CWE:
 

Topic
Date
Author
High
Bitbucket Environment Variable Remote Command Injection
19.03.2023
Shelby Pace
High
CoreDial sipXcom sipXopenfire 21.04 Remote Command Execution / Weak Permissionsundefined
08.03.2023
Systems Research Group
Med.
Barracuda CloudGen WAN OS Command Injection
06.03.2023
Stefan Viehbock
High
Osprey Pump Controller 1.0.1 pseudonym Command Injection
01.03.2023
LiquidWorm
Med.
Osprey Pump Controller 1.0.1 userName Command Injection
01.03.2023
LiquidWorm
Med.
Froxlor 2.0.6 Remote Command Execution
24.02.2023
Askar
High
Control Web Panel Unauthenticated Remote Command Execution
02.02.2023
Spencer McIntyre
Med.
Hikvision Remote Code Execution / XSS / SQL Injection
02.02.2023
Thurein Soe
High
Cacti 1.2.22 Command Injection
24.01.2023
mr_me
High
Ivanti Cloud Services Appliance (CSA) Command Injection
18.01.2023
h00die-gr3y
Med.
Linear eMerge E3-Series Access Controller Command Injection
05.01.2023
h00die-gr3y
High
4images 1.9 Remote Command Execution
27.12.2022
Andrey Stoykov
Med.
OpenTSDB 2.4.0 Command Injection
24.12.2022
Shai rod
Low
Delta Electronics DVW-W02W2-E2 2.42 Command Injection
09.12.2022
T. Weber
Med.
Delta Electronics DX-2100-L1-CN 1.5.0.10 Command Injection / XSS
09.12.2022
T. Weber
Med.
Hirschmann (Belden) BAT-C2 8.8.1.0R8 Command Injection
01.12.2022
T. Weber
High
F5 BIG-IP iControl Remote Command Execution
26.11.2022
Ron Bowes
High
FLIR AX8 1.46.16 Remote Command Injection meta
02.11.2022
Samy Younsi
High
GLPI 10.0.2 Command Injection
26.10.2022
bwatters-r7
High
MiniDVBLinux 5.4 Remote Root Command Injection
17.10.2022
LiquidWorm
High
Bitbucket Git Command Injection
25.09.2022
Ron Bowes
High
Apache Spark Unauthenticated Command Injection
08.09.2022
Kostya Kortchinsky
High
Cisco ASA-X With FirePOWER Services Authenticated Command Injection
06.09.2022
jbaines-r7
High
Teleport 9.3.6 Command Injection
23.08.2022
Brian Landrum
High
FLIX AX8 1.46.16 Remote Command Execution
20.08.2022
Samy Younsi
High
Advantech iView NetworkServlet Command Injection
20.08.2022
rgod
Med.
FLIR AX8 1.46.16 Traversal / Access Control / Command Injection / XSS
20.08.2022
Samy Younsi
Low
Webmin Package Updates Command Injection
14.08.2022
Christophe de la Fuent...
High
AirSpot 5410 0.3.4.1-4 Remote Command Injection
12.08.2022
Samy Younsi
High
MobileIron Log4Shell Remote Command Execution
03.08.2022
Spencer McIntyre
High
Roxy-WI Remote Command Execution
26.07.2022
Nuri Cilengir
High
Spryker Commerce OS Remote Command Execution
20.07.2022
David Brown
High
Sourcegraph gitserver sshCommand Remote Command Execution
15.07.2022
Spencer McIntyre
High
Zyxel Buffer Overflow / Format String / Command Injection
20.06.2022
Marco Ivaldi
High
Poly EagleEye Director II 2.2.1.1 Command Injection / Authentication Bypass
07.06.2022
Johannes Kruchem
Med.
Poly Studio X30 / Studio X50 / Studio X70 / G7500 Command Injection
06.06.2022
Johannes Kruchem
Med.
Telesquare SDT-CW3B1 1.1.0 Command Injection
04.06.2022
Bryan Leong
High
Zyxel USG FLEX 5.21 Command Injection
04.06.2022
Valentin Lobstein
High
iTop Remote Command Execution
24.05.2022
Markus Krell
High
SDT-CW3B1 1.1.0 Command Injection
17.05.2022
Ahmed Alroky
High
VMware Workspace ONE Access Template Injection / Command Execution
04.05.2022
mr_me
High
Tenda HG6 3.3.0 Remote Command Injection
03.05.2022
LiquidWorm
Med.
Zyxel NWA-1100-NH Command Injection
19.04.2022
Ahmed Alroky
High
Razer Sila 2.0.418 Command Injection
11.04.2022
Kevin Randall
High
Tdarr 2.00.15 Command Injection
11.03.2022
Sam Smith
High
Hikvision IP Camera Unauthenticated Command Injection
01.03.2022
bashis
High
Grandstream GXV31XX settimezone Unauthenticated Command Execution
09.02.2022
Brendan Coles
High
QEMU Monitor HMP migrate Command Execution
08.02.2022
Brendan Coles
High
Korenix Technology JetWave CSRF / Command Injection / Missing Authentication
07.02.2022
T. Weber
High
Cisco Small Business RV Series Authentication Bypass / Command Injection
02.02.2022
jbaines-r7
High
Grandstream GXV3175 Unauthenticated Command Execution
20.01.2022
Brendan Coles
High
SonicWall SMA 100 Series Authenticated Command Injection
13.01.2022
jbaines-r7
High
meterN 1.2.3 Remote Command Execution
16.12.2021
LiquidWorm
High
GNU gdbserver 9.2 Remote Command Execution
14.12.2021
Roberto Gesteira Miña...
High
Booked Scheduler 2.7.5 Remote Command Execution (RCE) (Authenticated)
14.12.2021
0sunday
High
Advanced Comment System 1.0 Remote Command Execution
02.12.2021
Nicole Daniella Murill...
High
GNU gdbserver 9.2 Remote Command Execution
23.11.2021
Roberto Gesteira Minar...
High
Apache Storm Nimbus 2.2.0 Command Execution
22.11.2021
Spencer McIntyre
High
YeaLink SIP-TXXXP 53.84.0.15 Command Injection
12.11.2021
tahaafarooq
High
GitLab Unauthenticated Remote ExifTool Command Injection
05.11.2021
William Bowling
Med.
Sophos UTM WebAdmin SID Command Injection
29.10.2021
wvu
Med.
Movable Type 7 r.5002 XMLRPC API OS Command Injection (Metasploit)
29.10.2021
Etienne
Med.
Hikvision Web Server Build 210702 Command Injection
25.10.2021
bashis
High
Moodle SpellChecker Path Authenticated Remote Command Execution
12.10.2021
h00die
High
CMSimple_XH 1.7.4 Remote Command Execution
02.10.2021
Halit Akaydin
Low
Apache James Server 2.3.2 Remote Command Execution
28.09.2021
shinris3n
High
Backdrop CMS 1.20.0 Cross Site Request Forgery / Command Execution
23.09.2021
V1n1v131r4
High
elFinder Archive Command Injection
17.09.2021
Shelby Pace
High
Geutebruck Remote Command Execution
04.09.2021
Titouan Lazard
Med.
Moxa Command Injection / Cross Site Scripting / Vulnerable Software
01.09.2021
T. Weber
High
Git LFS Clone Command Execution
31.08.2021
Shelby Pace
Low
Altus Sistemas de Automacao Products CSRF / Command Injection / Hardcoded Credentials
20.08.2021
T. Weber
Med.
Online Notice Board System 1.0 - Remote Command Execution (RCE) throw upload file
19.08.2021
Mosaaed
High
Riak Insecure Default Configuration / Remote Command Execution
06.08.2021
Jeremy Brown
High
ApacheOfBiz 17.12.01 Remote Command Execution
04.08.2021
Álvaro Muñoz
High
Sage X3 Administration Service Authentication Bypass / Command Execution
21.07.2021
Aaron Herndon
Med.
Seagate BlackArmor NAS sg2000-2000.1331 Command Injection
16.07.2021
Metin Yunus Kandemir
Med.
Visual Tools DVR VX16 4.2.28.0 Command Injection
09.07.2021
Andrea D'Ubaldo
High
Netgear DGN2200v1 Remote Command Execution
07.07.2021
SivertPL
High
Docker Dashboard Remote Command Execution
07.07.2021
Jeremy Brown
High
Ricon Industrial Cellular Router S9922XL Remote Command Execution (RCE)
05.07.2021
LiquidWorm
Med.
Dlink DSL2750U Command Injection
25.06.2021
Mohammed Hadi
High
Adobe ColdFusion 8 Remote Command Execution
25.06.2021
Pergyz
Med.
TP-Link TL-WR841N Command Injection
25.06.2021
Koh You Liang
High
Seeddms 5.1.10 Remote Command Execution
25.06.2021
Bryan Leong
High
Cisco Modeling Labs 2.1.1-b19 Remote Command Execution
24.06.2021
Jeremy Brown
Low
SAP Wily Introscope Enterprise OS Command Injection
19.06.2021
Yvan Genuer
High
HashiCorp Nomad Remote Command Execution
15.06.2021
Wyatt Dahlenburg
High
Cisco HyperFlex HX Data Platform Command Execution
06.06.2021
wvu
High
Cacti 1.2.12 SQL Injection / Remote Command Execution
02.06.2021
h00die
Med.
Thecus N4800Eco Command Injection
02.06.2021
Metin Yunus Kandemir
Med.
Korenix CSRF / Backdoor Accounts / Command Injection / Missing Authentication
01.06.2021
T. Weber
Med.
QNAP MusicStation / MalwareRemover File Upload / Command Injection
28.05.2021
polict
High
PHP 8.1.0-dev Backdoor Remote Command Injection
26.05.2021
Richard Jones
High
IGEL OS Secure VNC/Terminal Command Injection
04.05.2021
Rob Vinson
High
Apache Druid 0.20.0 Remote Command Execution
27.04.2021
Litch1
High
OTRS 6.0.1 Remote Command Execution
22.04.2021
Hex_26
High
MariaDB 10.2 /MySQL wsrep_provider OS Command Execution
21.04.2021
Central InfoSec
High
Cockpit CMS 0.11.1 NoSQL Injection / Remote Command Execution
21.04.2021
h00die
High
GravCMS 1.10.7 Remote Command Execution
21.04.2021
Mehmet Ince


CVEMAP Search Results

CVE
Details
Description
2023-03-16
Waiting for details
CVE-2022-43605

Updating...
 

 
An out-of-bounds write vulnerability exists in the SetAttributeList attribute_count_request functionality of EIP Stack Group OpENer development commit 58ee13c. A specially crafted EtherNet/IP request can lead to an out of bounds write, potentially causing the server to crash or allow for remote code execution. An attacker can send a series of EtherNet/IP requests to trigger this vulnerability.

 
Waiting for details
CVE-2022-43604

Updating...
 

 
An out-of-bounds write vulnerability exists in the GetAttributeList attribute_count_request functionality of EIP Stack Group OpENer development commit 58ee13c. A specially crafted EtherNet/IP request can lead to an out-of-bounds write, potentially causing the server to crash or allow for remote code execution. An attacker can send a series of EtherNet/IP requests to trigger this vulnerability.

 
2023-03-14
Waiting for details
CVE-2023-27400

Updating...
 

 
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20300)

 
Waiting for details
CVE-2023-27399

Updating...
 

 
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20299, ZDI-CAN-20346)

 
Waiting for details
CVE-2023-27398

Updating...
 

 
A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V2201.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20304)

 
2023-03-11
Waiting for details
CVE-2023-1350

Updating...
 

 
A vulnerability was found in liferea. It has been rated as critical. Affected by this issue is the function update_job_run of the file src/update.c of the component Feed Enrichment. The manipulation of the argument source with the input |date &gt;/tmp/bad-item-link.txt leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 8d8b5b963fa64c7a2122d1bbfbb0bed46e813e59. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-222848.

 
2023-03-09
Waiting for details
CVE-2023-0623

Updating...
 

 
Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds write vulnerability when parsing project (i.e. HMI) files. The product lacks proper validation of user-supplied data, which could result in writes past the end of allocated data structures. An attacker could leverage these vulnerabilities to execute arbitrary code in the context of the current process.

 
Waiting for details
CVE-2023-0622

Updating...
 

 
Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds write vulnerability when parsing project (i.e. HMI) files. The product lacks proper validation of user-supplied data, which could result in writes past the end of allocated data structures. An attacker could leverage these vulnerabilities to execute arbitrary code in the context of the current process.

 
2023-03-04
Waiting for details
CVE-2023-26490

Updating...
 

 
mailcow is a dockerized email package, with multiple containers linked in one bridged network. The Sync Job feature - which can be made available to standard users by assigning them the necessary permission - suffers from a shell command injection. A malicious user can abuse this vulnerability to obtain shell access to the Docker container running dovecot. The imapsync Perl script implements all the necessary functionality for this feature, including the XOAUTH2 authentication mechanism. This code path creates a shell command to call openssl. However, since different parts of the specified user password are included without any validation, one can simply execute additional shell commands. Notably, the default ACL for a newly-created mailcow account does not include the necessary permission. The Issue has been fixed within the 2023-03 Update (March 3rd 2023). As a temporary workaround the Syncjob ACL can be removed from all mailbox users, preventing from creating or changing existing Syncjobs.

 
2023-03-01
Waiting for details
CVE-2023-0847

Updating...
 

 
The Sub-IoT implementation of the DASH 7 Alliance protocol has a vulnerability that can lead to an out-of-bounds write prior to implementation version 0.5.0. If the protocol has been compiled using default settings, this will only grant the attacker access to allocated but unused memory. However, if it was configured using non-default settings, there is the possibility that exploiting this vulnerability could lead to system crashes and remote code execution.

 

 


Copyright 2023, cxsecurity.com

 

Back to Top