CWE:
 

Topic
Date
Author
High
McAfee Security Scan Plus Remote Command Execution
16.02.2018
SecuriTeam
High
NAT32 2.2 Build 22284 Remote Command Execution
14.02.2018
hyp3rlinx
High
NetEx HyperIP 6.1.0 Post-Auth Command Execution
11.02.2018
Matt Bergin
High
Geovision Inc. IP Camera / Video Server Remote Command Execution
08.02.2018
bashis
High
Geovision Inc. IP Camera Remote Command Execution / Stack Overflow
03.02.2018
bashis
High
BMC Server Automation RSCD Agent NSH Remote Command Execution
01.02.2018
Nicky Bloor
Med.
OTRS 5.0.x/6.0.x Remote Command Execution
22.01.2018
Bæln0rn
Med.
Belkin N600DB Command Injection / Backdoor
18.01.2018
Wadeek
Med.
pfSense 2.1.3 status_rrd_graph_img.php Command Injection
16.01.2018
absolomb
High
D-Link DNS-343 ShareCenter 1.05 Command Injection
15.01.2018
GulfTech
High
D-Link DNS-325 ShareCenter 1.05B03 Shell Upload / Command Injection
15.01.2018
Phosphorus Cybersecuri...
High
Flash Operator Panel 2.31.03 Command Execution
13.01.2018
Vulnerability Lab
High
HPE iMC dbman RestoreDBase Unauthenticated Remote Command Execution
10.01.2018
Brendan
High
HPE iMC dbman RestartDB Unauthenticated Remote Command Execution
10.01.2018
Brendan
High
Commvault Communications Service (cvd) Command Injection
09.01.2018
b0yd
High
Oracle WebLogic < 10.3.6 wls-wsat Component Deserialisation Remote Command Execution
08.01.2018
Kevin Kirsche
High
Linksys WVBR0-25 User-Agent Command Execution
04.01.2018
HeadlessZeke
High
Cambium ePMP1000 get_chart Shell via Command Injection (Metasploit)
01.01.2018
Karn Ganeshen
High
Cambium ePMP1000 ping Shell via Command Injection (Metasploit)
01.01.2018
Karn Ganeshen
High
Cambium ePMP1000 3.1-3.5-RC7 Command Injection
31.12.2017
Karn
Med.
Cambium ePMP1000 2.5 Command Injection
31.12.2017
Karn
High
Zoom Linux Client 2.0.106600.0904 Command Injection
18.12.2017
Gabriel Quadros, Ricar...
High
ITGuard-Manager 0.0.0.1 Remote Command Execution
15.12.2017
Nassim Asrir
High
Zivif PR115-204-P-RS 2.3.4.2103 Bypass / Command Injection / Hardcoded Password
13.12.2017
Silas
High
LaCie 5big Network 2.2.8 Command Injection
07.12.2017
Timo Sablowski
High
Polycom Shell HDX Series Traceroute Command Execution
06.12.2017
staaldraad
High
OpenEMR 5.0.0 Command Injection / Cross Site Scripting
04.12.2017
Jasveer
High
Synology StorageManager 5.2 Remote Root Command Execution
29.11.2017
SecuriTeam
High
pfSense 2.3.1_1 Remote Command Execution
29.11.2017
h00die, s4squatch
High
Mako Server 2.5 OS Command Injection Remote Command Execution
17.11.2017
Steven Patterson
High
D-Link DIR-850L Unauthenticated Command Execution
14.11.2017
Zdenda
High
Mako Server 2.5 Command Injection
09.11.2017
Steven Patterson
High
pfSense 2.3.1_1 Command Execution
07.11.2017
s4squatch
High
tnftp "savefile" Arbitrary Command Execution
03.11.2017
wvu
Med.
Sonicwall WXA5000 1.3.2-10-30 Console Jail Escape / Privilege Escalation
25.10.2017
Matt Bergin
High
Unitrends UEB bpserverd Authentication Bypass / Remote Command Execution
22.10.2017
Multiple
High
Webmin 1.850 SSRF / CSRF / Cross Site Scripting / Command Execution
18.10.2017
hyp3rlinx
High
Shadowsocks Log Manipulation / Command Execution
15.10.2017
X41 D-Sec
High
Shadowsocks-libev 3.1.0 Command Execution
15.10.2017
X41 D-Sec
High
Unitrends UEB 9.1 Unitrends bpserverd Remote Command Execution
06.10.2017
Multiple
High
Unitrends UEB 9.1 Authentication Bypass / Remote Command Execution
06.10.2017
Multiple
High
Netgear ReadyNAS Surveillance 1.4.3-16 Remote Command Execution
05.10.2017
Kacper Szurek
Med.
Fiberhome AN5506-04-F Command Injection
04.10.2017
Tauco
High
UCOPIA Wireless Appliance Restricted Shell Escape
30.09.2017
SYSDREAM
Med.
UCOPIA Wireless Appliance Privilege Escalation
30.09.2017
SYSDREAM
High
Faleemi FSC-880 CSRF / SQL Injection / Command Execution
29.09.2017
Oleg Puzanov
High
Git cvsserver Remote Command Execution
28.09.2017
joernchen
High
NodeJS Debugger Command Injection
26.09.2017
Patrick Thomas
High
FLIR Systems FLIR Thermal Camera FC-S/PT Authenticated OS Command Injection
26.09.2017
Gjoko 'LiquidWorm' Krs...
High
Infinite Automation Mango Automation Command Injection
14.09.2017
james fitts
High
Alienvault OSSIM av-centerd 4.7.0 get_log_line Command Injection
13.09.2017
james fitts
High
Alienvault OSSIM av-centerd Util.pm sync_rserver Command Execution
13.09.2017
james fitts
High
Alienvault Open Source SIEM (OSSIM) < 4.7.0 get_license Remote Command Execution
13.09.2017
james fitts
High
WiseGiga NAS CSRF / LFI / Command Execution
12.09.2017
Pierre Kim
High
QNAP Transcode Server Command Execution
29.08.2017
Brendan
High
Symantec Messaging Gateway 10.6.3-2 - Unauthenticated root Remote Command Execution
21.08.2017
Philip Pettersson
High
Ubiquiti Networks UniFi Cloud Key Firmware 0.6.1 Command Injection
05.08.2017
SEC
High
VICIdial 2.9 RC 1 to 2.13 RC1 - user_authorization Unauthenticated Command Execution (Metasploit)
28.07.2017
Brendan Coles
High
VICIdial user_authorization Unauthenticated Command Execution
22.07.2017
Brendan
High
Sonicwall SRA 8.1.0.2-14sv gencsr.cgi Command Injection
21.07.2017
xort
High
Sonicwall importlogo/sitecustomization Remote Command Injection
21.07.2017
xort
High
Sophos Web Appliance 4.3.0.2 trafficType Remote Command Injection
18.07.2017
xort
High
Barracuda Load Balancer Firmware <= 6.0.1.006 - Remote Command Injection
18.07.2017
xort
High
NfSec 1.3.7 / AlienVault USM/OSSIM 5.3.4 Command Injection
11.07.2017
Paul Taylor
High
NfSen <= 1.3.7 / AlienVault OSSIM 5.3.4 - Command Injection
11.07.2017
Paul Taylor
High
PDNS Manager Remote Command Execution
06.07.2017
RedTeam Pentesting
High
GoAutoDial 3.3 Authentication Bypass / Command Injection
05.07.2017
Chris McCurley
High
Netgear DGN2200 dnslookup.cgi Command Injection
27.06.2017
thecarterb
High
Netgear DGN2200 dnslookup.cgi Command Injection
25.06.2017
SivertPL
High
Atlassian SourceTree 2.5c Command Execution
23.05.2017
Alfred and Sandro
High
WordPress PHPMailer Host Header Command Injection
17.05.2017
wvu
High
Serviio Media Server checkStreamUrl Command Execution
17.05.2017
Brendan Coles
High
I, Librarian PDF Manager 4.6 / 4.7 Command Injection / SSRF / Enumeration
10.05.2017
SE Consult
Med.
Atlassian SourceTree 2.5c Client URL Handler Command Injection
05.05.2017
redrain
High
Ghostscript 9.21 Type Confusion Arbitrary Command Execution
02.05.2017
hdm
Med.
Alerton Webtalk 2.5 / 3.3 Hash Disclosure / CSRF / Command Injection
28.04.2017
David Tomaschik
Med.
WePresent WiPG-1000 Command Injection
25.04.2017
Matthias Brun
Med.
Solarwinds LEM 6.3.1 Shell Escape Command Injection
25.04.2017
Matt Bergin
High
Trend Micro Threat Discovery Appliance admin_sys_time.cgi Remote Command Execution
19.04.2017
Roberto Suggi Liverani...
High
Huawei HG532n Command Injection
18.04.2017
Ahmed S. Darwish
High
AlienVault USM/OSSIM 5.3.4 / 5.3.5 Remote Command Execution
14.04.2017
Peter Lapp
High
EON 5.0 Remote Code Execution
24.03.2017
SYSDREAM Labs
High
Logsign Remote Command Injection
24.03.2017
Mehmet Ince
High
dnaLIMS Admin Module Command Execution
21.03.2017
flakey_biscuit
High
Ubiquiti Networks Command Injection
18.03.2017
T. Weber
High
Netgear R7000 / R6400 cgi-bin Command Injection
14.03.2017
thecarterb
High
Wireless IP Camera (P2P) WIFICAM GoAhead Backdoor / Remote Command Execution
10.03.2017
Pierre Kim
High
Struts2 S2-045 Remote Command Execution
08.03.2017
dsaw dash
High
Bull / IBM AIX Clusterwatch / Watchware File Write / Command Injection
08.03.2017
RandoriSec
High
Western Digital My Cloud Command Injection / File Upload
08.03.2017
Wan Ikram
High
NetGain Enterprise Manager 7.2.562 Command Execution
04.03.2017
MrChaZ
High
Netgear DGN2201 v1/v2/v3/v4 dnslookup.cgi Remote Command Execution
27.02.2017
SivertPL
High
Sonicwall SRA 8.1.0.2-14sv viewcert.cgi Remote Command Execution
24.02.2017
xort
High
Sophos Web Appliance 4.2.1.3 Remote Command Execution
24.02.2017
xort @ Critical Start
High
Siklu EtherHaul Remote Command Execution
24.02.2017
Ian Ling
Med.
QNAP QTS 4.2.x XSS / Command Injection / Transport Issues
18.02.2017
Harry Sintonen
Med.
TP-Link C2 / C20i Command Injection / Denial Of Service
10.02.2017
Pierre Kim
High
Cisco WebEx Chrome Extension Remote Command Execution
01.02.2017
William Webb
High
TrueOnline / ZyXEL P660HN-T v1 Router Unauthenticated Command Injection
01.02.2017
Pedro Ribeiro
High
TrueOnline / ZyXEL P660HN-T v2 Router Authenticated Command Injection
01.02.2017
Pedro Ribeiro


CVEMAP Search Results

CVE
Details
Description
2018-01-30
Medium
CVE-2017-17969

Vendor: 7-zip
Software: 7-zip
 

 
Heap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal method in 7-Zip before 18.00 and p7zip allows remote attackers to cause a denial of service (out-of-bounds write) or potentially execute arbitrary code via a crafted ZIP archive.

 
2018-01-29
Medium
CVE-2018-3835

Vendor: Disneyanimation
Software: PTEX
 

 
An exploitable out of bounds write vulnerability exists in version 2.2 of the Per Face Texture mapping application known as PTEX. The vulnerability is present in the reading of a file without proper parameter checking. The value read in, is not verified to be valid and its use can lead to a buffer overflow, potentially resulting in code execution.

 
High
CVE-2018-6388

Vendor: Iball
Software: Ib-wra150n f...
 

 
iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices allow remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ping test arguments on the Diagnostics page.

 
2018-01-27
Medium
CVE-2018-6353

Vendor: Electrum
Software: Electrum
 

 
The Python console in Electrum through 2.9.4 and 3.x through 3.0.5 supports arbitrary Python code without considering (1) social-engineering attacks in which a user pastes code that they do not understand and (2) code pasted by a physically proximate attacker at an unattended workstation, which makes it easier for attackers to steal Bitcoin via hook code that runs at a later time when the wallet password has been entered, a different vulnerability than CVE-2018-1000022.

 
2018-01-26
High
CVE-2018-0506

Vendor: Nootka project
Software: Nootka
 

 
Nootka 1.4.4 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.

 
2018-01-25
High
CVE-2017-1000393

Vendor: Jenkins
Software: Jenkins
 

 
Jenkins 2.73.1 and earlier, 2.83 and earlier users with permission to create or configure agents in Jenkins could configure a launch method called 'Launch agent via execution of command on master'. This allowed them to run arbitrary shell commands on the master node whenever the agent was supposed to be launched. Configuration of this launch method now requires the Run Scripts permission typically only granted to administrators.

 
2018-01-24
High
CVE-2017-1000502

Vendor: Jenkins
Software: EC2
 

 
Users with permission to create or configure agents in Jenkins 1.37 and earlier could configure an EC2 agent to run arbitrary shell commands on the master node whenever the agent was supposed to be launched. Configuration of these agents now requires the 'Run Scripts' permission typically only granted to administrators.

 
High
CVE-2018-1000006

Vendor: ATOM
Software: Electron
 

 
GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and earlier, 1.6.15 and earlier has a vulnerability in the protocol handler, specifically Electron apps running on Windows 10, 7 or 2008 that register custom protocol handlers can be tricked in arbitrary command execution if the user clicks on a specially crafted URL. This has been fixed in versions 1.8.2-beta.4, 1.7.11, and 1.6.16.

 
2018-01-21
High
CVE-2016-10709

Vendor: Pfsense
Software: Pfsense
 

 
pfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a '|' character in the status_rrd_graph_img.php graph parameter, related to _rrd_graph_img.php.

 
2018-01-18
Medium
CVE-2018-0115

Vendor: Cisco
Software: Staros
 

 
A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected host operating system. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by injecting malicious command arguments into a vulnerable CLI command. A successful exploit could allow the attacker to execute arbitrary commands with root privileges. To exploit this vulnerability, the attacker would need to authenticate to the affected system by using valid administrator credentials. Cisco Bug IDs: CSCvf93332.

 

 


Copyright 2018, cxsecurity.com

 

Back to Top