CWE:
 

Topic
Date
Author
High
RemoteMouse 3.008 Arbitrary Remote Command Execution
17.04.2019
0rphon
High
Cisco RV130W Routers Management Interface Remote Command Execution
15.04.2019
Quentin Kaiser
Med.
TeemIp IPAM Command Injection
04.04.2019
Ozkan Mustafa Akkus
High
PhreeBooks ERP 5.2.3 Remote Command Execution
04.04.2019
Metin Yunus Kandemir
High
Pydio 8 Command Execution / Cross Site Scripting
29.03.2019
Leandro Cuozzo
High
Webmin 1.900 Upload Authenticated Remote Command Execution
16.03.2019
Ozkan Mustafa Akkus
High
BMC Patrol Agent Privilege Escalation / Command Execution
16.03.2019
b0yd
High
Apache Tika Server Command Injection
14.03.2019
David Yesland
High
QNAP TS-431 QTS < 4.2.2 Remote Command Execution (Metasploit)
10.03.2019
AkkuS
High
Oracle Weblogic Server Deserialization Remote Command Execution
09.03.2019
Allyshka
High
Feng Office 3.7.0.5 Remote Command Execution (Metasploit)
09.03.2019
AkkuS
High
QNAP TS-431 QTS Remote Command Execution
08.03.2019
Ozkan Mustafa Akkus
High
Imperva SecureSphere 13.x PWS Command Injection
07.03.2019
rsp3ar
High
Booked Scheduler 2.7.5 Remote Command Execution
05.03.2019
Ozkan Mustafa Akkus
High
elFinder 2.1.47 Command Injection
05.03.2019
q3rv0
High
Usermin 1.750 Remote Command Execution
03.03.2019
Ozkan Mustafa Akkus
High
Teracue ENC-400 Command Injection / Missing Authentication
22.02.2019
Stephen Shkardoon
High
Master IP CAM 01 3.3.4.2103 Remote Command Execution
19.02.2019
Raffaele Sabato
High
mIRC Remote Command Execution
19.02.2019
Baptiste Devigne
Med.
MISP 2.4.97 SQL Injection / Command Injection
19.02.2019
Tm9jdGlz
Med.
Jinja2 2.10 Command Injection
17.02.2019
Jameel Nabbo
High
Raisecom Technology GPON-ONU HT803G-07 Command Injection
13.02.2019
Kaustubh G. Padwad
Med.
SYSTORME ISG Command Injection
13.02.2019
Kaustubh G. Padwad
High
Jenkins 2.150.2 Remote Command Execution Via Node JS
13.02.2019
Ozkan Mustafa Akkus
Med.
Evince CBT File Command Injection
07.02.2019
FX
Med.
Dell EMC VNX2 Family OS Command Injection
05.02.2019
Dell
High
Splunk Enterprise 7.2.3 Command Execution
25.01.2019
Lee Mazzoleni
High
Cisco RV320 Command Injection
24.01.2019
CGI
High
Webmin 1.900 Remote Command Execution
22.01.2019
Ozkan Mustafa Akkus
Med.
GL-AR300M-Lite 2.2.7 Command Injection / Directory Traversal
17.01.2019
Pasquale Turi
High
Hashicorp Consul Remote Command Execution via Rexec (Metasploit)
11.01.2019
Quentin Kaiser
High
Hashicorp Consul Rexec Remote Command Execution
29.12.2018
Quentin Kaiser
High
Hashicorp Consul Services API Remote Command Execution
29.12.2018
Quentin Kaiser
High
Razer Cortex Debugger Remote Command Execution
18.12.2018
Tavis Ormandy
High
Huawei Router HG532e Command Execution
16.12.2018
Rebellion
High
Cisco RV110W Password Disclosure / Command Execution
15.12.2018
RySh
Med.
FutureNet NXR-G240 Series ShellShock Command Injection
09.12.2018
Nassim Asrir
High
Moxa NPort W2x50A 2.1 OS Command Injection
03.12.2018
Maxim Khazov
High
Apache Spark Unauthenticated Command Execution (Metasploit)
02.12.2018
Metasploit
High
Cisco WebEx Meetings Privilege Escalation
29.11.2018
Core Security Technolo...
High
TeamCity Agent XML-RPC Command Execution
29.11.2018
Dylan Pindur
High
Netgear Devices Unauthenticated Remote Command Execution (Metasploit)
28.11.2018
Metasploit
Med.
Citrix NetScaler SD-WAN SQL Injection / Traversal / Command Injection
24.10.2018
Sergey Gordeychik
High
Teltonika RUT9XX Unauthenticated OS Command Injection
15.10.2018
David Gnedt
High
ISPConfig Remote Command Execution
05.10.2018
0x09AL
High
Tenable WAS-Scanner 7.4.1708 Remote Command Execution
07.09.2018
Sameer Goyal
Med.
Ghostscript Failed Restore Command Execution
07.09.2018
Tavis Ormandy
Med.
WordPress Plugin Plainview Activity Monitor 20161228 Command Injection
28.08.2018
Lydéric Lefebvre
High
D-Link EyeOn Baby Monitor (DCS-825L) Command Injection
24.08.2018
Dove Chiu
High
PLANEX CS-QR20 Command Execution
24.08.2018
Kenney Lu
High
Mutiny Monitoring Appliance Command Injection
24.08.2018
Reginald Dodd
High
ASUSTOR ADM 3.1.0.RFQ3 Remote Command Execution / SQL Injection
16.08.2018
Kyle Lovett
High
ASUS DSL-N12E_C1 1.1.2.3_345 Remote Command Execution
03.08.2018
Fakhri Zulkifli
High
CoSoSys Endpoint Protector 4.5.0.1 Remote Root Command Injection
03.08.2018
0x09AL
High
Axis Network Camera Remote Command Execution
27.07.2018
sinn3r
High
SoftNAS Cloud OS Command Injection
27.07.2018
CORE
High
CMS Made Simple 2.2.5 Authenticated Remote Command Execution
20.07.2018
Jacob Robles
High
QNAP Q Center change_passwd Command Execution
17.07.2018
Ivan Huertas
High
Hadoop YARN ResourceManager Unauthenticated Command Execution (Metasploit)
14.07.2018
Green-m
Med.
QNAP Qcenter Virtual Appliance 1.6.x Information Disclosure / Command Injection
13.07.2018
Core Security Technolo...
High
HID discoveryd command_blink_on Unauthenticated Remote Command Execution
08.07.2018
Brendan Coles
Med.
HP VAN SDN Controller Root Command Injection
08.07.2018
Matthew Bergin
Med.
Quest KACE Systems Management Command Injection
02.07.2018
Metasploit
High
VMware NSX SD-WAN Edge Command Injection
02.07.2018
Section 8
High
Geutebruck simple_loglistjs.cgi Remote Command Execution
02.07.2018
Davy Douhine
High
TP-Link TL-WR841N V13 Command Injection
29.06.2018
Tim Coen
High
PRTG Command Injection
28.06.2018
Josh Berry
High
Quest KACE Systems Management Command Injection
27.06.2018
Brendan Coles
High
TP-Link TL-WA850RE Remote Command Execution
22.06.2018
yoresongo
High
Siaberry 1.2.2 Command Injection
13.06.2018
Space Duck
Med.
DHCP Client Command Injection (DynoRoot)
13.06.2018
Felix Wilhelm
High
Quest DR Series Disk Backup Software 4.0.3 Code Execution
01.06.2018
Core Security Technolo...
High
JDA Connect CSRF / Command Execution / Exposed JMX Service
31.05.2018
Xiaoran Wang
High
Bitmain Antminer D3/L3+/S9 Remote Command Execution
28.05.2018
CorryL
High
D-Link DSL-2750B OS Command Injection (Metasploit)
26.05.2018
Marcin Bury
High
D-Link DSL-2750B OS Command Injection
25.05.2018
Marcin Bury
High
DynoRoot DHCP Command Injection
21.05.2018
Kevin Kirsche
High
Inteno IOPSYS 2.0 4.2.0 p910nd Remote Command Execution
17.05.2018
neonsea
High
EMC RecoverPoint 4.3 Admin CLI Command Injection
12.05.2018
Paul Taylor
High
MSTAR Set-Top BOX Command Injection
04.05.2018
ivanm
High
xdebug Unauthenticated OS Command Execution
02.05.2018
Mumbai
High
Oracle Weblogic Server 10.3.6.0 / 12.1.3.0 / 12.2.1.2 / 12.2.1.3 Deserialization Remote Command Execution
29.04.2018
Liao Xinxi
High
ASUS infosvr Authentication Bypass Command Execution
22.04.2018
jduck
Med.
Moxa AWK-3131A 1.4 < 1.7 Username OS Command Injection
04.04.2018
Talos
High
Homematic CCU2 2.29.23 Remote Command Execution
31.03.2018
Patrick Muench and Gre...
High
Eclipse Equinoxe OSGi Console Command Execution
08.03.2018
Quentin Kaiser
High
ClipBucket < 4.0.0 Release 4902 Command Injection / File Upload / SQL Injection
06.03.2018
Ahmad Ramadhan Amizudi...
High
OTRS 5.0.2, 5.0.0 - 5.0.24, 6.0.0 - 6.0.1 Command Injection
04.03.2018
Ali BawazeEer
High
McAfee Security Scan Plus Remote Command Execution
16.02.2018
SecuriTeam
High
NAT32 2.2 Build 22284 Remote Command Execution
14.02.2018
hyp3rlinx
High
NetEx HyperIP 6.1.0 Post-Auth Command Execution
11.02.2018
Matt Bergin
High
Geovision Inc. IP Camera / Video Server Remote Command Execution
08.02.2018
bashis
High
Geovision Inc. IP Camera Remote Command Execution / Stack Overflow
03.02.2018
bashis
High
BMC Server Automation RSCD Agent NSH Remote Command Execution
01.02.2018
Nicky Bloor
Med.
OTRS 5.0.x/6.0.x Remote Command Execution
22.01.2018
Bæln0rn
Med.
Belkin N600DB Command Injection / Backdoor
18.01.2018
Wadeek
Med.
pfSense 2.1.3 status_rrd_graph_img.php Command Injection
16.01.2018
absolomb
High
D-Link DNS-343 ShareCenter 1.05 Command Injection
15.01.2018
GulfTech
High
D-Link DNS-325 ShareCenter 1.05B03 Shell Upload / Command Injection
15.01.2018
Phosphorus Cybersecuri...
High
Flash Operator Panel 2.31.03 Command Execution
13.01.2018
Vulnerability Lab


CVEMAP Search Results

CVE
Details
Description
2019-04-12
High
CVE-2019-10880

Updating...
 

 
Within multiple XEROX products a vulnerability allows remote command execution on the Linux system, as the "nobody" user through a crafted "HTTP" request (OS Command Injection vulnerability in the HTTP interface). Depending upon configuration authentication may not be necessary.

 
2019-04-08
High
CVE-2019-11001

Vendor: Reolink
Software: C1 pro firmware
 

 
On Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W devices through 1.0.227, an authenticated admin can use the "TestEmail" functionality to inject and run OS commands as root, as demonstrated by shell metacharacters in the addr1 field.

 
Medium
CVE-2014-5435

Updating...
 

 
An arbitrary memory write vulnerability exists in the dual_onsrv.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, that could lead to possible remote code execution or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version.

 
2019-04-05
Medium
CVE-2019-10878

Vendor: Teeworlds
Software: Teeworlds
 

 
In Teeworlds 0.7.2, there is a failed bounds check in CDataFileReader::GetData() and CDataFileReader::ReplaceData() and related functions in engine/shared/datafile.cpp that can lead to an arbitrary free and out-of-bounds pointer write, possibly resulting in remote code execution.

 
2019-04-02
High
CVE-2019-5524

Updating...
 

 
VMware Workstation (14.x before 14.1.6) and Fusion (10.x before 10.1.6) contain an out-of-bounds write vulnerability in the e1000 virtual network adapter. This issue may allow a guest to execute code on the host.

 
High
CVE-2019-5515

Updating...
 

 
VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) and Fusion (11.x before 11.0.3, 10.x before 10.1.6) updates address an out-of-bounds write vulnerability in the e1000 and e1000e virtual network adapters. Exploitation of this issue may lead to code execution on the host from the guest but it is more likely to result in a denial of service of the guest.

 
2019-04-01
High
CVE-2019-9193

Vendor: Postgresql
Software: Postgresql
 

 
** DISPUTED ** In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_read_server_files' group to execute arbitrary code in the context of the database's operating system user. This functionality is enabled by default and can be abused to run arbitrary operating system commands on Windows, Linux, and macOS. NOTE: Third parties claim/state this is not an issue because PostgreSQL functionality for ?COPY TO/FROM PROGRAM? is acting as intended. References state that in PostgreSQL, a superuser can execute commands as the server user without using the ?COPY FROM PROGRAM?. Furthermore, members in 'pg_read_server_files' can run commands only if either the 'pg_execute_server_program' role or superuser are granted.

 
High
CVE-2018-13284

Updating...
 

 
Command injection vulnerability in ftpd in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command.

 
High
CVE-2018-13285

Updating...
 

 
Command injection vulnerability in ftpd in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command.

 
High
CVE-2018-5757

Vendor: Audiocodes
Software: 420hd ip pho...
 

 
An issue was discovered on AudioCodes 450HD IP Phone devices with firmware 3.0.0.535.106. The traceroute and ping functionality, which uses a parameter in a request to command.cgi from the Monitoring page in the web UI, unsafely puts user-alterable data directly into an OS command, leading to Remote Code Execution via shell metacharacters in the query string.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top