Total
5311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-50809 | 2024-11-18 | N/A | 8.8 HIGH | ||
|
The theme.php file in SDCMS 2.8 has a command execution vulnerability that allows for the execution of system commands
|
|||||
| CVE-2024-11065 | 1 Dlink | 2 Dsl6740c, Dsl6740c Firmware | 2024-11-15 | N/A | 7.2 HIGH |
|
The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet.
|
|||||
| CVE-2024-11064 | 1 Dlink | 2 Dsl6740c, Dsl6740c Firmware | 2024-11-15 | N/A | 7.2 HIGH |
|
The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet.
|
|||||
| CVE-2024-11063 | 1 Dlink | 2 Dsl6740c, Dsl6740c Firmware | 2024-11-15 | N/A | 7.2 HIGH |
|
The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet.
|
|||||
| CVE-2024-11062 | 1 Dlink | 2 Dsl6740c, Dsl6740c Firmware | 2024-11-15 | N/A | 7.2 HIGH |
|
The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet.
|
|||||
| CVE-2005-10003 | 1 Mikexstudios | 1 Xcomic | 2024-11-14 | 5.1 MEDIUM | 9.8 CRITICAL |
|
A vulnerability classified as critical has been found in mikexstudios Xcomic up to 0.8.2. This affects an unknown part. The manipulation of the argument cmd leads to os command injection. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 0.8.3 is able to address this issue. The patch is named 6ed8e3cc336e29f09c7e791863d0559939da9 ...
Show More |
|||||
| CVE-2024-8881 | 1 Zyxel | 20 Gs1900-10hp, Gs1900-10hp Firmware, Gs1900-16 and 17 more | 2024-11-14 | N/A | 6.8 MEDIUM |
|
A post-authentication command injection vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to execute some operating system (OS) commands on an affected device by sending a crafted HTTP request.
|
|||||
| CVE-2024-46890 | 1 Siemens | 1 Sinec Ins | 2024-11-13 | N/A | 9.1 CRITICAL |
|
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly validate input sent to specific endpoints of its web API. This could allow an authenticated remote attacker with high privileges on the application to execute arbitrary code on the underlying OS.
|
|||||
| CVE-2024-11046 | 1 Dlink | 2 Di-8003, Di-8003 Firmware | 2024-11-13 | 6.5 MEDIUM | 9.8 CRITICAL |
|
A vulnerability was found in D-Link DI-8003 16.07.16A1. It has been classified as critical. Affected is the function upgrade_filter_asp of the file /upgrade_filter.asp. The manipulation of the argument path leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-45765 | 1 Dell | 1 Enterprise Sonic Distribution | 2024-11-13 | N/A | 7.2 HIGH |
|
Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. This is a critical severity vulnerability as it allows high privilege OS commands to be executed with a less privileged role; so Dell recommends customers to upgrade at the earliest opportunity.
|
|||||
| CVE-2024-45763 | 1 Dell | 1 Enterprise Sonic Distribution | 2024-11-13 | N/A | 7.2 HIGH |
|
Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. This is a critical severity vulnerability so Dell recommends customers to upgrade at the earliest opportunity.
|
|||||
| CVE-2024-45827 | 2024-11-12 | N/A | 8.0 HIGH | ||
|
Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in Mesh Wi-Fi router RP562B firmware version v1.0.2 and earlier. If this vulnerability is exploited, a network-adjacent authenticated attacker may execute an arbitrary OS command.
|
|||||
| CVE-2024-10919 | 1 Didi | 1 Super-jacoco | 2024-11-08 | 6.5 MEDIUM | 9.8 CRITICAL |
|
A vulnerability has been found in didi Super-Jacoco 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /cov/triggerUnitCover. The manipulation of the argument uuid leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-10915 | 1 Dlink | 8 Dns-320, Dns-320 Firmware, Dns-320lw and 5 more | 2024-11-08 | 7.6 HIGH | 9.8 CRITICAL |
|
A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been rated as critical. Affected by this issue is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulation of the argument group leads to os command injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2023-29120 | 1 Enelx | 2 Waybox Pro, Waybox Pro Firmware | 2024-11-08 | N/A | 8.8 HIGH |
|
Waybox Enel X web management application could be used to execute arbitrary OS commands and provide administrator’s privileges over the Waybox system.
|
|||||
| CVE-2024-51661 | 1 Davidlingren | 1 Media Library Assistant | 2024-11-08 | N/A | 7.2 HIGH |
|
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in David Lingren Media Library Assistant allows Command Injection.This issue affects Media Library Assistant: from n/a through 3.19.
|
|||||
| CVE-2024-51252 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2024-11-05 | N/A | 9.8 CRITICAL |
|
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the restore function.
|
|||||
| CVE-2024-51248 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2024-11-05 | N/A | 8.8 HIGH |
|
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the modifyrow function.
|
|||||
| CVE-2024-51247 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2024-11-05 | N/A | 8.8 HIGH |
|
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doPPPo function.
|
|||||
| CVE-2024-51245 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2024-11-05 | N/A | 8.8 HIGH |
|
In DrayTek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the rename_table function.
|
|||||
| CVE-2024-51244 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2024-11-05 | N/A | 8.8 HIGH |
|
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doIPSec function.
|
|||||
| CVE-2024-37845 | 1 Radixiot | 1 Mango | 2024-11-04 | N/A | 7.2 HIGH |
|
MangoOS before 5.2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the Active Process Command feature.
|
|||||
| CVE-2024-10653 | 2024-11-04 | N/A | 7.2 HIGH | ||
|
IDExpert from CHANGING Information Technology does not properly validate a specific parameter in the administrator interface, allowing remote attackers with administrative privileges to inject and execute OS commands on the server.
|
|||||
| CVE-2024-10119 | 1 Zte | 2 Wrtm326, Wrtm326 Firmware | 2024-11-01 | N/A | 9.8 CRITICAL |
|
The wireless router WRTM326 from SECOM does not properly validate a specific parameter. An unauthenticated remote attacker could execute arbitrary system commands by sending crafted requests.
|
|||||
| CVE-2024-20424 | 1 Cisco | 1 Secure Firewall Management Center | 2024-11-01 | N/A | 9.9 CRITICAL |
|
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system as root.
This vulnerability is due to insufficient input validation of certain HTTP requests. An attacker could exploit this vulnerability by authenticating to the web-based management interface of an affected device and then ...
Show More |
|||||
| CVE-2024-9793 | 1 Tenda | 2 Ac1206, Ac1206 Firmware | 2024-11-01 | 6.5 MEDIUM | 9.8 CRITICAL |
|
A vulnerability classified as critical was found in Tenda AC1206 up to 15.03.06.23. This vulnerability affects the function ate_iwpriv_set/ate_ifconfig_set of the file /goform/ate. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2024-36060 | 2024-11-01 | N/A | 8.8 HIGH | ||
|
EnGenius EnStation5-AC A8J-ENS500AC 1.0.0 devices allow blind OS command injection via shell metacharacters in the Ping and Speed Test parameters.
|
|||||
| CVE-2024-8934 | 2024-11-01 | N/A | 6.5 MEDIUM | ||
|
A local user with administrative access rights can enter specialy crafted values for settings at the user interface (UI) of the TwinCAT Package Manager which then causes arbitrary OS commands to be executed.
|
|||||
| CVE-2024-47901 | 1 Siemens | 3 Intermesh 7177 Hybrid 2.0 Subscriber, Intermesh 7707 Fire Subscriber, Intermesh 7707 Fire Subscriber Firmware | 2024-10-30 | N/A | 9.8 CRITICAL |
|
A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled (which is not the default configuration)). The web server of affected devices does not sanitize the input parameters in specific GET requests that allow for code execution on operating system level. In combination with other vulnerabilities (CVE-2024-47902, CVE-2024-47903, CVE-2024-47904) this could allow ...
Show More |
|||||
| CVE-2024-48963 | 1 Snyk | 1 Snyk Cli | 2024-10-30 | N/A | 9.8 CRITICAL |
|
The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted PHP project. The vulnerability can be triggered if Snyk test is run inside the untrusted project due to the improper handling of the current working directory name. Snyk recommends only scanning trusted projects.
|
|||||
| CVE-2024-48964 | 1 Snyk | 1 Snyk Cli | 2024-10-30 | N/A | 8.8 HIGH |
|
The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted Gradle project. The vulnerability can be triggered if Snyk test is run inside the untrusted project due to the improper handling of the current working directory name. Snyk recommends only scanning trusted projects.
|
|||||
| CVE-2024-48459 | 2024-10-29 | N/A | 7.3 HIGH | ||
|
A command execution vulnerability exists in the AX2 Pro home router produced by Shenzhen Tenda Technology Co., Ltd. (Jixiang Tenda) v.DI_7003G-19.12.24A1V16.03.29.50;V16.03.29.50;V16.03.29.50. An attacker can exploit this vulnerability by constructing a malicious payload to execute commands and further obtain shell access to the router's file system with the highest privileges.
|
|||||
| CVE-2024-45242 | 2024-10-28 | N/A | 7.8 HIGH | ||
|
EnGenius ENH1350EXT A8J-ENH1350EXT devices through 3.9.3.2_c1.9.51 allow (blind) OS Command Injection via shell metacharacters to the Ping or Speed Test utility. During the time of initial setup, the device creates an open unsecured network whose admin panel is configured with the default credentials of admin/admin. An unauthorized attacker in proximity to the Wi-Fi network can exploit this window of time to execute arbitrary OS commands with root-level permissions.
|
|||||
| CVE-2024-10202 | 1 Wellchoose | 1 Administrative Management System | 2024-10-24 | N/A | 8.8 HIGH |
|
Administrative Management System from Wellchoose has an OS Command Injection vulnerability, allowing remote attackers with regular privileges to inject and execute arbitrary OS commands.
|
|||||
| CVE-2024-20461 | 1 Cisco | 4 Ata 191, Ata 191 Firmware, Ata 192 and 1 more | 2024-10-22 | N/A | 6.0 MEDIUM |
|
A vulnerability in the CLI of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an authenticated, local attacker with high privileges to execute arbitrary commands as the root user.
This vulnerability exists because CLI input is not properly sanitized. An attacker could exploit this vulnerability by sending malicious characters to the CLI. A successful exploit could allow the attacker to read and write to the underlying operating system as the root user.
|
|||||
| CVE-2024-20459 | 1 Cisco | 4 Ata 191, Ata 191 Firmware, Ata 192 and 1 more | 2024-10-22 | N/A | 7.2 HIGH |
|
A vulnerability in the web-based management interface of Cisco ATA 190 Multiplatform Series Analog Telephone Adapter firmware could allow an authenticated, remote attacker with high privileges to execute arbitrary commands as the root user on the underlying operating system.
This vulnerability is due to a lack of input sanitization in the web-based management interface. An attacker could exploit this vulnerability by sending a malicious request to the web-based management interface. A success ...
Show More |
|||||
| CVE-2024-20458 | 1 Cisco | 4 Ata 191, Ata 191 Firmware, Ata 192 and 1 more | 2024-10-22 | N/A | 8.2 HIGH |
|
A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to view or delete the configuration or change the firmware on an affected device.
This vulnerability is due to a lack of authentication on specific HTTP endpoints. An attacker could exploit this vulnerability by browsing to a specific URL. A successful exploit could allow the attacker to view or delete the configuration or change the f ...
Show More |
|||||
| CVE-2024-10118 | 2024-10-18 | N/A | 9.8 CRITICAL | ||
|
SECOM WRTR-304GN-304TW-UPSC does not properly filter user input in the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.
|
|||||
| CVE-2024-9464 | 1 Paloaltonetworks | 1 Expedition | 2024-10-17 | N/A | 6.5 MEDIUM |
|
An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.
|
|||||
| CVE-2024-9916 | 1 Usualtool | 1 Usualtoolcms | 2024-10-16 | 7.5 HIGH | 9.8 CRITICAL |
|
A vulnerability, which was classified as critical, has been found in HuangDou UTCMS V9. Affected by this issue is some unknown functionality of the file app/modules/ut-cac/admin/cli.php. The manipulation of the argument o leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||