CWE:
 

Topic
Date
Author
High
Raisecom Technology GPON-ONU HT803G-07 Command Injection
13.02.2019
Kaustubh G. Padwad
Med.
SYSTORME ISG Command Injection
13.02.2019
Kaustubh G. Padwad
High
Jenkins 2.150.2 Remote Command Execution Via Node JS
13.02.2019
Ozkan Mustafa Akkus
Med.
Evince CBT File Command Injection
07.02.2019
FX
Med.
Dell EMC VNX2 Family OS Command Injection
05.02.2019
Dell
High
Splunk Enterprise 7.2.3 Command Execution
25.01.2019
Lee Mazzoleni
High
Cisco RV320 Command Injection
24.01.2019
CGI
High
Webmin 1.900 Remote Command Execution
22.01.2019
Ozkan Mustafa Akkus
Med.
GL-AR300M-Lite 2.2.7 Command Injection / Directory Traversal
17.01.2019
Pasquale Turi
High
Hashicorp Consul Remote Command Execution via Rexec (Metasploit)
11.01.2019
Quentin Kaiser
High
Hashicorp Consul Rexec Remote Command Execution
29.12.2018
Quentin Kaiser
High
Hashicorp Consul Services API Remote Command Execution
29.12.2018
Quentin Kaiser
High
Razer Cortex Debugger Remote Command Execution
18.12.2018
Tavis Ormandy
High
Huawei Router HG532e Command Execution
16.12.2018
Rebellion
High
Cisco RV110W Password Disclosure / Command Execution
15.12.2018
RySh
Med.
FutureNet NXR-G240 Series ShellShock Command Injection
09.12.2018
Nassim Asrir
High
Moxa NPort W2x50A 2.1 OS Command Injection
03.12.2018
Maxim Khazov
High
Apache Spark Unauthenticated Command Execution (Metasploit)
02.12.2018
Metasploit
High
Cisco WebEx Meetings Privilege Escalation
29.11.2018
Core Security Technolo...
High
TeamCity Agent XML-RPC Command Execution
29.11.2018
Dylan Pindur
High
Netgear Devices Unauthenticated Remote Command Execution (Metasploit)
28.11.2018
Metasploit
Med.
Citrix NetScaler SD-WAN SQL Injection / Traversal / Command Injection
24.10.2018
Sergey Gordeychik
High
Teltonika RUT9XX Unauthenticated OS Command Injection
15.10.2018
David Gnedt
High
ISPConfig Remote Command Execution
05.10.2018
0x09AL
High
Tenable WAS-Scanner 7.4.1708 Remote Command Execution
07.09.2018
Sameer Goyal
Med.
Ghostscript Failed Restore Command Execution
07.09.2018
Tavis Ormandy
Med.
WordPress Plugin Plainview Activity Monitor 20161228 Command Injection
28.08.2018
Lydéric Lefebvre
High
D-Link EyeOn Baby Monitor (DCS-825L) Command Injection
24.08.2018
Dove Chiu
High
PLANEX CS-QR20 Command Execution
24.08.2018
Kenney Lu
High
Mutiny Monitoring Appliance Command Injection
24.08.2018
Reginald Dodd
High
ASUSTOR ADM 3.1.0.RFQ3 Remote Command Execution / SQL Injection
16.08.2018
Kyle Lovett
High
ASUS DSL-N12E_C1 1.1.2.3_345 Remote Command Execution
03.08.2018
Fakhri Zulkifli
High
CoSoSys Endpoint Protector 4.5.0.1 Remote Root Command Injection
03.08.2018
0x09AL
High
Axis Network Camera Remote Command Execution
27.07.2018
sinn3r
High
SoftNAS Cloud OS Command Injection
27.07.2018
CORE
High
CMS Made Simple 2.2.5 Authenticated Remote Command Execution
20.07.2018
Jacob Robles
High
QNAP Q Center change_passwd Command Execution
17.07.2018
Ivan Huertas
High
Hadoop YARN ResourceManager Unauthenticated Command Execution (Metasploit)
14.07.2018
Green-m
Med.
QNAP Qcenter Virtual Appliance 1.6.x Information Disclosure / Command Injection
13.07.2018
Core Security Technolo...
High
HID discoveryd command_blink_on Unauthenticated Remote Command Execution
08.07.2018
Brendan Coles
Med.
HP VAN SDN Controller Root Command Injection
08.07.2018
Matthew Bergin
Med.
Quest KACE Systems Management Command Injection
02.07.2018
Metasploit
High
VMware NSX SD-WAN Edge Command Injection
02.07.2018
Section 8
High
Geutebruck simple_loglistjs.cgi Remote Command Execution
02.07.2018
Davy Douhine
High
TP-Link TL-WR841N V13 Command Injection
29.06.2018
Tim Coen
High
PRTG Command Injection
28.06.2018
Josh Berry
High
Quest KACE Systems Management Command Injection
27.06.2018
Brendan Coles
High
TP-Link TL-WA850RE Remote Command Execution
22.06.2018
yoresongo
High
Siaberry 1.2.2 Command Injection
13.06.2018
Space Duck
Med.
DHCP Client Command Injection (DynoRoot)
13.06.2018
Felix Wilhelm
High
Quest DR Series Disk Backup Software 4.0.3 Code Execution
01.06.2018
Core Security Technolo...
High
JDA Connect CSRF / Command Execution / Exposed JMX Service
31.05.2018
Xiaoran Wang
High
Bitmain Antminer D3/L3+/S9 Remote Command Execution
28.05.2018
CorryL
High
D-Link DSL-2750B OS Command Injection (Metasploit)
26.05.2018
Marcin Bury
High
D-Link DSL-2750B OS Command Injection
25.05.2018
Marcin Bury
High
DynoRoot DHCP Command Injection
21.05.2018
Kevin Kirsche
High
Inteno IOPSYS 2.0 4.2.0 p910nd Remote Command Execution
17.05.2018
neonsea
High
EMC RecoverPoint 4.3 Admin CLI Command Injection
12.05.2018
Paul Taylor
High
MSTAR Set-Top BOX Command Injection
04.05.2018
ivanm
High
xdebug Unauthenticated OS Command Execution
02.05.2018
Mumbai
High
Oracle Weblogic Server 10.3.6.0 / 12.1.3.0 / 12.2.1.2 / 12.2.1.3 Deserialization Remote Command Execution
29.04.2018
Liao Xinxi
High
ASUS infosvr Authentication Bypass Command Execution
22.04.2018
jduck
Med.
Moxa AWK-3131A 1.4 < 1.7 Username OS Command Injection
04.04.2018
Talos
High
Homematic CCU2 2.29.23 Remote Command Execution
31.03.2018
Patrick Muench and Gre...
High
Eclipse Equinoxe OSGi Console Command Execution
08.03.2018
Quentin Kaiser
High
ClipBucket < 4.0.0 Release 4902 Command Injection / File Upload / SQL Injection
06.03.2018
Ahmad Ramadhan Amizudi...
High
OTRS 5.0.2, 5.0.0 - 5.0.24, 6.0.0 - 6.0.1 Command Injection
04.03.2018
Ali BawazeEer
High
McAfee Security Scan Plus Remote Command Execution
16.02.2018
SecuriTeam
High
NAT32 2.2 Build 22284 Remote Command Execution
14.02.2018
hyp3rlinx
High
NetEx HyperIP 6.1.0 Post-Auth Command Execution
11.02.2018
Matt Bergin
High
Geovision Inc. IP Camera / Video Server Remote Command Execution
08.02.2018
bashis
High
Geovision Inc. IP Camera Remote Command Execution / Stack Overflow
03.02.2018
bashis
High
BMC Server Automation RSCD Agent NSH Remote Command Execution
01.02.2018
Nicky Bloor
Med.
OTRS 5.0.x/6.0.x Remote Command Execution
22.01.2018
Bæln0rn
Med.
Belkin N600DB Command Injection / Backdoor
18.01.2018
Wadeek
Med.
pfSense 2.1.3 status_rrd_graph_img.php Command Injection
16.01.2018
absolomb
High
D-Link DNS-343 ShareCenter 1.05 Command Injection
15.01.2018
GulfTech
High
D-Link DNS-325 ShareCenter 1.05B03 Shell Upload / Command Injection
15.01.2018
Phosphorus Cybersecuri...
High
Flash Operator Panel 2.31.03 Command Execution
13.01.2018
Vulnerability Lab
High
HPE iMC dbman RestoreDBase Unauthenticated Remote Command Execution
10.01.2018
Brendan
High
HPE iMC dbman RestartDB Unauthenticated Remote Command Execution
10.01.2018
Brendan
High
Commvault Communications Service (cvd) Command Injection
09.01.2018
b0yd
High
Oracle WebLogic < 10.3.6 wls-wsat Component Deserialisation Remote Command Execution
08.01.2018
Kevin Kirsche
High
Linksys WVBR0-25 User-Agent Command Execution
04.01.2018
HeadlessZeke
High
Cambium ePMP1000 get_chart Shell via Command Injection (Metasploit)
01.01.2018
Karn Ganeshen
High
Cambium ePMP1000 ping Shell via Command Injection (Metasploit)
01.01.2018
Karn Ganeshen
High
Cambium ePMP1000 3.1-3.5-RC7 Command Injection
31.12.2017
Karn
Med.
Cambium ePMP1000 2.5 Command Injection
31.12.2017
Karn
High
Zoom Linux Client 2.0.106600.0904 Command Injection
18.12.2017
Gabriel Quadros, Ricar...
High
ITGuard-Manager 0.0.0.1 Remote Command Execution
15.12.2017
Nassim Asrir
High
Zivif PR115-204-P-RS 2.3.4.2103 Bypass / Command Injection / Hardcoded Password
13.12.2017
Silas
High
LaCie 5big Network 2.2.8 Command Injection
07.12.2017
Timo Sablowski
High
Polycom Shell HDX Series Traceroute Command Execution
06.12.2017
staaldraad
High
OpenEMR 5.0.0 Command Injection / Cross Site Scripting
04.12.2017
Jasveer
High
Synology StorageManager 5.2 Remote Root Command Execution
29.11.2017
SecuriTeam
High
pfSense 2.3.1_1 Remote Command Execution
29.11.2017
h00die, s4squatch
High
Mako Server 2.5 OS Command Injection Remote Command Execution
17.11.2017
Steven Patterson
High
D-Link DIR-850L Unauthenticated Command Execution
14.11.2017
Zdenda
High
Mako Server 2.5 Command Injection
09.11.2017
Steven Patterson
High
pfSense 2.3.1_1 Command Execution
07.11.2017
s4squatch


CVEMAP Search Results

CVE
Details
Description
2019-02-12
Medium
CVE-2018-20253

Vendor: Rarlab
Software: Winrar
 

 
In WinRAR versions prior to and including 5.60, There is an out-of-bounds write vulnerability during parsing of a crafted LHA / LZH archive formats. Successful exploitation could lead to arbitrary code execution in the context of the current user.

 
2019-02-11
Medium
CVE-2018-9585

Vendor: Google
Software: Android
 

 
In nfc_ncif_proc_get_routing of nfc_ncif.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-117554809.

 
Medium
CVE-2018-9584

Vendor: Google
Software: Android
 

 
In nfc_ncif_set_config_status of nfc_ncif.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-114047681.

 
High
CVE-2018-9583

Vendor: Google
Software: Android
 

 
In bta_ag_parse_cmer of bta_ag_cmd.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution in the bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-112860487.

 
2019-02-08
High
CVE-2019-7632

Vendor: Lifesize
Software: Networker 22...
 

 
LifeSize Team, Room, Passport, and Networker 220 devices allow Authenticated Remote OS Command Injection, as demonstrated by shell metacharacters in the support/mtusize.php mtu_size parameter. The lifesize default password for the cli account may sometimes be used for authentication.

 
2019-02-07
Medium
CVE-2019-3704

Updating...
 

 
VNX Control Station in Dell EMC VNX2 OE for File versions prior to 8.1.9.236 contains OS command injection vulnerability. Due to inadequate restriction configured in sudores, a local authenticated malicious user could potentially execute arbitrary OS commands as root by exploiting this vulnerability.

 
Low
CVE-2019-7559

Vendor: Btor2tools project
Software: Btor2tools
 

 
In btor2parser/btor2parser.c in Boolector Btor2Tools before 2019-01-15, opening a specially crafted input file leads to an out of bounds write in pusht_bfr.

 
2019-02-06
Medium
CVE-2018-3973

Vendor: Canvasgfx
Software: Canvas draw
 

 
An exploitable out of bounds write exists in the CAL parsing functionality of Canvas Draw version 5.0.0. A specially crafted CAL image processed via the application can lead to an out of bounds write overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution.

 
Medium
CVE-2018-3976

Vendor: Canvasgfx
Software: Canvas draw
 

 
An exploitable out-of-bounds write exists in the CALS Raster file format-parsing functionality of Canvas Draw version 5.0.0.28. A specially crafted CAL image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a CAL image to trigger this vulnerability and gain code execution.

 
Medium
CVE-2018-3980

Vendor: Canvasgfx
Software: Canvas draw
 

 
An exploitable out-of-bounds write exists in the TIFF-parsing functionality of Canvas Draw version 5.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top