CWE:
 

Topic
Date
Author
High
ASUS RT-N10+ 2.0.3.4 CSRF / XSS / Command Execution
15.10.2019
Matheus Vrech
High
Ajenti Remote Command Execution
12.10.2019
Jeremy Brown
High
CA Network Flow Analysis 9.x / 10.0.x Remote Command Execution
06.10.2019
Kevin Kotas
High
vBulletin 5.x 0-Day Pre-Auth Remote Command Execution
27.09.2019
r00tpgp
High
ACTi ACM-5611 Video Camera Remote Command Execution
27.09.2019
Todor Donev
Med.
ACTi ACD-2100 Video Encoder Remote Command Execution
27.09.2019
Todor Donev
High
NPMJS gitlabhook 0.0.17 Remote Command Execution
26.09.2019
Semen Alexandrovich Ly...
High
ACTi ACM-3100 Camera Remote Command Execution
26.09.2019
Todor Donev
High
NPMJS gitlabhook 0.0.17 repository Remote Command Execution
25.09.2019
Semen Alexandrovich Ly...
High
Piwigo 2.9.5 Cross Site Scripting / SQL Injection / Command Execution
24.09.2019
James Bercegay
High
Opencart 2.3.0.2 Pre-Auth Remote Command Execution
12.09.2019
Todor Donev
Med.
LibreNMS Collectd Command Injection
08.09.2019
Eldar Marcussen
Med.
AwindInc SNMP Service Command Injection (Metasploit)
06.09.2019
Quentin
Med.
AwindInc SNMP Service Command Injection
05.09.2019
Quentin Kaiser
High
Cisco RV110W / RV130(W) / RV215W Remote Command Execution
03.09.2019
Quentin Kaiser
Med.
Cisco UCS / IMC Supervisor Authentication Bypass / Command Injection
29.08.2019
Pedro Ribeiro
High
EyesOfNetwork 5.1 Remote Command Execution
17.08.2019
Nassim Asrir
High
Mitsubishi Electric smartRTU / INEA ME-RTU Unauthenticated OS Command Injection Bind Shell
14.08.2019
xerubus
Med.
Mitel 6869i Voip Deskphone 4.2.2032 Command Injection
12.08.2019
Axel Rengstorf
High
ATutor 2.2.4 Arbitrary File Upload / Command Execution
06.08.2019
liquidsky
Med.
KDE 4/5 KDesktopFile Command Injection
06.08.2019
Dominik Penner
High
Opencart 2.3.0.2 Insecure OCMod Generation Remote Command Execution
06.08.2019
Todor Donev
High
Apache Tika 1.17 Header Command Injection
03.08.2019
h00die
High
Sar2HTML 3.2.1 Remote Command Execution
03.08.2019
Furkan Kayapinar
High
Veritas Resiliency Platform (VRP) Traversal / Command Execution
01.08.2019
David Dillard
High
Sahi Pro 8.0.0 Remote Command Execution
25.07.2019
Özkan Mustafa Akkuş ...
High
PHP Laravel Framework Token Unserialize Remote Command Execution
16.07.2019
aushack
High
Citrix SD-WAN Appliance 10.2.2 Authentication Bypass / Remote Command Execution
16.07.2019
Chris Lyne
High
Xymon 4.3.25 useradm Command Execution (Metasploit)
12.07.2019
Anonymous
High
Linux Mint 18.3-19.1 yelp Command Injection (Metasploit)
05.07.2019
b1ackr0wl
Med.
Mac OS X TimeMachine (tmdiagnose) Command Injection Privilege Escalation
01.07.2019
timwr
High
Linux Mint 19.1 yelp Command Injection
01.07.2019
b1ack0wl
High
FaceSentry Access Control System 6.4.8 Remote Command Injection
01.07.2019
LiquidWorm
High
SAPIDO RB-1732 Remote Command Execution
27.06.2019
k1nm3n.aotoi
High
Fortinet FCM-MB40 Cross Site Request Forgery / Remote Command Execution
26.06.2019
XORcat
High
FortiCam FCM-MB40 Code Execution / Privilege Escalation
25.06.2019
XORcat
High
FusionPBX 4.4.3 Remote Command Execution
13.06.2019
Dustin Cobb
Low
Moxa AWK-3121 1.14 Information Disclosure / Command Execution
12.06.2019
Samuel Huntley
High
Exim 4.9.1 Remote Command Execution
07.06.2019
Qualys
High
LibreNMS addhost Command Injection
06.06.2019
Shelby Pace
High
Firefly CMS 1.0 Remote Command Execution
13.05.2019
Felipe Andrian Peixoto
Med.
Gemalto DS3 Authentication Server / Ezio Server Command Injection / File Disclosure
11.05.2019
TING Meng Yean
High
PostgreSQL 9.3 COPY FROM PROGRAM Command Execution (Metasploit)
11.05.2019
Jacob Wilki
High
PostgreSQL COPY FROM PROGRAM Command Execution
08.05.2019
Jacob Wilkin
Med.
D-Link DWL-2600AP Authenticated OS Command Injection
07.05.2019
Raki Ben Hamouda
Med.
Barco/AWIND OEM Presentation Platform Unauthenticated Remote Command Injection
04.05.2019
Jacob Baines
High
Blue Angel Software Suite Command Execution
04.05.2019
Paolo Serracino
Low
Domoticz 4.10577 Unauthenticated Remote Command Execution
01.05.2019
Fabio Carretto
Med.
Sierra Wireless AirLink ES450 ACEManager iplogging.cgi Command Injection
28.04.2019
Cisco Talos
High
ManageEngine Applications Manager 14.0 Authentication Bypass / Remote Command Execution (Metasploit)
23.04.2019
AkkuS
High
RemoteMouse 3.008 Arbitrary Remote Command Execution
17.04.2019
0rphon
High
Cisco RV130W Routers Management Interface Remote Command Execution
15.04.2019
Quentin Kaiser
Med.
TeemIp IPAM Command Injection
04.04.2019
Ozkan Mustafa Akkus
High
PhreeBooks ERP 5.2.3 Remote Command Execution
04.04.2019
Metin Yunus Kandemir
High
Pydio 8 Command Execution / Cross Site Scripting
29.03.2019
Leandro Cuozzo
High
Webmin 1.900 Upload Authenticated Remote Command Execution
16.03.2019
Ozkan Mustafa Akkus
High
BMC Patrol Agent Privilege Escalation / Command Execution
16.03.2019
b0yd
High
Apache Tika Server Command Injection
14.03.2019
David Yesland
High
QNAP TS-431 QTS < 4.2.2 Remote Command Execution (Metasploit)
10.03.2019
AkkuS
High
Oracle Weblogic Server Deserialization Remote Command Execution
09.03.2019
Allyshka
High
Feng Office 3.7.0.5 Remote Command Execution (Metasploit)
09.03.2019
AkkuS
High
QNAP TS-431 QTS Remote Command Execution
08.03.2019
Ozkan Mustafa Akkus
High
Imperva SecureSphere 13.x PWS Command Injection
07.03.2019
rsp3ar
High
Booked Scheduler 2.7.5 Remote Command Execution
05.03.2019
Ozkan Mustafa Akkus
High
elFinder 2.1.47 Command Injection
05.03.2019
q3rv0
High
Usermin 1.750 Remote Command Execution
03.03.2019
Ozkan Mustafa Akkus
High
Teracue ENC-400 Command Injection / Missing Authentication
22.02.2019
Stephen Shkardoon
High
Master IP CAM 01 3.3.4.2103 Remote Command Execution
19.02.2019
Raffaele Sabato
High
mIRC Remote Command Execution
19.02.2019
Baptiste Devigne
Med.
MISP 2.4.97 SQL Injection / Command Injection
19.02.2019
Tm9jdGlz
Med.
Jinja2 2.10 Command Injection
17.02.2019
Jameel Nabbo
High
Raisecom Technology GPON-ONU HT803G-07 Command Injection
13.02.2019
Kaustubh G. Padwad
Med.
SYSTORME ISG Command Injection
13.02.2019
Kaustubh G. Padwad
High
Jenkins 2.150.2 Remote Command Execution Via Node JS
13.02.2019
Ozkan Mustafa Akkus
Med.
Evince CBT File Command Injection
07.02.2019
FX
Med.
Dell EMC VNX2 Family OS Command Injection
05.02.2019
Dell
High
Splunk Enterprise 7.2.3 Command Execution
25.01.2019
Lee Mazzoleni
High
Cisco RV320 Command Injection
24.01.2019
CGI
High
Webmin 1.900 Remote Command Execution
22.01.2019
Ozkan Mustafa Akkus
Med.
GL-AR300M-Lite 2.2.7 Command Injection / Directory Traversal
17.01.2019
Pasquale Turi
High
Hashicorp Consul Remote Command Execution via Rexec (Metasploit)
11.01.2019
Quentin Kaiser
High
Hashicorp Consul Rexec Remote Command Execution
29.12.2018
Quentin Kaiser
High
Hashicorp Consul Services API Remote Command Execution
29.12.2018
Quentin Kaiser
High
Razer Cortex Debugger Remote Command Execution
18.12.2018
Tavis Ormandy
High
Huawei Router HG532e Command Execution
16.12.2018
Rebellion
High
Cisco RV110W Password Disclosure / Command Execution
15.12.2018
RySh
Med.
FutureNet NXR-G240 Series ShellShock Command Injection
09.12.2018
Nassim Asrir
High
Moxa NPort W2x50A 2.1 OS Command Injection
03.12.2018
Maxim Khazov
High
Apache Spark Unauthenticated Command Execution (Metasploit)
02.12.2018
Metasploit
High
Cisco WebEx Meetings Privilege Escalation
29.11.2018
Core Security Technolo...
High
TeamCity Agent XML-RPC Command Execution
29.11.2018
Dylan Pindur
High
Netgear Devices Unauthenticated Remote Command Execution (Metasploit)
28.11.2018
Metasploit
Med.
Citrix NetScaler SD-WAN SQL Injection / Traversal / Command Injection
24.10.2018
Sergey Gordeychik
High
Teltonika RUT9XX Unauthenticated OS Command Injection
15.10.2018
David Gnedt
High
ISPConfig Remote Command Execution
05.10.2018
0x09AL
High
Tenable WAS-Scanner 7.4.1708 Remote Command Execution
07.09.2018
Sameer Goyal
Med.
Ghostscript Failed Restore Command Execution
07.09.2018
Tavis Ormandy
Med.
WordPress Plugin Plainview Activity Monitor 20161228 Command Injection
28.08.2018
Lydéric Lefebvre
High
D-Link EyeOn Baby Monitor (DCS-825L) Command Injection
24.08.2018
Dove Chiu
High
PLANEX CS-QR20 Command Execution
24.08.2018
Kenney Lu


CVEMAP Search Results

CVE
Details
Description
2019-10-11
High
CVE-2019-2184

Vendor: Google
Software: Android
 

 
In PV_DecodePredictedIntraDC of dec_pred_intra_dc.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-134578122

 
High
CVE-2019-2185

Vendor: Google
Software: Android
 

 
In VlcDequantH263IntraBlock_SH of vlc_dequant.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-136173699

 
High
CVE-2019-2186

Vendor: Google
Software: Android
 

 
In GetMBheader of combined_decode.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-136175447

 
High
CVE-2019-17508

Vendor: Dlink
Software: Dir-850l a f...
 

 
On D-Link DIR-859 A3-1.06 and DIR-850 A1.13 devices, /etc/services/DEVICE.TIME.php allows command injection via the $SERVER variable.

 
High
CVE-2019-17509

Vendor: Dlink
Software: Dir-846 firmware
 

 
D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary OS commands as root by leveraging admin access and sending a /HNAP1/ request for SetMasterWLanSettings with shell metacharacters to /squashfs-root/www/HNAP1/control/SetMasterWLanSettings.php.

 
High
CVE-2019-17510

Vendor: Dlink
Software: Dir-846 firmware
 

 
D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary OS commands as root by leveraging admin access and sending a /HNAP1/ request for SetWizardConfig with shell metacharacters to /squashfs-root/www/HNAP1/control/SetWizardConfig.php.

 
2019-10-10
High
CVE-2019-11527

Vendor: Softing
Software: Uagate si fi...
 

 
An issue was discovered in Softing uaGate SI 1.60.01. A CGI script is vulnerable to command injection with a maliciously crafted url parameter.

 
2019-10-09
Medium
CVE-2019-13051

Vendor: Pi-hole
Software: Pi-hole
 

 
Pi-Hole 4.3 allows Command Injection.

 
Medium
CVE-2019-15715

Vendor: Mantisbt
Software: Mantisbt
 

 
MantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code Execution.

 
Medium
CVE-2019-5046

Vendor: Gonitro
Software: Nitropdf
 

 
A specifically crafted jpeg2000 file embedded in a PDF file can lead to a heap corruption when opening a PDF document in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top