVE-2018-0635 | 1 Nec | 2 Aterm Hc100rc, Aterm Hc100rc Firmware | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via filename parameter.
|
|||||
| CVE-2018-0634 | 1 Nec | 2 Aterm Hc100rc, Aterm Hc100rc Firmware | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via FactoryPassword parameter or bootmode parameter of a certain URL.
|
|||||
| CVE-2018-0631 | 1 Nec | 2 Aterm W300p, Aterm W300p Firmware | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via targetAPSsid parameter.
|
|||||
| CVE-2018-0630 | 1 Nec | 2 Aterm W300p, Aterm W300p Firmware | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via sysCmd parameter.
|
|||||
| CVE-2018-0629 | 1 Nec | 2 Aterm W300p, Aterm W300p Firmware | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via HTTP request and response.
|
|||||
| CVE-2018-0628 | 1 Nec | 2 Aterm Wg1200hp, Aterm Wg1200hp Firmware | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via HTTP request and response.
|
|||||
| CVE-2018-0627 | 1 Nec | 2 Aterm Wg1200hp, Aterm Wg1200hp Firmware | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via targetAPSsid parameter.
|
|||||
| CVE-2018-0626 | 1 Nec | 2 Aterm Wg1200hp, Aterm Wg1200hp Firmware | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via sysCmd in formWsc parameter.
|
|||||
| CVE-2018-0625 | 1 Nec | 2 Aterm Wg1200hp, Aterm Wg1200hp Firmware | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via formSysCmd parameter.
|
|||||
| CVE-2018-0569 | 1 Basercms | 1 Basercms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors.
|
|||||
| CVE-2018-0556 | 1 Buffalo | 2 Wzr-1750dhp2, Wzr-1750dhp2 Firmware | 2024-11-21 | 8.3 HIGH | 8.8 HIGH |
|
Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.
|
|||||
| CVE-2018-0545 | 1 Lxr Project | 1 Lxr | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
LXR version 1.0.0 to 2.3.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
|
|||||
| CVE-2018-0539 | 1 Qqq Systems Project | 1 Qqq Systems | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
QQQ SYSTEMS version 2.24 allows an attacker to execute arbitrary commands via unspecified vectors.
|
|||||