CWE:
 

Topic
Date
Author
High
FusionPBX 4.4.3 Remote Command Execution
13.06.2019
Dustin Cobb
Low
Moxa AWK-3121 1.14 Information Disclosure / Command Execution
12.06.2019
Samuel Huntley
High
Exim 4.9.1 Remote Command Execution
07.06.2019
Qualys
High
LibreNMS addhost Command Injection
06.06.2019
Shelby Pace
High
Firefly CMS 1.0 Remote Command Execution
13.05.2019
Felipe Andrian Peixoto
Med.
Gemalto DS3 Authentication Server / Ezio Server Command Injection / File Disclosure
11.05.2019
TING Meng Yean
High
PostgreSQL 9.3 COPY FROM PROGRAM Command Execution (Metasploit)
11.05.2019
Jacob Wilki
High
PostgreSQL COPY FROM PROGRAM Command Execution
08.05.2019
Jacob Wilkin
Med.
D-Link DWL-2600AP Authenticated OS Command Injection
07.05.2019
Raki Ben Hamouda
Med.
Barco/AWIND OEM Presentation Platform Unauthenticated Remote Command Injection
04.05.2019
Jacob Baines
High
Blue Angel Software Suite Command Execution
04.05.2019
Paolo Serracino
Low
Domoticz 4.10577 Unauthenticated Remote Command Execution
01.05.2019
Fabio Carretto
Med.
Sierra Wireless AirLink ES450 ACEManager iplogging.cgi Command Injection
28.04.2019
Cisco Talos
High
ManageEngine Applications Manager 14.0 Authentication Bypass / Remote Command Execution (Metasploit)
23.04.2019
AkkuS
High
RemoteMouse 3.008 Arbitrary Remote Command Execution
17.04.2019
0rphon
High
Cisco RV130W Routers Management Interface Remote Command Execution
15.04.2019
Quentin Kaiser
Med.
TeemIp IPAM Command Injection
04.04.2019
Ozkan Mustafa Akkus
High
PhreeBooks ERP 5.2.3 Remote Command Execution
04.04.2019
Metin Yunus Kandemir
High
Pydio 8 Command Execution / Cross Site Scripting
29.03.2019
Leandro Cuozzo
High
Webmin 1.900 Upload Authenticated Remote Command Execution
16.03.2019
Ozkan Mustafa Akkus
High
BMC Patrol Agent Privilege Escalation / Command Execution
16.03.2019
b0yd
High
Apache Tika Server Command Injection
14.03.2019
David Yesland
High
QNAP TS-431 QTS < 4.2.2 Remote Command Execution (Metasploit)
10.03.2019
AkkuS
High
Oracle Weblogic Server Deserialization Remote Command Execution
09.03.2019
Allyshka
High
Feng Office 3.7.0.5 Remote Command Execution (Metasploit)
09.03.2019
AkkuS
High
QNAP TS-431 QTS Remote Command Execution
08.03.2019
Ozkan Mustafa Akkus
High
Imperva SecureSphere 13.x PWS Command Injection
07.03.2019
rsp3ar
High
Booked Scheduler 2.7.5 Remote Command Execution
05.03.2019
Ozkan Mustafa Akkus
High
elFinder 2.1.47 Command Injection
05.03.2019
q3rv0
High
Usermin 1.750 Remote Command Execution
03.03.2019
Ozkan Mustafa Akkus
High
Teracue ENC-400 Command Injection / Missing Authentication
22.02.2019
Stephen Shkardoon
High
Master IP CAM 01 3.3.4.2103 Remote Command Execution
19.02.2019
Raffaele Sabato
High
mIRC Remote Command Execution
19.02.2019
Baptiste Devigne
Med.
MISP 2.4.97 SQL Injection / Command Injection
19.02.2019
Tm9jdGlz
Med.
Jinja2 2.10 Command Injection
17.02.2019
Jameel Nabbo
High
Raisecom Technology GPON-ONU HT803G-07 Command Injection
13.02.2019
Kaustubh G. Padwad
Med.
SYSTORME ISG Command Injection
13.02.2019
Kaustubh G. Padwad
High
Jenkins 2.150.2 Remote Command Execution Via Node JS
13.02.2019
Ozkan Mustafa Akkus
Med.
Evince CBT File Command Injection
07.02.2019
FX
Med.
Dell EMC VNX2 Family OS Command Injection
05.02.2019
Dell
High
Splunk Enterprise 7.2.3 Command Execution
25.01.2019
Lee Mazzoleni
High
Cisco RV320 Command Injection
24.01.2019
CGI
High
Webmin 1.900 Remote Command Execution
22.01.2019
Ozkan Mustafa Akkus
Med.
GL-AR300M-Lite 2.2.7 Command Injection / Directory Traversal
17.01.2019
Pasquale Turi
High
Hashicorp Consul Remote Command Execution via Rexec (Metasploit)
11.01.2019
Quentin Kaiser
High
Hashicorp Consul Rexec Remote Command Execution
29.12.2018
Quentin Kaiser
High
Hashicorp Consul Services API Remote Command Execution
29.12.2018
Quentin Kaiser
High
Razer Cortex Debugger Remote Command Execution
18.12.2018
Tavis Ormandy
High
Huawei Router HG532e Command Execution
16.12.2018
Rebellion
High
Cisco RV110W Password Disclosure / Command Execution
15.12.2018
RySh
Med.
FutureNet NXR-G240 Series ShellShock Command Injection
09.12.2018
Nassim Asrir
High
Moxa NPort W2x50A 2.1 OS Command Injection
03.12.2018
Maxim Khazov
High
Apache Spark Unauthenticated Command Execution (Metasploit)
02.12.2018
Metasploit
High
Cisco WebEx Meetings Privilege Escalation
29.11.2018
Core Security Technolo...
High
TeamCity Agent XML-RPC Command Execution
29.11.2018
Dylan Pindur
High
Netgear Devices Unauthenticated Remote Command Execution (Metasploit)
28.11.2018
Metasploit
Med.
Citrix NetScaler SD-WAN SQL Injection / Traversal / Command Injection
24.10.2018
Sergey Gordeychik
High
Teltonika RUT9XX Unauthenticated OS Command Injection
15.10.2018
David Gnedt
High
ISPConfig Remote Command Execution
05.10.2018
0x09AL
High
Tenable WAS-Scanner 7.4.1708 Remote Command Execution
07.09.2018
Sameer Goyal
Med.
Ghostscript Failed Restore Command Execution
07.09.2018
Tavis Ormandy
Med.
WordPress Plugin Plainview Activity Monitor 20161228 Command Injection
28.08.2018
Lydéric Lefebvre
High
D-Link EyeOn Baby Monitor (DCS-825L) Command Injection
24.08.2018
Dove Chiu
High
PLANEX CS-QR20 Command Execution
24.08.2018
Kenney Lu
High
Mutiny Monitoring Appliance Command Injection
24.08.2018
Reginald Dodd
High
ASUSTOR ADM 3.1.0.RFQ3 Remote Command Execution / SQL Injection
16.08.2018
Kyle Lovett
High
ASUS DSL-N12E_C1 1.1.2.3_345 Remote Command Execution
03.08.2018
Fakhri Zulkifli
High
CoSoSys Endpoint Protector 4.5.0.1 Remote Root Command Injection
03.08.2018
0x09AL
High
Axis Network Camera Remote Command Execution
27.07.2018
sinn3r
High
SoftNAS Cloud OS Command Injection
27.07.2018
CORE
High
CMS Made Simple 2.2.5 Authenticated Remote Command Execution
20.07.2018
Jacob Robles
High
QNAP Q Center change_passwd Command Execution
17.07.2018
Ivan Huertas
High
Hadoop YARN ResourceManager Unauthenticated Command Execution (Metasploit)
14.07.2018
Green-m
Med.
QNAP Qcenter Virtual Appliance 1.6.x Information Disclosure / Command Injection
13.07.2018
Core Security Technolo...
High
HID discoveryd command_blink_on Unauthenticated Remote Command Execution
08.07.2018
Brendan Coles
Med.
HP VAN SDN Controller Root Command Injection
08.07.2018
Matthew Bergin
Med.
Quest KACE Systems Management Command Injection
02.07.2018
Metasploit
High
VMware NSX SD-WAN Edge Command Injection
02.07.2018
Section 8
High
Geutebruck simple_loglistjs.cgi Remote Command Execution
02.07.2018
Davy Douhine
High
TP-Link TL-WR841N V13 Command Injection
29.06.2018
Tim Coen
High
PRTG Command Injection
28.06.2018
Josh Berry
High
Quest KACE Systems Management Command Injection
27.06.2018
Brendan Coles
High
TP-Link TL-WA850RE Remote Command Execution
22.06.2018
yoresongo
High
Siaberry 1.2.2 Command Injection
13.06.2018
Space Duck
Med.
DHCP Client Command Injection (DynoRoot)
13.06.2018
Felix Wilhelm
High
Quest DR Series Disk Backup Software 4.0.3 Code Execution
01.06.2018
Core Security Technolo...
High
JDA Connect CSRF / Command Execution / Exposed JMX Service
31.05.2018
Xiaoran Wang
High
Bitmain Antminer D3/L3+/S9 Remote Command Execution
28.05.2018
CorryL
High
D-Link DSL-2750B OS Command Injection (Metasploit)
26.05.2018
Marcin Bury
High
D-Link DSL-2750B OS Command Injection
25.05.2018
Marcin Bury
High
DynoRoot DHCP Command Injection
21.05.2018
Kevin Kirsche
High
Inteno IOPSYS 2.0 4.2.0 p910nd Remote Command Execution
17.05.2018
neonsea
High
EMC RecoverPoint 4.3 Admin CLI Command Injection
12.05.2018
Paul Taylor
High
MSTAR Set-Top BOX Command Injection
04.05.2018
ivanm
High
xdebug Unauthenticated OS Command Execution
02.05.2018
Mumbai
High
Oracle Weblogic Server 10.3.6.0 / 12.1.3.0 / 12.2.1.2 / 12.2.1.3 Deserialization Remote Command Execution
29.04.2018
Liao Xinxi
High
ASUS infosvr Authentication Bypass Command Execution
22.04.2018
jduck
Med.
Moxa AWK-3131A 1.4 < 1.7 Username OS Command Injection
04.04.2018
Talos
High
Homematic CCU2 2.29.23 Remote Command Execution
31.03.2018
Patrick Muench and Gre...
High
Eclipse Equinoxe OSGi Console Command Execution
08.03.2018
Quentin Kaiser


CVEMAP Search Results

CVE
Details
Description
2019-06-19
Low
CVE-2019-2017

Updating...
 

 
In rw_t2t_handle_tlv_detect_rsp of rw_t2t_ndef.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-121035711

 
2019-06-18
High
CVE-2018-18852

Updating...
 

 
Cerio DT-300N 1.1.6 through 1.1.12 devices allow OS command injection because of improper input validation of the web-interface PING feature's use of Save.cgi to execute a ping command, as exploited in the wild in October 2018.

 
2019-06-17
Medium
CVE-2018-19449

Vendor: Foxitsoftware
Software: Foxit pdf sd...
 

 
A File Write can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031 when the JavaScript API Doc.exportAsFDF is used. An attacker can leverage this to gain remote code execution.

 
Medium
CVE-2018-19448

Vendor: Foxitsoftware
Software: Foxit pdf sd...
 

 
In Foxit Reader SDK (ActiveX) Professional 5.4.0.1031, an uninitialized object in IReader_ContentProvider::GetDocEventHandler occurs when embedding the control into Office documents. By opening a specially crafted document, an attacker can trigger an out of bounds write condition, possibly leveraging this to gain remote code execution.

 
2019-06-15
Medium
CVE-2019-12835

Vendor: Leanify project
Software: Leanify
 

 
formats/xml.cpp in Leanify 0.4.3 allows for a controlled out-of-bounds write in xml_memory_writer::write via characters that require escaping.

 
2019-06-14
Medium
CVE-2018-11934

Vendor: Qualcomm
Software: Mdm9150 firmware
 

 
Possible out of bounds write due to improper input validation while processing DO_ACS vendor command in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 820A, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24

 
Medium
CVE-2018-13898

Vendor: Qualcomm
Software: Mdm9150 firmware
 

 
Out-of-Bounds write due to incorrect array index check in PMIC in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9206, MDM9607, MDM9650, MDM9655, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX24, Snapdragon_High_Med_2016, SXR1130

 
2019-06-13
Medium
CVE-2019-11129

Vendor: Intel
Software: Compute card...
 

 
Out of bound read/write in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.

 
Medium
CVE-2019-11124

Vendor: Intel
Software: Compute card...
 

 
Out of bound read/write in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.

 
2019-06-11
High
CVE-2018-20841

Vendor: Hootoo
Software: Tripmate tit...
 

 
HooToo TripMate Titan HT-TM05 and HT-05 routers with firmware 2.000.022 and 2.000.082 allow remote command execution via shell metacharacters in the mac parameter of a protocol.csp?function=set&fname=security&opt=mac_table request.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top