CWE:
 

Topic
Date
Author
High
TrueOnline ZyXEL / Billion Command Injection / Default Credentials
18.01.2017
agileinfosec
High
BoZoN 2.4 Remote Command Execution
18.01.2017
hyp3rlinx
High
dirList 0.3.0 File Upload / Command Execution
18.01.2017
hyp3rlinx
High
Ansible 2.1.4 / 2.2.1 Command Execution
12.01.2017
Undisclosed at Compute...
High
Zyxel/Eir D1000 DSL Modem NewNTPServer Command Injection Over TR-064
05.01.2017
Multiple
High
Nagios Core Curl Command Injection / Code Execution
16.12.2016
Dawid Golunski
High
Netgear R7000 Command Injection
09.12.2016
Acew0rm
High
Apache ActiveMQ 5.11.1 / 5.13.2 Directory Traversal / Command Execution
04.12.2016
David Jorm
High
EasyPHP Devserver 16.1.1 Cross Site Request Forgery / Remote Command Execution
23.11.2016
hyp3rlinx
High
Observium Remote Command Execution
12.11.2016
Ronald Volgers
High
Avira Antivirus 15.0.21.86 Command Execution
11.11.2016
R-73eN
High
Sophos Web Appliance 4.2.1.3 Remote Code Execution
05.11.2016
Matt Bergin (@thatguyl...
High
FreePBX 10.13.66 Remote Command Execution / Privilege Escalation
23.10.2016
Christopher Davis
High
Hak5 WiFi Pineapple Preconfiguration Command Injection 2
19.10.2016
catatonicprime
High
Hak5 WiFi Pineapple Preconfiguration Command Injection
19.10.2016
catatonicprime
High
Symantec Web Gateway 5.2.2 OS Command Injection
07.10.2016
Egidio Romano.
High
Billion Router 7700NR4 Remote Root Command Execution
07.10.2016
R-73eN
High
Cisco Firepower Threat Management Command Execution
06.10.2016
Matt Bergin
High
SAP Netweaver 7.40 SP 12 SCTC_REFRESH_EXPORT_TAB_COMP Command Injection
04.10.2016
Pablo Artuso
High
SAP Netweaver 7.40 SP 12 SCTC_REFRESH_CHECK_ENV Command Injection
04.10.2016
Pablo Artuso
High
SAP Netweaver 7.40 SP 12 SCTC_TMS_MAINTAIN_ALOG Command Injection
04.10.2016
Pablo Artuso
High
Metasploit Web UI Diagnostic Console Command Execution
23.09.2016
Justin Steven
Low
WordPress InfiniteWP Admin Panel 2.8.0 Command Injection
11.09.2016
Sipke Mellema
Med.
ObiHai ObiPhone 1032/1062 XSS / CSRF / DoS / Command Injection
23.08.2016
David Tomaschik
High
SAP TREX 7.10 Revision 63 Remote Command Execution
22.08.2016
Multiple
High
QNAP QTS 4.2.1 Build 20160601 Lang Parameter Command Injection
19.08.2016
Sebastian Nerz
High
QNAP QTS 4.2.1 Build 20160601 imbgName Parameter Command Injection
19.08.2016
Sebastian Nerz
High
QNAP QTS 4.2.0 Build 20160311 / Build 20160601 Command Injection
19.08.2016
Sebastian Nerz
High
Samsung Smart Home Camera SNH-P-6410 Command Injection
18.08.2016
PenTest Partners
High
Linksys E2500 / E1200 Command Injection
16.08.2016
samuelhuntley
High
FreePBX 13 / 14 Remote Command Execution
13.08.2016
pgt
High
NUUO Multiple OS Command Injection Vulnerabilities
07.08.2016
Gjoko 'LiquidWorm' Krs...
High
NASdeluxe NDL-2400r 2.01.10 Command Injection
06.08.2016
Klaus Eisentraut
High
ntop 2.5 Cross Site Request Forgery / Command Execution
06.08.2016
javutin
High
AXIS Authenticated Remote Command Execution
28.07.2016
orwelllabs
High
Centreon Web Interface 2.5.3 Command Execution
28.07.2016
Nicolas CHATELAIN
High
Hitron CGNV4 Modem / Router CSRF / Session Management / Command Injection
22.07.2016
Gergely Eberhardt
High
Compal CH7465LG-LC Modem / Router Session Management / Command Injection
22.07.2016
Gergely Eberhardt
High
Meinberg NTP Time Server ELX800/GPS M4x 5.30p Command Execution
19.07.2016
b0yd
Med.
PrinceXML Wrapper Class Command Injection
08.07.2016
Brandon Perry
High
Ubiquiti Administration Portal CSRF / Remote Command Execution
29.06.2016
Matt Bergin
High
Untangle NGFW 12.1.0 Beta execEvil() Command Injection
28.06.2016
Matt Bush
Med.
SugarCRM 6.5.18 fopen() Command Injection / XSS / SSRF
24.06.2016
Egidio Romano
High
Tiki-Wiki CMS Calendar Command Execution
23.06.2016
Dany Ouellet
High
phpATM 1.32 Remote Command Execution / Shell Upload
18.06.2016
Paolo Massenio
High
op5 7.1.9 Configuration Command Execution
17.06.2016
hyp3rlinx
Med.
iSQL 1.0 Shell Command Injection
14.06.2016
HaHwul
High
Apache Continuum 1.4.2 Arbitrary Command Execution
14.06.2016
wvu
High
IPFire proxy.cgi Remote Command Execution
10.06.2016
Yann CAM
Med.
IBM GPFS / Spectrum Scale Command Injection
10.06.2016
John Fitzpatrick
High
HP Data Protector Encrypted Communication Remote Command Execution
07.06.2016
Ian Lovering
High
Apache Continuum 1.4.2 Command Injection / Cross Site Scripting
07.06.2016
David Shanahan
High
Relay Ajax Directory Manager 1.5.3 File Upload / Command Execution
02.06.2016
RedTeam
High
AirOS NanoStation M2 5.6-beta File Download / Command Execution
02.06.2016
Pablo Rebolini
High
HP Data Protector A.09.00 Command Execution
27.05.2016
Ian Lovering
High
ImageMagick Delegate Arbitrary Command Execution
07.05.2016
hdm
Med.
IPFire XSS / CSRF / Command Execution
04.05.2016
Yann CAM
Med.
Zabbix Agent 3.0.1 mysql.size Shell Command Injection
04.05.2016
Nixu Corporation
Med.
PfSense Community Edition 2.2.6 CSRF / XSS / Command Injection
18.04.2016
Francesco Oddo
High
op5 7.1.9 Remote Command Execution
06.04.2016
hyp3rlinx
High
MeshCMS 3.6 Remote Command Execution
06.04.2016
piaox xiong
High
Netgear DGNv2200 Authorization Bypass / Command Injection
22.03.2016
0x3d5157636b525761
High
Dropbear SSHD xauth Command Injection / Bypass
17.03.2016
dropbear
High
AKIPS Network Monitor 16.5 OS Command Injection
17.03.2016
BrianWGray
High
OpenSSH 7.2p1 xauth Command Injection / Bypass
16.03.2016
tintinweb
High
Schneider Electric Building Operation Automation Server 1.6.1.5000 Escalation / Command Execution
04.03.2016
Karn Ganeshen
High
D-Link / Netgear FIRMADYNE Command Injection / Buffer Overflow
27.02.2016
Dominic
High
Centreon 2.5.3 Code Execution
27.02.2016
Nicolas CHATELAIN
Med.
phpMyBackupPro 2.5 CSRF / Remote Command Execution
16.02.2016
hyp3rlinx
High
Arris DG1670A Cable Modem Remote Command Execution
14.02.2016
Matt Bergin
High
D-Link DSL-2750B Remote Command Execution
12.02.2016
p@ql
High
File Replication Pro 7.2.0 Command Execution / File Disclosure / Traversal
12.02.2016
Jerold Hoong
High
D-Link DCS-930L Authenticated Remote Command Execution
10.02.2016
Nicholas
High
GE Industrial Solutions UPS SNMP Adapter Command Injection
04.02.2016
Karn Ganeshen
High
Apache LDAP / Directory Studio Command Injection
05.01.2016
Muhammad Shahmeer Amir
High
Geeklog 2.1.0 Command Injection
11.12.2015
Tim Coen
Med.
GoAutoDial CE 3.3 SQL Injection / Command Injection
08.12.2015
R-73eN
Low
WordPress Cool Video Gallery 1.9 Command Injection
04.12.2015
Larry W. Cashdollar
Med.
Cambium ePMP 1000 Command Injection / Privilege Escalation
20.11.2015
Karn Ganeshen
High
F5 iControl iCall::Script Root Command Execution
19.11.2015
tom
Med.
Lan Scan HD 1.20 Command Injection
18.11.2015
Vulnerability Lab
Med.
Port Scan 2.0 Command Injection
18.11.2015
Vulnerability Lab
Low
D-Link SSDP Command Injection
17.11.2015
Samuel Huntley
Low
D-Link DIR-601 Command Injection
17.11.2015
Samuel Huntley
High
D-Link DIR-818W Buffer Overflow / Command Injection
17.11.2015
Samuel Huntley
High
D-Link DIR-815 Buffer Overflow / Command Injection
17.11.2015
Samuel Huntley
High
D-Link DIR-817LW Buffer Overflow / Command Injection
17.11.2015
Samuel Huntley
High
CF Image Host 1.6.6 Command Injection
16.11.2015
hyp3rlinx
High
SAP HANA TrexNet Command Execution
10.11.2015
Onapsis
High
Linksys X2000 Command Execution
04.11.2015
Lorenzo Pistone
High
Redis Remote Command Execution
04.11.2015
Antirez
Med.
X11 Keyboard Command Injection
16.10.2015
xistence
High
ZyXEL PMG5318-B20A OS Command Injection
16.10.2015
Karn Ganeshen
High
Zhone Insecure Reference / Password Disclosure / Command Injection
13.10.2015
Lyon Yang
High
HP SiteScope DNS Tool Command Injection
11.10.2015
Juan Vazquez
High
WinRAR Settings Import Command Execution
03.10.2015
R-73eN
High
PIXORD Vehicle 3G Wi-Fi Router Command Injection / Information Disclosure
03.10.2015
Karn Ganeshen
High
WinRAR Expired Notification Command Execution
02.10.2015
R-73eN
Med.
Western Digital My Cloud Command Injection
30.09.2015
James Sibley
High
Watchguard XCS Remote Command Execution
26.09.2015
Daniel Jensen


CVEMAP Search Results

CVE
Details
Description
2015-02-01
Medium
CVE-2014-7269

Vendor: ASUS
Software: Rt-ac56s
 

 
ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allow remote authenticated users to execute arbitrary OS commands via unspecified vectors.

 
2014-12-27
Medium
CVE-2013-6041

Vendor: Softaculous
Software: Webuzo
 

 
index.php in Softaculous Webuzo before 2.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in a SOFTCookies sid cookie within a login action.

 
2014-12-05
Medium
CVE-2014-7253

Vendor: Fujitsu
Software: Arrows kiss ...
 

 
FUJITSU F-12C, ARROWS Tab LTE F-01D, ARROWS Kiss F-03D, and REGZA Phone T-01D for Android allows local users to execute arbitrary commands via unspecified vectors.

 
2014-11-20
High
CVE-2014-8387

Vendor: Advantech
Software: Eki-6340
 

 
cgi/utility.cgi in Advantech EKI-6340 2.05 Wi-Fi Mesh Access Point allows remote authenticated users to execute arbitrary commands via shell metacharacters in the pinghost parameter to ping.cgi.

 
2014-10-31
Medium
CVE-2014-8334

Vendor: Wp-dbmanager project
Software: Wp-dbmanager
 

 
The WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) $backup['filepath'] (aka "Path to Backup:" field) or (2) $backup['mysqldumppath'] variable.

 
2014-10-07
High
CVE-2014-4868

Vendor: Brocade
Software: Vyatta 5400 ...
 

 
The management console on the Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 allows remote authenticated users to execute arbitrary Linux commands via shell metacharacters in a console command.

 
High
CVE-2014-5502

Vendor: Cyberoam
Software: Cyberoam os
 

 
The Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote authenticated users to inject arbitrary commands via a (1) checkcert_key, (2) webclient_portal_settings, (3) sslvpn_liveuser_delete, or (4) ccc_flush_sql_file opcode.

 
High
CVE-2014-6434

Vendor: Gopro
Software: Gopro hero
 

 
gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary commands via a the (1) a1 or (2) a2 parameter in a restart action.

 
2014-08-03
High
CVE-2013-5758

Vendor: Yealink
Software: Sip-t38g
 

 
cgi-bin/cgiServer.exx in Yealink VoIP Phone SIP-T38G allows remote authenticated users to execute arbitrary commands by calling the system method in the body of a request, as demonstrated by running unauthorized services, changing directory permissions, and modifying files.

 
2014-07-20
High
CVE-2014-1987

Vendor: Cybozu
Software: Garoon
 

 
The CGI component in Cybozu Garoon 3.1.0 through 3.7 SP3 allows remote attackers to execute arbitrary commands via unspecified vectors.

 

 


Copyright 2017, cxsecurity.com