Show CWE-78: Improper Neutralization of Special Elements used in an OS C...

	Topic	Date	Author
High	Ghostscript Command Execution / Format String	22.07.2024	Thomas Rinsma
High	Zyxel parse_config.py Command Injection	04.07.2024	jheysel-r7
High	Helmholz Industrial Router REX100 / MBConnectline mbNET.mini 2.2.11 Command Injection	04.07.2024	S. Dietz
High	Netis MW5360 Remote Command Execution	24.06.2024	h00die-gr3y
High	PopojiCMS 2.0.1 Remote Command Execution (RCE)	17.06.2024	Ahmet Ümit BAYRAM
Low	ORing IAP-420 2.01e Cross Site Scripting / Command Injection	02.06.2024	T. Weber
High	CHAOS 5.0.8 Cross Site Scripting / Remote Command Execution	22.05.2024	h00die
Med.	Backdrop CMS 1.27.1 Remote Command Execution	20.05.2024	Ahmet Umit Bayram
High	PopojiCMS 2.0.1 Remote Command Execution	20.05.2024	Ahmet Umit Bayram
Med.	Zope 5.9 Command Injection	16.05.2024	Ilyase Dehy
High	htmlLawed 1.2.5 Remote Command Execution	05.05.2024	d4t4s3c
High	Kemp LoadMaster Unauthenticated Command Injection	01.05.2024	Dave Yesland
High	Palo Alto PAN-OS Command Execution / Arbitrary File Creation	25.04.2024	Kr0ff
High	WBCE CMS Version 1.6.1 Remote Command Execution (Authenticated)	21.04.2024	tmrswrr
Med.	Ray OS 2.6.3 Command Injection	14.04.2024	Fire_Wolf
High	GUnet OpenEclass E-learning 3.15 File Upload / Command Execution	11.04.2024	Georgios Tsimpidas
High	Circontrol Raption Buffer Overflow / Command Injection	30.03.2024	Dariusz Gonda
High	WatchGuard XTM Firebox Unauthenticated Remote Command Execution	30.03.2024	Charles FOL
Med.	FoF Pretty Mail 1.1.2 Command Injection	30.03.2024	Chokri Hammedi
High	Sharepoint Dynamic Proxy Generator Remote Command Execution	27.03.2024	Jang
High	OpenNMS Horizon 31.0.7 Remote Command Execution	24.03.2024	Erik Wynter
High	SolarView Compact 6.00 Command Injection	20.03.2024	ByteHunter
High	Akaunting 3.1.3 Remote Command Execution	11.03.2024	u32i
High	elFinder Web file manager Version 2.1.53 Remote Command Execution	06.03.2024	tmrswrr
High	Easywall 0.3.1 Authenticated Remote Command Execution	03.03.2024	Melvin Mejia
High	Kafka UI 0.7.1 Command Injection	20.02.2024	h00die-gr3y
High	Typora 1.7.4 Command Injection	02.02.2024	Ahmet Umit Bayram
Med.	7 Sticky Notes 1.9 Command Injection	02.02.2024	Ahmet Umit Bayram
High	Mirth Connect 4.4.0 Remote Command Execution	01.02.2024	r00t
High	Cacti 1.2.24 Authenticated command injection when using SNMP options	29.01.2024	Antonio Francesco Sard...
Med.	Vinchin Backup And Recovery 7.2 setNetworkCardInfo Command Injection	26.01.2024	Valentin Lobstein
High	GL.iNet Unauthenticated Remote Command Execution	25.01.2024	h00die-gr3y
High	Vinchin Backup And Recovery Command Injection	24.12.2023	Valentin Lobstein
High	Atcom 2.7.x.x Command Injection	10.10.2023	Mohammed Adel
High	TOTOLINK Wireless Routers Remote Command Execution	24.09.2023	h00die-gr3y
High	Super Store Finder 3.7 Remote Command Execution	20.09.2023	Etharus
High	OpenTSDB 2.4.1 Unauthenticated Command Injection	10.09.2023	Erik Wynter
Med.	Wp2Fac 1.0 Command Injection	09.09.2023	Ahmet Umit Bayram
Med.	Chamilo 1.11.18 Command Injection	27.08.2023	RandoriSec
High	WordPress Plugin Forminator 1.24.6 Unauthenticated Remote Command Execution	24.08.2023	Mehmet Kelepçe
High	Greenshot 1.3.274 Deserialization / Command Execution	19.08.2023	bwatters-r7
High	Maltrail 0.53 Unauthenticated Command Injection	19.08.2023	Ege Balci
High	RaspAP 2.8.7 Unauthenticated Command Injection	16.08.2023	Ege Balci
High	Emagic Data Center Management Suite 6.0 Remote Command Execution	13.08.2023	thewhiteh4t
High	TP-Link Archer AX21 Command Injection	11.08.2023	Voyag3r
Low	Emagic Data Center Management Suite v6.0 OS Command Injection	08.08.2023	Shubham Pandey & thewh...
High	Eramba 3.19.1 Remote Command Execution	01.08.2023	Sergey Makarov
Med.	Western Digital MyCloud Unauthenticated Command Injection	30.07.2023	Remco Vermeulen
High	VMWare Aria Operations For Networks Remote Command Execution	26.07.2023	h00die
High	pfSense Restore RRD Data Command Injection	15.07.2023	Emir Polat
High	Spring Cloud 3.2.2 Remote Command Execution (RCE)	15.07.2023	GatoGamer1155, 0bfxgh0...
High	DaillyTools Remote Command Execution	11.07.2023	indoushka
Med.	OX App Suite SSRF / Resource Consumption / Command Injection	22.06.2023	Mehmet Ince
Med.	SystemK NVR 504/508/516 Command Injection	19.06.2023	Keniver Wang
High	Oracle Weblogic PreAuth Remote Command Execution	15.06.2023	Grant Willcox
Low	ManageEngine ADManager Plus Command Injection	06.06.2023	Grant Willcox
High	Seagate Central Storage 2015.0916 User Creation / Command Execution	27.05.2023	Ege Balci
High	Advantech EKI-15XX Series Command Injection / Buffer Overflow	13.05.2023	T. Weber
High	Aigital Wireless-N Repeater Mini_Router.0.131229 Remote Command Execution	30.04.2023	Matteo Mandolini
Med.	Sophos Web Appliance 4.3.10.4 Pre-auth command injection	25.04.2023	Behnam Abasi Vanda
High	SPIP Remote Command Execution	18.04.2023	coiffeur
High	Altenergy Power Control Software C1.2.5 OS command injection	14.04.2023	Ahmed Alroky
Med.	Osprey Pump Controller 1.0.1 (eventFileSelected) Command Injection	10.04.2023	LiquidWorm
Med.	pdfkit v0.8.7.2 Command Injection	07.04.2023	UNICORD (NicPWNs & Dev...
High	WIMAX SWC-5100W Remote Command Execution	06.04.2023	Momen Eldawakhly
Med.	D-Link DIR-846 Remote Command Execution	05.04.2023	Francoa Taffarel
High	SOUND4 IMPACT/FIRST/PULSE/Eco v2.x Remote Command Execution (RCE)	03.04.2023	LiquidWorm
High	XCMS v1.83 Remote Command Execution (RCE)	02.04.2023	Onurcan
Med.	Linksys AX3200 V1.1.00 Command Injection	22.03.2023	Ahmed Alroky
High	Bitbucket Environment Variable Remote Command Injection	19.03.2023	Shelby Pace
High	CoreDial sipXcom sipXopenfire 21.04 Remote Command Execution / Weak Permissionsundefined	08.03.2023	Systems Research Group
Med.	Barracuda CloudGen WAN OS Command Injection	06.03.2023	Stefan Viehbock
High	Osprey Pump Controller 1.0.1 pseudonym Command Injection	01.03.2023	LiquidWorm
Med.	Osprey Pump Controller 1.0.1 userName Command Injection	01.03.2023	LiquidWorm
Med.	Froxlor 2.0.6 Remote Command Execution	24.02.2023	Askar
High	Control Web Panel Unauthenticated Remote Command Execution	02.02.2023	Spencer McIntyre
Med.	Hikvision Remote Code Execution / XSS / SQL Injection	02.02.2023	Thurein Soe
High	Cacti 1.2.22 Command Injection	24.01.2023	mr_me
High	Ivanti Cloud Services Appliance (CSA) Command Injection	18.01.2023	h00die-gr3y
Med.	Linear eMerge E3-Series Access Controller Command Injection	05.01.2023	h00die-gr3y
High	4images 1.9 Remote Command Execution	27.12.2022	Andrey Stoykov
Med.	OpenTSDB 2.4.0 Command Injection	24.12.2022	Shai rod
Low	Delta Electronics DVW-W02W2-E2 2.42 Command Injection	09.12.2022	T. Weber
Med.	Delta Electronics DX-2100-L1-CN 1.5.0.10 Command Injection / XSS	09.12.2022	T. Weber
Med.	Hirschmann (Belden) BAT-C2 8.8.1.0R8 Command Injection	01.12.2022	T. Weber
High	F5 BIG-IP iControl Remote Command Execution	26.11.2022	Ron Bowes
High	FLIR AX8 1.46.16 Remote Command Injection meta	02.11.2022	Samy Younsi
High	GLPI 10.0.2 Command Injection	26.10.2022	bwatters-r7
High	MiniDVBLinux 5.4 Remote Root Command Injection	17.10.2022	LiquidWorm
High	Bitbucket Git Command Injection	25.09.2022	Ron Bowes
High	Apache Spark Unauthenticated Command Injection	08.09.2022	Kostya Kortchinsky
High	Cisco ASA-X With FirePOWER Services Authenticated Command Injection	06.09.2022	jbaines-r7
High	Teleport 9.3.6 Command Injection	23.08.2022	Brian Landrum
High	FLIX AX8 1.46.16 Remote Command Execution	20.08.2022	Samy Younsi
High	Advantech iView NetworkServlet Command Injection	20.08.2022	rgod
Med.	FLIR AX8 1.46.16 Traversal / Access Control / Command Injection / XSS	20.08.2022	Samy Younsi
Low	Webmin Package Updates Command Injection	14.08.2022	Christophe de la Fuent...
High	AirSpot 5410 0.3.4.1-4 Remote Command Injection	12.08.2022	Samy Younsi
High	MobileIron Log4Shell Remote Command Execution	03.08.2022	Spencer McIntyre
High	Roxy-WI Remote Command Execution	26.07.2022	Nuri Cilengir

CVEMAP Search Results

CVE

Details

Description

2024-07-26

CVE-2024-7120

Updating...

A vulnerability, which was classified as critical, was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. This affects an unknown part of the file list_base_config.php of the component Web Interface. The manipulation of the argument template leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272451.

2024-07-24

	CVE-2023-32466	Updating...	Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability leading to exposure of some UEFI code, leading to arbitrary code execution or escalation of privilege.
	CVE-2024-7066	Updating...	A vulnerability was found in F-logic DataCube3 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/config_time_sync.php of the component HTTP POST Request Handler. The manipulation of the argument ntp_server leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272347.

2024-07-18

CVE-2024-34013

Updating...

Local privilege escalation due to OS command injection vulnerability. The following products are affected: Acronis True Image (macOS) before build 41396.

2024-07-11

CVE-2024-5679

Updating...

CWE-787: Out-of-Bounds Write vulnerability exists that could cause local denial-of-service, or kernel memory leak when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver.

2024-07-09

CVE-2024-28751	Updating...	An high privileged remote attacker can enable telnet access that accepts hardcoded credentials.
CVE-2024-28750	Updating...	A remote attacker with high privileges may use a deleting file function to inject OS commands.
CVE-2024-28749	Updating...	A remote attacker with high privileges may use a writing file function to inject OS commands.
CVE-2024-28748	Updating...	A remote attacker with high privileges may use a reading file function to inject OS commands.
CVE-2024-32056	Updating...	A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted IGS part file. This could allow an attacker to execute code in the context of the current process.

22.07.2024

04.07.2024

04.07.2024

24.06.2024

17.06.2024

02.06.2024

22.05.2024

20.05.2024

20.05.2024

16.05.2024

05.05.2024

01.05.2024

25.04.2024

21.04.2024

14.04.2024

11.04.2024

30.03.2024

30.03.2024

30.03.2024

27.03.2024

24.03.2024

20.03.2024

11.03.2024

06.03.2024

03.03.2024

20.02.2024

02.02.2024

02.02.2024

01.02.2024

29.01.2024

26.01.2024

25.01.2024

24.12.2023

10.10.2023

24.09.2023

20.09.2023

10.09.2023

09.09.2023

27.08.2023

24.08.2023

19.08.2023

19.08.2023

16.08.2023

13.08.2023

11.08.2023

08.08.2023

01.08.2023

30.07.2023

26.07.2023

15.07.2023

15.07.2023

11.07.2023

22.06.2023

19.06.2023

15.06.2023

06.06.2023

27.05.2023

13.05.2023

30.04.2023

25.04.2023

18.04.2023

14.04.2023

10.04.2023

07.04.2023

06.04.2023

05.04.2023

03.04.2023

02.04.2023

22.03.2023

19.03.2023

08.03.2023

06.03.2023

01.03.2023

01.03.2023

24.02.2023