CWE:
 

Topic
Date
Author
High
Mako Server 2.5 OS Command Injection Remote Command Execution
17.11.2017
Steven Patterson
High
D-Link DIR-850L Unauthenticated Command Execution
14.11.2017
Zdenda
High
Mako Server 2.5 Command Injection
09.11.2017
Steven Patterson
High
pfSense 2.3.1_1 Command Execution
07.11.2017
s4squatch
High
tnftp "savefile" Arbitrary Command Execution
03.11.2017
wvu
Med.
Sonicwall WXA5000 1.3.2-10-30 Console Jail Escape / Privilege Escalation
25.10.2017
Matt Bergin
High
Unitrends UEB bpserverd Authentication Bypass / Remote Command Execution
22.10.2017
Multiple
High
Webmin 1.850 SSRF / CSRF / Cross Site Scripting / Command Execution
18.10.2017
hyp3rlinx
High
Shadowsocks Log Manipulation / Command Execution
15.10.2017
X41 D-Sec
High
Shadowsocks-libev 3.1.0 Command Execution
15.10.2017
X41 D-Sec
High
Unitrends UEB 9.1 Unitrends bpserverd Remote Command Execution
06.10.2017
Multiple
High
Unitrends UEB 9.1 Authentication Bypass / Remote Command Execution
06.10.2017
Multiple
High
Netgear ReadyNAS Surveillance 1.4.3-16 Remote Command Execution
05.10.2017
Kacper Szurek
Med.
Fiberhome AN5506-04-F Command Injection
04.10.2017
Tauco
High
UCOPIA Wireless Appliance Restricted Shell Escape
30.09.2017
SYSDREAM
Med.
UCOPIA Wireless Appliance Privilege Escalation
30.09.2017
SYSDREAM
High
Faleemi FSC-880 CSRF / SQL Injection / Command Execution
29.09.2017
Oleg Puzanov
High
Git cvsserver Remote Command Execution
28.09.2017
joernchen
High
NodeJS Debugger Command Injection
26.09.2017
Patrick Thomas
High
FLIR Systems FLIR Thermal Camera FC-S/PT Authenticated OS Command Injection
26.09.2017
Gjoko 'LiquidWorm' Krs...
High
Infinite Automation Mango Automation Command Injection
14.09.2017
james fitts
High
Alienvault OSSIM av-centerd 4.7.0 get_log_line Command Injection
13.09.2017
james fitts
High
Alienvault OSSIM av-centerd Util.pm sync_rserver Command Execution
13.09.2017
james fitts
High
Alienvault Open Source SIEM (OSSIM) < 4.7.0 get_license Remote Command Execution
13.09.2017
james fitts
High
WiseGiga NAS CSRF / LFI / Command Execution
12.09.2017
Pierre Kim
High
QNAP Transcode Server Command Execution
29.08.2017
Brendan
High
Symantec Messaging Gateway 10.6.3-2 - Unauthenticated root Remote Command Execution
21.08.2017
Philip Pettersson
High
Ubiquiti Networks UniFi Cloud Key Firmware 0.6.1 Command Injection
05.08.2017
SEC
High
VICIdial 2.9 RC 1 to 2.13 RC1 - user_authorization Unauthenticated Command Execution (Metasploit)
28.07.2017
Brendan Coles
High
VICIdial user_authorization Unauthenticated Command Execution
22.07.2017
Brendan
High
Sonicwall SRA 8.1.0.2-14sv gencsr.cgi Command Injection
21.07.2017
xort
High
Sonicwall importlogo/sitecustomization Remote Command Injection
21.07.2017
xort
High
Sophos Web Appliance 4.3.0.2 trafficType Remote Command Injection
18.07.2017
xort
High
Barracuda Load Balancer Firmware <= 6.0.1.006 - Remote Command Injection
18.07.2017
xort
High
NfSec 1.3.7 / AlienVault USM/OSSIM 5.3.4 Command Injection
11.07.2017
Paul Taylor
High
NfSen <= 1.3.7 / AlienVault OSSIM 5.3.4 - Command Injection
11.07.2017
Paul Taylor
High
PDNS Manager Remote Command Execution
06.07.2017
RedTeam Pentesting
High
GoAutoDial 3.3 Authentication Bypass / Command Injection
05.07.2017
Chris McCurley
High
Netgear DGN2200 dnslookup.cgi Command Injection
27.06.2017
thecarterb
High
Netgear DGN2200 dnslookup.cgi Command Injection
25.06.2017
SivertPL
High
Atlassian SourceTree 2.5c Command Execution
23.05.2017
Alfred and Sandro
High
WordPress PHPMailer Host Header Command Injection
17.05.2017
wvu
High
Serviio Media Server checkStreamUrl Command Execution
17.05.2017
Brendan Coles
High
I, Librarian PDF Manager 4.6 / 4.7 Command Injection / SSRF / Enumeration
10.05.2017
SE Consult
Med.
Atlassian SourceTree 2.5c Client URL Handler Command Injection
05.05.2017
redrain
High
Ghostscript 9.21 Type Confusion Arbitrary Command Execution
02.05.2017
hdm
Med.
Alerton Webtalk 2.5 / 3.3 Hash Disclosure / CSRF / Command Injection
28.04.2017
David Tomaschik
Med.
WePresent WiPG-1000 Command Injection
25.04.2017
Matthias Brun
Med.
Solarwinds LEM 6.3.1 Shell Escape Command Injection
25.04.2017
Matt Bergin
High
Trend Micro Threat Discovery Appliance admin_sys_time.cgi Remote Command Execution
19.04.2017
Roberto Suggi Liverani...
High
Huawei HG532n Command Injection
18.04.2017
Ahmed S. Darwish
High
AlienVault USM/OSSIM 5.3.4 / 5.3.5 Remote Command Execution
14.04.2017
Peter Lapp
High
EON 5.0 Remote Code Execution
24.03.2017
SYSDREAM Labs
High
Logsign Remote Command Injection
24.03.2017
Mehmet Ince
High
dnaLIMS Admin Module Command Execution
21.03.2017
flakey_biscuit
High
Ubiquiti Networks Command Injection
18.03.2017
T. Weber
High
Netgear R7000 / R6400 cgi-bin Command Injection
14.03.2017
thecarterb
High
Wireless IP Camera (P2P) WIFICAM GoAhead Backdoor / Remote Command Execution
10.03.2017
Pierre Kim
High
Struts2 S2-045 Remote Command Execution
08.03.2017
dsaw dash
High
Bull / IBM AIX Clusterwatch / Watchware File Write / Command Injection
08.03.2017
RandoriSec
High
Western Digital My Cloud Command Injection / File Upload
08.03.2017
Wan Ikram
High
NetGain Enterprise Manager 7.2.562 Command Execution
04.03.2017
MrChaZ
High
Netgear DGN2201 v1/v2/v3/v4 dnslookup.cgi Remote Command Execution
27.02.2017
SivertPL
High
Sonicwall SRA 8.1.0.2-14sv viewcert.cgi Remote Command Execution
24.02.2017
xort
High
Sophos Web Appliance 4.2.1.3 Remote Command Execution
24.02.2017
xort @ Critical Start
High
Siklu EtherHaul Remote Command Execution
24.02.2017
Ian Ling
Med.
QNAP QTS 4.2.x XSS / Command Injection / Transport Issues
18.02.2017
Harry Sintonen
Med.
TP-Link C2 / C20i Command Injection / Denial Of Service
10.02.2017
Pierre Kim
High
Cisco WebEx Chrome Extension Remote Command Execution
01.02.2017
William Webb
High
TrueOnline / ZyXEL P660HN-T v1 Router Unauthenticated Command Injection
01.02.2017
Pedro Ribeiro
High
TrueOnline / ZyXEL P660HN-T v2 Router Authenticated Command Injection
01.02.2017
Pedro Ribeiro
High
TrueOnline / Billion 5200W-T Router Unauthenticated Command Injection
01.02.2017
Pedro Ribeiro
High
Sophos Web Appliance 4.2.1.3 Remote Command Injection
31.01.2017
Russell Sanford
High
OPSI Managed Client Remote Command Execution
31.01.2017
Simon Bieber
High
TrueOnline ZyXEL / Billion Command Injection / Default Credentials
18.01.2017
agileinfosec
High
BoZoN 2.4 Remote Command Execution
18.01.2017
hyp3rlinx
High
dirList 0.3.0 File Upload / Command Execution
18.01.2017
hyp3rlinx
High
Ansible 2.1.4 / 2.2.1 Command Execution
12.01.2017
Undisclosed at Compute...
High
Zyxel/Eir D1000 DSL Modem NewNTPServer Command Injection Over TR-064
05.01.2017
Multiple
High
Nagios Core Curl Command Injection / Code Execution
16.12.2016
Dawid Golunski
High
Netgear R7000 Command Injection
09.12.2016
Acew0rm
High
Apache ActiveMQ 5.11.1 / 5.13.2 Directory Traversal / Command Execution
04.12.2016
David Jorm
High
EasyPHP Devserver 16.1.1 Cross Site Request Forgery / Remote Command Execution
23.11.2016
hyp3rlinx
High
Observium Remote Command Execution
12.11.2016
Ronald Volgers
High
Avira Antivirus 15.0.21.86 Command Execution
11.11.2016
R-73eN
High
Sophos Web Appliance 4.2.1.3 Remote Code Execution
05.11.2016
Matt Bergin (@thatguyl...
High
FreePBX 10.13.66 Remote Command Execution / Privilege Escalation
23.10.2016
Christopher Davis
High
Hak5 WiFi Pineapple Preconfiguration Command Injection 2
19.10.2016
catatonicprime
High
Hak5 WiFi Pineapple Preconfiguration Command Injection
19.10.2016
catatonicprime
High
Symantec Web Gateway 5.2.2 OS Command Injection
07.10.2016
Egidio Romano.
High
Billion Router 7700NR4 Remote Root Command Execution
07.10.2016
R-73eN
High
Cisco Firepower Threat Management Command Execution
06.10.2016
Matt Bergin
High
SAP Netweaver 7.40 SP 12 SCTC_REFRESH_EXPORT_TAB_COMP Command Injection
04.10.2016
Pablo Artuso
High
SAP Netweaver 7.40 SP 12 SCTC_REFRESH_CHECK_ENV Command Injection
04.10.2016
Pablo Artuso
High
SAP Netweaver 7.40 SP 12 SCTC_TMS_MAINTAIN_ALOG Command Injection
04.10.2016
Pablo Artuso
High
Metasploit Web UI Diagnostic Console Command Execution
23.09.2016
Justin Steven
Low
WordPress InfiniteWP Admin Panel 2.8.0 Command Injection
11.09.2016
Sipke Mellema
Med.
ObiHai ObiPhone 1032/1062 XSS / CSRF / DoS / Command Injection
23.08.2016
David Tomaschik
High
SAP TREX 7.10 Revision 63 Remote Command Execution
22.08.2016
Multiple
High
QNAP QTS 4.2.1 Build 20160601 Lang Parameter Command Injection
19.08.2016
Sebastian Nerz


CVEMAP Search Results

CVE
Details
Description
2017-10-30
Medium
CVE-2017-1000255

Vendor: Linux
Software: Linux kernel
 

 
On Linux running on PowerPC hardware (Power8 or later) a user process can craft a signal frame and then do a sigreturn so that the kernel will take an exception (interrupt), and use the r1 value *from the signal frame* as the kernel stack pointer. As part of the exception entry the content of the signal frame is written to the kernel stack, allowing an attacker to overwrite arbitrary locations with arbitrary values. The exception handling does produce an oops, and a panic if panic_on_oops=1, but only after kernel memory has been over written. This flaw was introduced in commit: "5d176f751ee3 (powerpc: tm: Enable transactional memory (TM) lazily for userspace)" which was merged upstream into v4.9-rc1. Please note that kernels built with CONFIG_PPC_TRANSACTIONAL_MEM=n are not vulnerable.

 
2017-10-27
Medium
CVE-2017-5056

Vendor: Google
Software: Chrome
 

 
A use after free in Blink in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

 
2017-09-17
Medium
CVE-2017-14500

Vendor: Newsbeuter
Software: Newsbeuter
 

 
Improper Neutralization of Special Elements used in an OS Command in the podcast playback function of Podbeuter in Newsbeuter 0.3 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item with a media enclosure (i.e., a podcast file) that includes shell metacharacters in its filename, related to pb_controller.cpp and queueloader.cpp, a different vulnerability than CVE-2017-12904.

 
2017-09-08
Medium
CVE-2017-14167

Vendor: QEMU
Software: QEMU
 

 
Integer overflow in the load_multiboot function in hw/i386/multiboot.c in QEMU (aka Quick Emulator) allows local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write.

 
2017-06-17
Medium
CVE-2017-9736

Vendor: SPIP
Software: SPIP
 

 
SPIP 3.1.x before 3.1.6 and 3.2.x before Beta 3 does not remove shell metacharacters from the host field, allowing a remote attacker to cause remote code execution.

 
2017-05-10
Medium
CVE-2017-5461

Vendor: Mozilla
Software: Network secu...
 

 
Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect base64 operations.

 
2017-04-24
Medium
CVE-2017-8105

Vendor: Freetype
Software: Freetype
 

 
FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_decoder_parse_charstrings function in psaux/t1decode.c.

 
Medium
CVE-2017-5029

Vendor: Xmlsoft
Software: Libxslt
 

 
The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

 
Medium
CVE-2017-5032

Vendor: Google
Software: Chrome
 

 
PDFium in Google Chrome prior to 57.0.2987.98 for Windows could be made to increment off the end of a buffer, which allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

 
2017-04-15
Medium
CVE-2017-7882

Vendor: Libreoffice
Software: Libreoffice
 

 
LibreOffice before 2017-03-14 has an out-of-bounds write related to the HWPFile::TagsRead function in hwpfilter/source/hwpfile.cxx.

 

 


Copyright 2017, cxsecurity.com

 

Back to Top