CWE:
 

Topic
Date
Author
High
Teltonika RUT9XX Unauthenticated OS Command Injection
15.10.2018
David Gnedt
High
ISPConfig Remote Command Execution
05.10.2018
0x09AL
High
Tenable WAS-Scanner 7.4.1708 Remote Command Execution
07.09.2018
Sameer Goyal
Med.
Ghostscript Failed Restore Command Execution
07.09.2018
Tavis Ormandy
Med.
WordPress Plugin Plainview Activity Monitor 20161228 Command Injection
28.08.2018
Lydéric Lefebvre
High
D-Link EyeOn Baby Monitor (DCS-825L) Command Injection
24.08.2018
Dove Chiu
High
PLANEX CS-QR20 Command Execution
24.08.2018
Kenney Lu
High
Mutiny Monitoring Appliance Command Injection
24.08.2018
Reginald Dodd
High
ASUSTOR ADM 3.1.0.RFQ3 Remote Command Execution / SQL Injection
16.08.2018
Kyle Lovett
High
ASUS DSL-N12E_C1 1.1.2.3_345 Remote Command Execution
03.08.2018
Fakhri Zulkifli
High
CoSoSys Endpoint Protector 4.5.0.1 Remote Root Command Injection
03.08.2018
0x09AL
High
Axis Network Camera Remote Command Execution
27.07.2018
sinn3r
High
SoftNAS Cloud OS Command Injection
27.07.2018
CORE
High
CMS Made Simple 2.2.5 Authenticated Remote Command Execution
20.07.2018
Jacob Robles
High
QNAP Q Center change_passwd Command Execution
17.07.2018
Ivan Huertas
High
Hadoop YARN ResourceManager Unauthenticated Command Execution (Metasploit)
14.07.2018
Green-m
Med.
QNAP Qcenter Virtual Appliance 1.6.x Information Disclosure / Command Injection
13.07.2018
Core Security Technolo...
High
HID discoveryd command_blink_on Unauthenticated Remote Command Execution
08.07.2018
Brendan Coles
Med.
HP VAN SDN Controller Root Command Injection
08.07.2018
Matthew Bergin
Med.
Quest KACE Systems Management Command Injection
02.07.2018
Metasploit
High
VMware NSX SD-WAN Edge Command Injection
02.07.2018
Section 8
High
Geutebruck simple_loglistjs.cgi Remote Command Execution
02.07.2018
Davy Douhine
High
TP-Link TL-WR841N V13 Command Injection
29.06.2018
Tim Coen
High
PRTG Command Injection
28.06.2018
Josh Berry
High
Quest KACE Systems Management Command Injection
27.06.2018
Brendan Coles
High
TP-Link TL-WA850RE Remote Command Execution
22.06.2018
yoresongo
High
Siaberry 1.2.2 Command Injection
13.06.2018
Space Duck
Med.
DHCP Client Command Injection (DynoRoot)
13.06.2018
Felix Wilhelm
High
Quest DR Series Disk Backup Software 4.0.3 Code Execution
01.06.2018
Core Security Technolo...
High
JDA Connect CSRF / Command Execution / Exposed JMX Service
31.05.2018
Xiaoran Wang
High
Bitmain Antminer D3/L3+/S9 Remote Command Execution
28.05.2018
CorryL
High
D-Link DSL-2750B OS Command Injection (Metasploit)
26.05.2018
Marcin Bury
High
D-Link DSL-2750B OS Command Injection
25.05.2018
Marcin Bury
High
DynoRoot DHCP Command Injection
21.05.2018
Kevin Kirsche
High
Inteno IOPSYS 2.0 4.2.0 p910nd Remote Command Execution
17.05.2018
neonsea
High
EMC RecoverPoint 4.3 Admin CLI Command Injection
12.05.2018
Paul Taylor
High
MSTAR Set-Top BOX Command Injection
04.05.2018
ivanm
High
xdebug Unauthenticated OS Command Execution
02.05.2018
Mumbai
High
Oracle Weblogic Server 10.3.6.0 / 12.1.3.0 / 12.2.1.2 / 12.2.1.3 Deserialization Remote Command Execution
29.04.2018
Liao Xinxi
High
ASUS infosvr Authentication Bypass Command Execution
22.04.2018
jduck
Med.
Moxa AWK-3131A 1.4 < 1.7 Username OS Command Injection
04.04.2018
Talos
High
Homematic CCU2 2.29.23 Remote Command Execution
31.03.2018
Patrick Muench and Gre...
High
Eclipse Equinoxe OSGi Console Command Execution
08.03.2018
Quentin Kaiser
High
ClipBucket < 4.0.0 Release 4902 Command Injection / File Upload / SQL Injection
06.03.2018
Ahmad Ramadhan Amizudi...
High
OTRS 5.0.2, 5.0.0 - 5.0.24, 6.0.0 - 6.0.1 Command Injection
04.03.2018
Ali BawazeEer
High
McAfee Security Scan Plus Remote Command Execution
16.02.2018
SecuriTeam
High
NAT32 2.2 Build 22284 Remote Command Execution
14.02.2018
hyp3rlinx
High
NetEx HyperIP 6.1.0 Post-Auth Command Execution
11.02.2018
Matt Bergin
High
Geovision Inc. IP Camera / Video Server Remote Command Execution
08.02.2018
bashis
High
Geovision Inc. IP Camera Remote Command Execution / Stack Overflow
03.02.2018
bashis
High
BMC Server Automation RSCD Agent NSH Remote Command Execution
01.02.2018
Nicky Bloor
Med.
OTRS 5.0.x/6.0.x Remote Command Execution
22.01.2018
Bæln0rn
Med.
Belkin N600DB Command Injection / Backdoor
18.01.2018
Wadeek
Med.
pfSense 2.1.3 status_rrd_graph_img.php Command Injection
16.01.2018
absolomb
High
D-Link DNS-343 ShareCenter 1.05 Command Injection
15.01.2018
GulfTech
High
D-Link DNS-325 ShareCenter 1.05B03 Shell Upload / Command Injection
15.01.2018
Phosphorus Cybersecuri...
High
Flash Operator Panel 2.31.03 Command Execution
13.01.2018
Vulnerability Lab
High
HPE iMC dbman RestoreDBase Unauthenticated Remote Command Execution
10.01.2018
Brendan
High
HPE iMC dbman RestartDB Unauthenticated Remote Command Execution
10.01.2018
Brendan
High
Commvault Communications Service (cvd) Command Injection
09.01.2018
b0yd
High
Oracle WebLogic < 10.3.6 wls-wsat Component Deserialisation Remote Command Execution
08.01.2018
Kevin Kirsche
High
Linksys WVBR0-25 User-Agent Command Execution
04.01.2018
HeadlessZeke
High
Cambium ePMP1000 get_chart Shell via Command Injection (Metasploit)
01.01.2018
Karn Ganeshen
High
Cambium ePMP1000 ping Shell via Command Injection (Metasploit)
01.01.2018
Karn Ganeshen
High
Cambium ePMP1000 3.1-3.5-RC7 Command Injection
31.12.2017
Karn
Med.
Cambium ePMP1000 2.5 Command Injection
31.12.2017
Karn
High
Zoom Linux Client 2.0.106600.0904 Command Injection
18.12.2017
Gabriel Quadros, Ricar...
High
ITGuard-Manager 0.0.0.1 Remote Command Execution
15.12.2017
Nassim Asrir
High
Zivif PR115-204-P-RS 2.3.4.2103 Bypass / Command Injection / Hardcoded Password
13.12.2017
Silas
High
LaCie 5big Network 2.2.8 Command Injection
07.12.2017
Timo Sablowski
High
Polycom Shell HDX Series Traceroute Command Execution
06.12.2017
staaldraad
High
OpenEMR 5.0.0 Command Injection / Cross Site Scripting
04.12.2017
Jasveer
High
Synology StorageManager 5.2 Remote Root Command Execution
29.11.2017
SecuriTeam
High
pfSense 2.3.1_1 Remote Command Execution
29.11.2017
h00die, s4squatch
High
Mako Server 2.5 OS Command Injection Remote Command Execution
17.11.2017
Steven Patterson
High
D-Link DIR-850L Unauthenticated Command Execution
14.11.2017
Zdenda
High
Mako Server 2.5 Command Injection
09.11.2017
Steven Patterson
High
pfSense 2.3.1_1 Command Execution
07.11.2017
s4squatch
High
tnftp "savefile" Arbitrary Command Execution
03.11.2017
wvu
Med.
Sonicwall WXA5000 1.3.2-10-30 Console Jail Escape / Privilege Escalation
25.10.2017
Matt Bergin
High
Unitrends UEB bpserverd Authentication Bypass / Remote Command Execution
22.10.2017
Multiple
High
Webmin 1.850 SSRF / CSRF / Cross Site Scripting / Command Execution
18.10.2017
hyp3rlinx
High
Shadowsocks Log Manipulation / Command Execution
15.10.2017
X41 D-Sec
High
Shadowsocks-libev 3.1.0 Command Execution
15.10.2017
X41 D-Sec
High
Unitrends UEB 9.1 Unitrends bpserverd Remote Command Execution
06.10.2017
Multiple
High
Unitrends UEB 9.1 Authentication Bypass / Remote Command Execution
06.10.2017
Multiple
High
Netgear ReadyNAS Surveillance 1.4.3-16 Remote Command Execution
05.10.2017
Kacper Szurek
Med.
Fiberhome AN5506-04-F Command Injection
04.10.2017
Tauco
High
UCOPIA Wireless Appliance Restricted Shell Escape
30.09.2017
SYSDREAM
Med.
UCOPIA Wireless Appliance Privilege Escalation
30.09.2017
SYSDREAM
High
Faleemi FSC-880 CSRF / SQL Injection / Command Execution
29.09.2017
Oleg Puzanov
High
Git cvsserver Remote Command Execution
28.09.2017
joernchen
High
NodeJS Debugger Command Injection
26.09.2017
Patrick Thomas
High
FLIR Systems FLIR Thermal Camera FC-S/PT Authenticated OS Command Injection
26.09.2017
Gjoko 'LiquidWorm' Krs...
High
Infinite Automation Mango Automation Command Injection
14.09.2017
james fitts
High
Alienvault OSSIM av-centerd 4.7.0 get_log_line Command Injection
13.09.2017
james fitts
High
Alienvault OSSIM av-centerd Util.pm sync_rserver Command Execution
13.09.2017
james fitts
High
Alienvault Open Source SIEM (OSSIM) < 4.7.0 get_license Remote Command Execution
13.09.2017
james fitts
High
WiseGiga NAS CSRF / LFI / Command Execution
12.09.2017
Pierre Kim
High
QNAP Transcode Server Command Execution
29.08.2017
Brendan


CVEMAP Search Results

CVE
Details
Description
2018-09-07
Medium
CVE-2018-4010

Vendor: Protonvpn
Software: Protonvpn
 

 
An exploitable code execution vulnerability exists in the connect functionality of ProtonVPN VPN client 1.5.1. A specially crafted configuration file can cause a privilege escalation, resulting in the ability to execute arbitrary commands with the system's privileges.

 
Medium
CVE-2018-3952

Vendor: Nordvpn
Software: Nordvpn
 

 
An exploitable code execution vulnerability exists in the connect functionality of NordVPN 6.14.28.0. A specially crafted configuration file can cause a privilege escalation, resulting in the execution of arbitrary commands with system privileges.

 
2018-08-15
Medium
CVE-2018-6973

Updating...
 

 
VMware Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds write vulnerability in the e1000 device. This issue may allow a guest to execute code on the host.

 
Medium
CVE-2018-15153

Vendor: Open-emr
Software: Openemr
 

 
OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/main/daemon_frame.php after modifying the "hylafax_server" global variable in interface/super/edit_globals.php.

 
Medium
CVE-2018-15154

Vendor: Open-emr
Software: Openemr
 

 
OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/billing/sl_eob_search.php after modifying the "print_command" global variable in interface/super/edit_globals.php.

 
Medium
CVE-2018-15155

Vendor: Open-emr
Software: Openemr
 

 
OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/fax/fax_dispatch.php after modifying the "hylafax_enscript" global variable in interface/super/edit_globals.php.

 
Medium
CVE-2018-15156

Vendor: Open-emr
Software: Openemr
 

 
OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/fax/faxq.php after modifying the "hylafax_server" global variable in interface/super/edit_globals.php.

 
2018-08-05
Medium
CVE-2018-14944

Vendor: Jpeg encoder project
Software: Jpeg encoder
 

 
An issue has been found in jpeg_encoder through 2015-11-27. It is a SEGV in the function readFromBMP in jpeg_encoder.cpp. The signal is caused by an out-of-bounds write.

 
2018-08-03
High
CVE-2018-14417

Updating...
 

 
A command injection vulnerability was found in the web administration console in SoftNAS Cloud before 4.0.3. In particular, the snserv script did not sanitize the 'recentVersion' parameter from the snserv endpoint, allowing an unauthenticated attacker to execute arbitrary commands with root permissions.

 
High
CVE-2018-12483

Vendor: Ocsinventory-ng
Software: Ocsinventory ng
 

 
OCS Inventory 2.4.1 is prone to a remote command-execution vulnerability. Specifically, this issue occurs because the content of the ipdiscover_analyser rzo GET parameter is concatenated to a string used in an exec() call in the PHP code. Authentication is needed in order to exploit this vulnerability.

 

 


Copyright 2018, cxsecurity.com

 

Back to Top