Total
2452 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-46552 | 1 Dlink | 2 Dir-846, Dir-846 Firmware | 2023-02-09 | N/A | 8.8 HIGH |
D-Link DIR-846 Firmware FW100A53DBR was discovered to contain a remote command execution (RCE) vulnerability via the lan(0)_dhcps_staticlist parameter. This vulnerability is exploited via a crafted POST request. | |||||
CVE-2023-23692 | 1 Dell | 1 Emc Data Domain Os | 2023-02-08 | N/A | 8.8 HIGH |
Dell EMC prior to version DDOS 7.9 contain(s) an OS command injection Vulnerability. An authenticated non admin attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. | |||||
CVE-2022-42484 | 2 Freshtomato, Siretta | 3 Freshtomato, Quartz-gold, Quartz-gold Firmware | 2023-02-06 | N/A | 9.8 CRITICAL |
An OS command injection vulnerability exists in the httpd logs/view.cgi functionality of FreshTomato 2022.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability. | |||||
CVE-2022-42491 | 1 Siretta | 2 Quartz-gold, Quartz-gold Firmware | 2023-02-06 | N/A | 9.8 CRITICAL |
Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is reachable through the m2m's M2M_CONFIG_SET command | |||||
CVE-2022-42493 | 1 Siretta | 2 Quartz-gold, Quartz-gold Firmware | 2023-02-06 | N/A | 9.8 CRITICAL |
Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is reachable through the m2m's DOWNLOAD_INFO command. | |||||
CVE-2022-42492 | 1 Siretta | 2 Quartz-gold, Quartz-gold Firmware | 2023-02-06 | N/A | 9.8 CRITICAL |
Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is reachable through the m2m's DOWNLOAD_AD command. | |||||
CVE-2022-42490 | 1 Siretta | 2 Quartz-gold, Quartz-gold Firmware | 2023-02-06 | N/A | 9.8 CRITICAL |
Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is reachable through the m2m's DOWNLOAD_CFG_FILE command | |||||
CVE-2022-48069 | 1 Totolink | 2 A830r, A830r Firmware | 2023-02-06 | N/A | 7.5 HIGH |
Totolink A830R V4.1.2cu.5182 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter. | |||||
CVE-2023-24422 | 1 Jenkins | 1 Script Security | 2023-02-03 | N/A | 8.8 HIGH |
A sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a_2fb_25 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. | |||||
CVE-2022-48070 | 1 Phicomm | 2 K2, K2 Firmware | 2023-02-03 | N/A | 7.8 HIGH |
Phicomm K2 v22.6.534.263 was discovered to contain a command injection vulnerability via the autoUpTime parameter in the automatic upgrade function. | |||||
CVE-2022-48072 | 1 Phicomm | 2 K2, K2 Firmware | 2023-02-03 | N/A | 7.8 HIGH |
Phicomm K2G v22.6.3.20 was discovered to contain a command injection vulnerability via the autoUpTime parameter in the automatic upgrade function. | |||||
CVE-2018-4010 | 1 Protonvpn | 1 Protonvpn | 2023-02-03 | 9.3 HIGH | 7.8 HIGH |
An exploitable code execution vulnerability exists in the connect functionality of ProtonVPN VPN client 1.5.1. A specially crafted configuration file can cause a privilege escalation, resulting in the ability to execute arbitrary commands with the system's privileges. | |||||
CVE-2020-10882 | 1 Tp-link | 2 Ac1750, Ac1750 Firmware | 2023-02-03 | 8.3 HIGH | 8.8 HIGH |
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tdpServer service, which listens on UDP port 20002 by default. When parsing the slave_mac parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the root user. Was ZDI-CAN-9650. | |||||
CVE-2019-16965 | 1 Fusionpbx | 1 Fusionpbx | 2023-02-03 | 9.0 HIGH | 7.2 HIGH |
resources/cmd.php in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute any commands on the host as www-data. | |||||
CVE-2019-7383 | 1 Systrome | 6 Cumilon Isg-600c, Cumilon Isg-600c Firmware, Cumilon Isg-600h and 3 more | 2023-02-03 | 7.2 HIGH | 7.8 HIGH |
An issue was discovered on Systrome Cumilon ISG-600C, ISG-600H, and ISG-800W devices with firmware V1.1-R2.1_TRUNK-20181105.bin. A shell command injection occurs by editing the description of an ISP file. The file network/isp/isp_update_edit.php does not properly validate user input, which leads to shell command injection via the des parameter. | |||||
CVE-2022-42496 | 1 Kujirahand | 1 Nadesiko3 | 2023-02-03 | N/A | 9.8 CRITICAL |
OS command injection vulnerability in Nako3edit, editor component of nadesiko3 (PC Version) v3.3.74 and earlier allows a remote attacker to obtain appkey of the product and execute an arbitrary OS command on the product. | |||||
CVE-2019-19034 | 1 Zohocorp | 1 Manageengine Assetexplorer | 2023-02-03 | 6.5 MEDIUM | 7.2 HIGH |
Zoho ManageEngine Asset Explorer 6.5 does not validate the System Center Configuration Manager (SCCM) database username when dynamically generating a command to schedule scans for SCCM. This allows an attacker to execute arbitrary commands on the AssetExplorer Server with NT AUTHORITY/SYSTEM privileges. | |||||
CVE-2020-10808 | 1 Vestacp | 1 Vesta Control Panel | 2023-02-03 | 9.0 HIGH | 8.8 HIGH |
Vesta Control Panel (VestaCP) through 0.9.8-26 allows Command Injection via the schedule/backup Backup Listing Endpoint. The attacker must be able to create a crafted filename on the server, as demonstrated by an FTP session that renames .bash_logout to a .bash_logout' substring followed by shell metacharacters. | |||||
CVE-2022-41751 | 3 Debian, Fedoraproject, Jhead Project | 3 Debian Linux, Fedora, Jhead | 2023-02-03 | N/A | 7.8 HIGH |
Jhead 3.06.0.1 allows attackers to execute arbitrary OS commands by placing them in a JPEG filename and then using the regeneration -rgt50 option. | |||||
CVE-2018-3836 | 2 Debian, Leptonica | 2 Debian Linux, Leptonica | 2023-02-03 | 7.2 HIGH | 7.8 HIGH |
An exploitable command injection vulnerability exists in the gplotMakeOutput function of Leptonica 1.74.4. A specially crafted gplot rootname argument can cause a command injection resulting in arbitrary code execution. An attacker can provide a malicious path as input to an application that passes attacker data to this function to trigger this vulnerability. |