CWE:
 

Topic
Date
Author
High
ASUSTOR ADM 3.1.0.RFQ3 Remote Command Execution / SQL Injection
16.08.2018
Kyle Lovett
High
ASUS DSL-N12E_C1 1.1.2.3_345 Remote Command Execution
03.08.2018
Fakhri Zulkifli
High
CoSoSys Endpoint Protector 4.5.0.1 Remote Root Command Injection
03.08.2018
0x09AL
High
Axis Network Camera Remote Command Execution
27.07.2018
sinn3r
High
SoftNAS Cloud OS Command Injection
27.07.2018
CORE
High
CMS Made Simple 2.2.5 Authenticated Remote Command Execution
20.07.2018
Jacob Robles
High
QNAP Q Center change_passwd Command Execution
17.07.2018
Ivan Huertas
High
Hadoop YARN ResourceManager Unauthenticated Command Execution (Metasploit)
14.07.2018
Green-m
Med.
QNAP Qcenter Virtual Appliance 1.6.x Information Disclosure / Command Injection
13.07.2018
Core Security Technolo...
High
HID discoveryd command_blink_on Unauthenticated Remote Command Execution
08.07.2018
Brendan Coles
Med.
HP VAN SDN Controller Root Command Injection
08.07.2018
Matthew Bergin
Med.
Quest KACE Systems Management Command Injection
02.07.2018
Metasploit
High
VMware NSX SD-WAN Edge Command Injection
02.07.2018
Section 8
High
Geutebruck simple_loglistjs.cgi Remote Command Execution
02.07.2018
Davy Douhine
High
TP-Link TL-WR841N V13 Command Injection
29.06.2018
Tim Coen
High
PRTG Command Injection
28.06.2018
Josh Berry
High
Quest KACE Systems Management Command Injection
27.06.2018
Brendan Coles
High
TP-Link TL-WA850RE Remote Command Execution
22.06.2018
yoresongo
High
Siaberry 1.2.2 Command Injection
13.06.2018
Space Duck
Med.
DHCP Client Command Injection (DynoRoot)
13.06.2018
Felix Wilhelm
High
Quest DR Series Disk Backup Software 4.0.3 Code Execution
01.06.2018
Core Security Technolo...
High
JDA Connect CSRF / Command Execution / Exposed JMX Service
31.05.2018
Xiaoran Wang
High
Bitmain Antminer D3/L3+/S9 Remote Command Execution
28.05.2018
CorryL
High
D-Link DSL-2750B OS Command Injection (Metasploit)
26.05.2018
Marcin Bury
High
D-Link DSL-2750B OS Command Injection
25.05.2018
Marcin Bury
High
DynoRoot DHCP Command Injection
21.05.2018
Kevin Kirsche
High
Inteno IOPSYS 2.0 4.2.0 p910nd Remote Command Execution
17.05.2018
neonsea
High
EMC RecoverPoint 4.3 Admin CLI Command Injection
12.05.2018
Paul Taylor
High
MSTAR Set-Top BOX Command Injection
04.05.2018
ivanm
High
xdebug Unauthenticated OS Command Execution
02.05.2018
Mumbai
High
Oracle Weblogic Server 10.3.6.0 / 12.1.3.0 / 12.2.1.2 / 12.2.1.3 Deserialization Remote Command Execution
29.04.2018
Liao Xinxi
High
ASUS infosvr Authentication Bypass Command Execution
22.04.2018
jduck
Med.
Moxa AWK-3131A 1.4 < 1.7 Username OS Command Injection
04.04.2018
Talos
High
Homematic CCU2 2.29.23 Remote Command Execution
31.03.2018
Patrick Muench and Gre...
High
Eclipse Equinoxe OSGi Console Command Execution
08.03.2018
Quentin Kaiser
High
ClipBucket < 4.0.0 Release 4902 Command Injection / File Upload / SQL Injection
06.03.2018
Ahmad Ramadhan Amizudi...
High
OTRS 5.0.2, 5.0.0 - 5.0.24, 6.0.0 - 6.0.1 Command Injection
04.03.2018
Ali BawazeEer
High
McAfee Security Scan Plus Remote Command Execution
16.02.2018
SecuriTeam
High
NAT32 2.2 Build 22284 Remote Command Execution
14.02.2018
hyp3rlinx
High
NetEx HyperIP 6.1.0 Post-Auth Command Execution
11.02.2018
Matt Bergin
High
Geovision Inc. IP Camera / Video Server Remote Command Execution
08.02.2018
bashis
High
Geovision Inc. IP Camera Remote Command Execution / Stack Overflow
03.02.2018
bashis
High
BMC Server Automation RSCD Agent NSH Remote Command Execution
01.02.2018
Nicky Bloor
Med.
OTRS 5.0.x/6.0.x Remote Command Execution
22.01.2018
Bæln0rn
Med.
Belkin N600DB Command Injection / Backdoor
18.01.2018
Wadeek
Med.
pfSense 2.1.3 status_rrd_graph_img.php Command Injection
16.01.2018
absolomb
High
D-Link DNS-343 ShareCenter 1.05 Command Injection
15.01.2018
GulfTech
High
D-Link DNS-325 ShareCenter 1.05B03 Shell Upload / Command Injection
15.01.2018
Phosphorus Cybersecuri...
High
Flash Operator Panel 2.31.03 Command Execution
13.01.2018
Vulnerability Lab
High
HPE iMC dbman RestoreDBase Unauthenticated Remote Command Execution
10.01.2018
Brendan
High
HPE iMC dbman RestartDB Unauthenticated Remote Command Execution
10.01.2018
Brendan
High
Commvault Communications Service (cvd) Command Injection
09.01.2018
b0yd
High
Oracle WebLogic < 10.3.6 wls-wsat Component Deserialisation Remote Command Execution
08.01.2018
Kevin Kirsche
High
Linksys WVBR0-25 User-Agent Command Execution
04.01.2018
HeadlessZeke
High
Cambium ePMP1000 get_chart Shell via Command Injection (Metasploit)
01.01.2018
Karn Ganeshen
High
Cambium ePMP1000 ping Shell via Command Injection (Metasploit)
01.01.2018
Karn Ganeshen
High
Cambium ePMP1000 3.1-3.5-RC7 Command Injection
31.12.2017
Karn
Med.
Cambium ePMP1000 2.5 Command Injection
31.12.2017
Karn
High
Zoom Linux Client 2.0.106600.0904 Command Injection
18.12.2017
Gabriel Quadros, Ricar...
High
ITGuard-Manager 0.0.0.1 Remote Command Execution
15.12.2017
Nassim Asrir
High
Zivif PR115-204-P-RS 2.3.4.2103 Bypass / Command Injection / Hardcoded Password
13.12.2017
Silas
High
LaCie 5big Network 2.2.8 Command Injection
07.12.2017
Timo Sablowski
High
Polycom Shell HDX Series Traceroute Command Execution
06.12.2017
staaldraad
High
OpenEMR 5.0.0 Command Injection / Cross Site Scripting
04.12.2017
Jasveer
High
Synology StorageManager 5.2 Remote Root Command Execution
29.11.2017
SecuriTeam
High
pfSense 2.3.1_1 Remote Command Execution
29.11.2017
h00die, s4squatch
High
Mako Server 2.5 OS Command Injection Remote Command Execution
17.11.2017
Steven Patterson
High
D-Link DIR-850L Unauthenticated Command Execution
14.11.2017
Zdenda
High
Mako Server 2.5 Command Injection
09.11.2017
Steven Patterson
High
pfSense 2.3.1_1 Command Execution
07.11.2017
s4squatch
High
tnftp "savefile" Arbitrary Command Execution
03.11.2017
wvu
Med.
Sonicwall WXA5000 1.3.2-10-30 Console Jail Escape / Privilege Escalation
25.10.2017
Matt Bergin
High
Unitrends UEB bpserverd Authentication Bypass / Remote Command Execution
22.10.2017
Multiple
High
Webmin 1.850 SSRF / CSRF / Cross Site Scripting / Command Execution
18.10.2017
hyp3rlinx
High
Shadowsocks Log Manipulation / Command Execution
15.10.2017
X41 D-Sec
High
Shadowsocks-libev 3.1.0 Command Execution
15.10.2017
X41 D-Sec
High
Unitrends UEB 9.1 Unitrends bpserverd Remote Command Execution
06.10.2017
Multiple
High
Unitrends UEB 9.1 Authentication Bypass / Remote Command Execution
06.10.2017
Multiple
High
Netgear ReadyNAS Surveillance 1.4.3-16 Remote Command Execution
05.10.2017
Kacper Szurek
Med.
Fiberhome AN5506-04-F Command Injection
04.10.2017
Tauco
High
UCOPIA Wireless Appliance Restricted Shell Escape
30.09.2017
SYSDREAM
Med.
UCOPIA Wireless Appliance Privilege Escalation
30.09.2017
SYSDREAM
High
Faleemi FSC-880 CSRF / SQL Injection / Command Execution
29.09.2017
Oleg Puzanov
High
Git cvsserver Remote Command Execution
28.09.2017
joernchen
High
NodeJS Debugger Command Injection
26.09.2017
Patrick Thomas
High
FLIR Systems FLIR Thermal Camera FC-S/PT Authenticated OS Command Injection
26.09.2017
Gjoko 'LiquidWorm' Krs...
High
Infinite Automation Mango Automation Command Injection
14.09.2017
james fitts
High
Alienvault OSSIM av-centerd 4.7.0 get_log_line Command Injection
13.09.2017
james fitts
High
Alienvault OSSIM av-centerd Util.pm sync_rserver Command Execution
13.09.2017
james fitts
High
Alienvault Open Source SIEM (OSSIM) < 4.7.0 get_license Remote Command Execution
13.09.2017
james fitts
High
WiseGiga NAS CSRF / LFI / Command Execution
12.09.2017
Pierre Kim
High
QNAP Transcode Server Command Execution
29.08.2017
Brendan
High
Symantec Messaging Gateway 10.6.3-2 - Unauthenticated root Remote Command Execution
21.08.2017
Philip Pettersson
High
Ubiquiti Networks UniFi Cloud Key Firmware 0.6.1 Command Injection
05.08.2017
SEC
High
VICIdial 2.9 RC 1 to 2.13 RC1 - user_authorization Unauthenticated Command Execution (Metasploit)
28.07.2017
Brendan Coles
High
VICIdial user_authorization Unauthenticated Command Execution
22.07.2017
Brendan
High
Sonicwall SRA 8.1.0.2-14sv gencsr.cgi Command Injection
21.07.2017
xort
High
Sonicwall importlogo/sitecustomization Remote Command Injection
21.07.2017
xort
High
Sophos Web Appliance 4.3.0.2 trafficType Remote Command Injection
18.07.2017
xort
High
Barracuda Load Balancer Firmware <= 6.0.1.006 - Remote Command Injection
18.07.2017
xort


CVEMAP Search Results

CVE
Details
Description
2018-06-28
Medium
CVE-2018-12933

Vendor: Winehq
Software: WINE
 

 
PlayEnhMetaFileRecord in enhmetafile.c in Wine 3.7 allows attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact because the attacker controls the pCreatePen->ihPen array index.

 
2018-06-20
Medium
CVE-2018-12600

Vendor: Imagemagick
Software: Imagemagick
 

 
In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause an out of bounds write via a crafted file.

 
Medium
CVE-2018-12599

Vendor: Imagemagick
Software: Imagemagick
 

 
In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out of bounds write via a crafted file.

 
High
CVE-2018-6211

Vendor: D-link
Software: Dir-620 firmware
 

 
On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, OS command injection is possible as a result of incorrect processing of the res_buf parameter to index.cgi.

 
High
CVE-2018-12591

Vendor: UBNT
Software: Edgeswitch f...
 

 
Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an improperly neutralized element in an OS command due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker with access to an admin account could escape the restricted CLI and execute arbitrary shell instructions.

 
2018-06-15
Medium
CVE-2018-12035

Vendor: Virustotal
Software: YARA
 

 
In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds write vulnerability in yr_execute_code in libyara/exec.c.

 
2018-06-13
Medium
CVE-2017-3936

Vendor: Mcafee
Software: Epolicy orch...
 

 
OS Command Injection vulnerability in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, 5.3.1, 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows attackers to run arbitrary OS commands with limited privileges via not sanitizing the user input data before exporting it into a CSV format output.

 
2018-06-11
Medium
CVE-2017-5436

Vendor: Mozilla
Software: Firefox
 

 
An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

 
Medium
CVE-2017-5443

Vendor: Mozilla
Software: Firefox
 

 
An out-of-bounds write vulnerability while decoding improperly formed BinHex format archives. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

 
Medium
CVE-2017-7778

Vendor: Mozilla
Software: Firefox
 

 
A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.

 

 


Copyright 2018, cxsecurity.com

 

Back to Top