CWE:
 

Tytuł
Data
Autor
Med.
ABB Cylon Aspect 3.08.01 persistenceManagerAjax.php Command Injection
23.10.2024
LiquidWorm
High
ABB Cylon Aspect 3.08.01 databaseFileDelete.php Command Injection
23.10.2024
LiquidWorm
Med.
reNgine 2.2.0 Command Injection (Authenticated)
02.10.2024
Caner Tercan
High
Apache Karaf Default Credentials Command Execution
02.09.2024
Nicholas Starke
High
Backdrop CMS 1.27.1 Authenticated Remote Command Execution (RCE)
27.08.2024
Ahmet Ümit BAYRAM
High
Aruba 501 CN12G5W0XX Remote Command Execution
26.08.2024
Hosein Vita
Med.
Korenix JetPort Series 1.2 Command Injection / Insufficient Authentication
06.08.2024
S. Dietz
High
Ghostscript Command Execution / Format String
22.07.2024
Thomas Rinsma
High
Zyxel parse_config.py Command Injection
04.07.2024
jheysel-r7
High
Helmholz Industrial Router REX100 / MBConnectline mbNET.mini 2.2.11 Command Injection
04.07.2024
S. Dietz
High
Netis MW5360 Remote Command Execution
24.06.2024
h00die-gr3y
High
PopojiCMS 2.0.1 Remote Command Execution (RCE)
17.06.2024
Ahmet Ümit BAYRAM
Low
ORing IAP-420 2.01e Cross Site Scripting / Command Injection
02.06.2024
T. Weber
High
CHAOS 5.0.8 Cross Site Scripting / Remote Command Execution
22.05.2024
h00die
Med.
Backdrop CMS 1.27.1 Remote Command Execution
20.05.2024
Ahmet Umit Bayram
High
PopojiCMS 2.0.1 Remote Command Execution
20.05.2024
Ahmet Umit Bayram
Med.
Zope 5.9 Command Injection
16.05.2024
Ilyase Dehy
High
htmlLawed 1.2.5 Remote Command Execution
05.05.2024
d4t4s3c
High
Kemp LoadMaster Unauthenticated Command Injection
01.05.2024
Dave Yesland
High
Palo Alto PAN-OS Command Execution / Arbitrary File Creation
25.04.2024
Kr0ff
High
WBCE CMS Version 1.6.1 Remote Command Execution (Authenticated)
21.04.2024
tmrswrr
Med.
Ray OS 2.6.3 Command Injection
14.04.2024
Fire_Wolf
High
GUnet OpenEclass E-learning 3.15 File Upload / Command Execution
11.04.2024
Georgios Tsimpidas
High
Circontrol Raption Buffer Overflow / Command Injection
30.03.2024
Dariusz Gonda
High
WatchGuard XTM Firebox Unauthenticated Remote Command Execution
30.03.2024
Charles FOL
Med.
FoF Pretty Mail 1.1.2 Command Injection
30.03.2024
Chokri Hammedi
High
Sharepoint Dynamic Proxy Generator Remote Command Execution
27.03.2024
Jang
High
OpenNMS Horizon 31.0.7 Remote Command Execution
24.03.2024
Erik Wynter
High
SolarView Compact 6.00 Command Injection
20.03.2024
ByteHunter
High
Akaunting 3.1.3 Remote Command Execution
11.03.2024
u32i
High
elFinder Web file manager Version 2.1.53 Remote Command Execution
06.03.2024
tmrswrr
High
Easywall 0.3.1 Authenticated Remote Command Execution
03.03.2024
Melvin Mejia
High
Kafka UI 0.7.1 Command Injection
20.02.2024
h00die-gr3y
High
Typora 1.7.4 Command Injection
02.02.2024
Ahmet Umit Bayram
Med.
7 Sticky Notes 1.9 Command Injection
02.02.2024
Ahmet Umit Bayram
High
Mirth Connect 4.4.0 Remote Command Execution
01.02.2024
r00t
High
Cacti 1.2.24 Authenticated command injection when using SNMP options
29.01.2024
Antonio Francesco Sard...
Med.
Vinchin Backup And Recovery 7.2 setNetworkCardInfo Command Injection
26.01.2024
Valentin Lobstein
High
GL.iNet Unauthenticated Remote Command Execution
25.01.2024
h00die-gr3y
High
Vinchin Backup And Recovery Command Injection
24.12.2023
Valentin Lobstein
High
Atcom 2.7.x.x Command Injection
10.10.2023
Mohammed Adel
High
TOTOLINK Wireless Routers Remote Command Execution
24.09.2023
h00die-gr3y
High
Super Store Finder 3.7 Remote Command Execution
20.09.2023
Etharus
High
OpenTSDB 2.4.1 Unauthenticated Command Injection
10.09.2023
Erik Wynter
Med.
Wp2Fac 1.0 Command Injection
09.09.2023
Ahmet Umit Bayram
Med.
Chamilo 1.11.18 Command Injection
27.08.2023
RandoriSec
High
WordPress Plugin Forminator 1.24.6 Unauthenticated Remote Command Execution
24.08.2023
Mehmet Kelepçe
High
Greenshot 1.3.274 Deserialization / Command Execution
19.08.2023
bwatters-r7
High
Maltrail 0.53 Unauthenticated Command Injection
19.08.2023
Ege Balci
High
RaspAP 2.8.7 Unauthenticated Command Injection
16.08.2023
Ege Balci
High
Emagic Data Center Management Suite 6.0 Remote Command Execution
13.08.2023
thewhiteh4t
High
TP-Link Archer AX21 Command Injection
11.08.2023
Voyag3r
Low
Emagic Data Center Management Suite v6.0 OS Command Injection
08.08.2023
Shubham Pandey & thewh...
High
Eramba 3.19.1 Remote Command Execution
01.08.2023
Sergey Makarov
Med.
Western Digital MyCloud Unauthenticated Command Injection
30.07.2023
Remco Vermeulen
High
VMWare Aria Operations For Networks Remote Command Execution
26.07.2023
h00die
High
pfSense Restore RRD Data Command Injection
15.07.2023
Emir Polat
High
Spring Cloud 3.2.2 Remote Command Execution (RCE)
15.07.2023
GatoGamer1155, 0bfxgh0...
High
DaillyTools Remote Command Execution
11.07.2023
indoushka
Med.
OX App Suite SSRF / Resource Consumption / Command Injection
22.06.2023
Mehmet Ince
Med.
SystemK NVR 504/508/516 Command Injection
19.06.2023
Keniver Wang
High
Oracle Weblogic PreAuth Remote Command Execution
15.06.2023
Grant Willcox
Low
ManageEngine ADManager Plus Command Injection
06.06.2023
Grant Willcox
High
Seagate Central Storage 2015.0916 User Creation / Command Execution
27.05.2023
Ege Balci
High
Advantech EKI-15XX Series Command Injection / Buffer Overflow
13.05.2023
T. Weber
High
Aigital Wireless-N Repeater Mini_Router.0.131229 Remote Command Execution
30.04.2023
Matteo Mandolini
Med.
Sophos Web Appliance 4.3.10.4 Pre-auth command injection
25.04.2023
Behnam Abasi Vanda
High
SPIP Remote Command Execution
18.04.2023
coiffeur
High
Altenergy Power Control Software C1.2.5 OS command injection
14.04.2023
Ahmed Alroky
Med.
Osprey Pump Controller 1.0.1 (eventFileSelected) Command Injection
10.04.2023
LiquidWorm
Med.
pdfkit v0.8.7.2 Command Injection
07.04.2023
UNICORD (NicPWNs & Dev...
High
WIMAX SWC-5100W Remote Command Execution
06.04.2023
Momen Eldawakhly
Med.
D-Link DIR-846 Remote Command Execution
05.04.2023
Francoa Taffarel
High
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x Remote Command Execution (RCE)
03.04.2023
LiquidWorm
High
XCMS v1.83 Remote Command Execution (RCE)
02.04.2023
Onurcan
Med.
Linksys AX3200 V1.1.00 Command Injection
22.03.2023
Ahmed Alroky
High
Bitbucket Environment Variable Remote Command Injection
19.03.2023
Shelby Pace
High
CoreDial sipXcom sipXopenfire 21.04 Remote Command Execution / Weak Permissionsundefined
08.03.2023
Systems Research Group
Med.
Barracuda CloudGen WAN OS Command Injection
06.03.2023
Stefan Viehbock
High
Osprey Pump Controller 1.0.1 pseudonym Command Injection
01.03.2023
LiquidWorm
Med.
Osprey Pump Controller 1.0.1 userName Command Injection
01.03.2023
LiquidWorm
Med.
Froxlor 2.0.6 Remote Command Execution
24.02.2023
Askar
High
Control Web Panel Unauthenticated Remote Command Execution
02.02.2023
Spencer McIntyre
Med.
Hikvision Remote Code Execution / XSS / SQL Injection
02.02.2023
Thurein Soe
High
Cacti 1.2.22 Command Injection
24.01.2023
mr_me
High
Ivanti Cloud Services Appliance (CSA) Command Injection
18.01.2023
h00die-gr3y
Med.
Linear eMerge E3-Series Access Controller Command Injection
05.01.2023
h00die-gr3y
High
4images 1.9 Remote Command Execution
27.12.2022
Andrey Stoykov
Med.
OpenTSDB 2.4.0 Command Injection
24.12.2022
Shai rod
Low
Delta Electronics DVW-W02W2-E2 2.42 Command Injection
09.12.2022
T. Weber
Med.
Delta Electronics DX-2100-L1-CN 1.5.0.10 Command Injection / XSS
09.12.2022
T. Weber
Med.
Hirschmann (Belden) BAT-C2 8.8.1.0R8 Command Injection
01.12.2022
T. Weber
High
F5 BIG-IP iControl Remote Command Execution
26.11.2022
Ron Bowes
High
FLIR AX8 1.46.16 Remote Command Injection meta
02.11.2022
Samy Younsi
High
GLPI 10.0.2 Command Injection
26.10.2022
bwatters-r7
High
MiniDVBLinux 5.4 Remote Root Command Injection
17.10.2022
LiquidWorm
High
Bitbucket Git Command Injection
25.09.2022
Ron Bowes
High
Apache Spark Unauthenticated Command Injection
08.09.2022
Kostya Kortchinsky
High
Cisco ASA-X With FirePOWER Services Authenticated Command Injection
06.09.2022
jbaines-r7
High
Teleport 9.3.6 Command Injection
23.08.2022
Brian Landrum


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2024-10-21
Waiting for details
CVE-2024-10202

Updating...
 

 
Administrative Management System from Wellchoose has an OS Command Injection vulnerability, allowing remote attackers with regular privileges to inject and execute arbitrary OS commands.

 
2024-10-18
Waiting for details
CVE-2024-10118

Updating...
 

 
SECOM WRTR-304GN-304TW-UPSC does not properly filter user input in the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.

 
Waiting for details
CVE-2024-10119

Updating...
 

 
The wireless router WRTM326 from SECOM does not properly validate a specific parameter. An unauthenticated remote attacker could execute arbitrary system commands by sending crafted requests.

 
2024-10-17
Waiting for details
CVE-2005-10003

Updating...
 

 
A vulnerability classified as critical has been found in mikexstudios Xcomic up to 0.8.2. This affects an unknown part. The manipulation of the argument cmd leads to os command injection. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 0.8.3 is able to address this issue. The patch is named 6ed8e3cc336e29f09c7e791863d0559939da98bf. It is recommended to upgrade the affected component.

 
2024-10-16
Waiting for details
CVE-2024-22033

Updating...
 

 
The OBS service obs-service-download_url was vulnerable to a command injection vulnerability. The attacker could provide a configuration to the service that allowed to execute command in later steps

 
2024-10-15
Waiting for details
CVE-2024-9820

Updating...
 

 
The WP 2FA with Telegram plugin for WordPress is vulnerable to Two-Factor Authentication Bypass in versions up to, and including, 3.0. This is due to the two-factor code being stored in a cookie, which makes it possible to bypass two-factor authentication.

 
Waiting for details
CVE-2024-9977

Updating...
 

 
A vulnerability, which was classified as critical, was found in MitraStar GPT-2541GNAC BR_g5.6_1.11(WVK.0)b26. Affected is an unknown function of the file /cgi-bin/settings-firewall.cgi of the component Firewall Settings Page. The manipulation of the argument SrcInterface leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. We tried to contact the vendor early about the disclosure but the official mail address was not working properly.

 
2024-10-13
Waiting for details
CVE-2024-9916

Updating...
 

 
A vulnerability, which was classified as critical, has been found in HuangDou UTCMS V9. Affected by this issue is some unknown functionality of the file app/modules/ut-cac/admin/cli.php. The manipulation of the argument o leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

 
2024-10-10
Waiting for details
CVE-2024-47963

Updating...
 

 
Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process.

 
2024-10-09
Waiting for details
CVE-2024-45150

Updating...
 

 
Dimension versions 4.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

 

 


Copyright 2024, cxsecurity.com

 

Back to Top