Total
2452 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8438 | 1 Arris | 2 Ruckus Zoneflex R500, Ruckus Zoneflex R500 Firmware | 2020-01-31 | 9.0 HIGH | 7.2 HIGH |
| Ruckus ZoneFlex R500 104.0.0.0.1347 devices allow an authenticated attacker to execute arbitrary OS commands via the hidden /forms/nslookupHandler form, as demonstrated by the nslookuptarget=|cat${IFS} substring. | |||||
| CVE-2013-2573 | 1 Tp-link | 6 Tl-sc 3130g, Tl-sc 3130g Firmware, Tl-sc 3171g and 3 more | 2020-01-31 | 10.0 HIGH | 9.8 CRITICAL |
| A Command Injection vulnerability exists in the ap parameter to the /cgi-bin/mft/wireless_mft.cgi file in TP-Link IP Cameras TL-SC 3130, TL-SC 3130G, 3171G. and 4171G 1.6.18P12s, which could let a malicious user execute arbitrary code. | |||||
| CVE-2013-1598 | 1 Vivotek | 2 Pt7135, Pt7135 Firmware | 2020-01-31 | 9.0 HIGH | 8.8 HIGH |
| A Command Injection vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via the system.ntp parameter to the farseer.out binary file, which cold let a malicious user execute arbitrary code. | |||||
| CVE-2019-19897 | 1 Ixpdata | 1 Easyinstall | 2020-01-31 | 10.0 HIGH | 9.8 CRITICAL |
| In IXP EasyInstall 6.2.13723, there is Remote Code Execution via the Agent Service. An unauthenticated attacker can communicate with the Agent Service over TCP port 20051, and execute code in the NT AUTHORITY\SYSTEM context of the target system by using the Execute Command Line function. | |||||
| CVE-2019-17096 | 1 Bitdefender | 3 Box 2, Box 2 Firmware, Central | 2020-01-31 | 9.3 HIGH | 9.8 CRITICAL |
| A OS Command Injection vulnerability in the bootstrap stage of Bitdefender BOX 2 allows the manipulation of the `get_image_url()` function in special circumstances to inject a system command. | |||||
| CVE-2019-20217 | 1 Dlink | 2 Dir-859, Dir-859 Firmware | 2020-01-31 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because SERVER_ID is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an attacker to concatenate arbitrary commands separated by shell metacharacters. | |||||
| CVE-2019-20216 | 1 Dlink | 2 Dir-859, Dir-859 Firmware | 2020-01-31 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because REMOTE_PORT is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an attacker to concatenate arbitrary commands separated by shell metacharacters. | |||||
| CVE-2013-2060 | 1 Redhat | 1 Openshift | 2020-01-30 | 10.0 HIGH | 9.8 CRITICAL |
| The download_from_url function in OpenShift Origin allows remote attackers to execute arbitrary commands via shell metacharacters in the URL of a request to download a cart. | |||||
| CVE-2019-10780 | 1 Bibtex-ruby Project | 1 Bibtex-ruby | 2020-01-30 | 10.0 HIGH | 9.8 CRITICAL |
| BibTeX-ruby before 5.1.0 allows shell command injection due to unsanitized user input being passed directly to the built-in Ruby Kernel.open method through BibTeX.open. | |||||
| CVE-2013-2612 | 1 Huawei | 2 E587, E587 Firmware | 2020-01-30 | 10.0 HIGH | 9.8 CRITICAL |
| Command-injection vulnerability in Huawei E587 3G Mobile Hotspot 11.203.27 allows remote attackers to execute arbitrary shell commands with root privileges due to an error in the Web UI. | |||||
| CVE-2012-4981 | 1 Toshiba | 1 Configfree | 2020-01-30 | 6.8 MEDIUM | 8.8 HIGH |
| Toshiba ConfigFree 8.0.38 has a CF7 File Remote Command Execution Vulnerability | |||||
| CVE-2020-7594 | 1 Multitech | 2 Conduit Mtcdt-lvw2-246a, Conduit Mtcdt-lvw2-246a Firmware | 2020-01-29 | 9.0 HIGH | 7.2 HIGH |
| MultiTech Conduit MTCDT-LVW2-24XX 1.4.17-ocea-13592 devices allow remote authenticated administrators to execute arbitrary OS commands by navigating to the Debug Options page and entering shell metacharacters in the interface JSON field of the ping function. | |||||
| CVE-2014-8563 | 1 Synacor | 1 Zimbra Collaboration Server | 2020-01-29 | 7.5 HIGH | 9.8 CRITICAL |
| Synacor Zimbra Collaboration before 8.0.9 allows plaintext command injection during STARTTLS. | |||||
| CVE-2019-19841 | 1 Ruckuswireless | 17 C110, E510, H320 and 14 more | 2020-01-28 | 10.0 HIGH | 9.8 CRITICAL |
| emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=packet-capture to admin/_cmdstat.jsp via the mac attribute. | |||||
| CVE-2019-19842 | 1 Ruckuswireless | 17 C110, E510, H320 and 14 more | 2020-01-27 | 10.0 HIGH | 9.8 CRITICAL |
| emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=spectra-analysis to admin/_cmdstat.jsp via the mac attribute. | |||||
| CVE-2020-7244 | 1 Comtechtel | 2 Stampede Fx-1010, Stampede Fx-1010 Firmware | 2020-01-24 | 9.0 HIGH | 7.2 HIGH |
| Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Poll Routes page and entering shell metacharacters in the Router IP Address field. (In some cases, authentication can be achieved with the comtech password for the comtech account.) | |||||
| CVE-2020-7243 | 1 Comtechtel | 2 Stampede Fx-1010, Stampede Fx-1010 Firmware | 2020-01-24 | 9.0 HIGH | 7.2 HIGH |
| Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Fetch URL page and entering shell metacharacters in the URL field. (In some cases, authentication can be achieved with the comtech password for the comtech account.) | |||||
| CVE-2020-7242 | 1 Comtechtel | 2 Stampede Fx-1010, Stampede Fx-1010 Firmware | 2020-01-24 | 9.0 HIGH | 7.2 HIGH |
| Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Diagnostics Trace Route page and entering shell metacharacters in the Target IP address field. (In some cases, authentication can be achieved with the comtech password for the comtech account.) | |||||
| CVE-2019-10958 | 1 Geutebrueck | 22 G-cam Ebc-2110, G-cam Ebc-2110 Firmware, G-cam Ebc-2111 and 19 more | 2020-01-24 | 9.0 HIGH | 7.2 HIGH |
| Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to network configuration to supply system commands to the server, leading to remote code execution as root. | |||||
| CVE-2019-10956 | 1 Geutebrueck | 22 G-cam Ebc-2110, G-cam Ebc-2110 Firmware, G-cam Ebc-2111 and 19 more | 2020-01-24 | 9.0 HIGH | 7.2 HIGH |
| Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated user, using a specially crafted URL command, to execute commands as root. | |||||