CWE:
 

Tytuł
Data
Autor
High
Advanced Comment System 1.0 Remote Command Execution
02.12.2021
Nicole Daniella Murill...
High
GNU gdbserver 9.2 Remote Command Execution
23.11.2021
Roberto Gesteira Minar...
High
Apache Storm Nimbus 2.2.0 Command Execution
22.11.2021
Spencer McIntyre
High
YeaLink SIP-TXXXP 53.84.0.15 Command Injection
12.11.2021
tahaafarooq
High
GitLab Unauthenticated Remote ExifTool Command Injection
05.11.2021
William Bowling
Med.
Sophos UTM WebAdmin SID Command Injection
29.10.2021
wvu
Med.
Movable Type 7 r.5002 XMLRPC API OS Command Injection (Metasploit)
29.10.2021
Etienne
Med.
Hikvision Web Server Build 210702 Command Injection
25.10.2021
bashis
High
Moodle SpellChecker Path Authenticated Remote Command Execution
12.10.2021
h00die
High
CMSimple_XH 1.7.4 Remote Command Execution
02.10.2021
Halit Akaydin
Low
Apache James Server 2.3.2 Remote Command Execution
28.09.2021
shinris3n
High
Backdrop CMS 1.20.0 Cross Site Request Forgery / Command Execution
23.09.2021
V1n1v131r4
High
elFinder Archive Command Injection
17.09.2021
Shelby Pace
High
Geutebruck Remote Command Execution
04.09.2021
Titouan Lazard
Med.
Moxa Command Injection / Cross Site Scripting / Vulnerable Software
01.09.2021
T. Weber
High
Git LFS Clone Command Execution
31.08.2021
Shelby Pace
Low
Altus Sistemas de Automacao Products CSRF / Command Injection / Hardcoded Credentials
20.08.2021
T. Weber
Med.
Online Notice Board System 1.0 - Remote Command Execution (RCE) throw upload file
19.08.2021
Mosaaed
High
Riak Insecure Default Configuration / Remote Command Execution
06.08.2021
Jeremy Brown
High
ApacheOfBiz 17.12.01 Remote Command Execution
04.08.2021
Álvaro Muñoz
High
Sage X3 Administration Service Authentication Bypass / Command Execution
21.07.2021
Aaron Herndon
Med.
Seagate BlackArmor NAS sg2000-2000.1331 Command Injection
16.07.2021
Metin Yunus Kandemir
Med.
Visual Tools DVR VX16 4.2.28.0 Command Injection
09.07.2021
Andrea D'Ubaldo
High
Netgear DGN2200v1 Remote Command Execution
07.07.2021
SivertPL
High
Docker Dashboard Remote Command Execution
07.07.2021
Jeremy Brown
High
Ricon Industrial Cellular Router S9922XL Remote Command Execution (RCE)
05.07.2021
LiquidWorm
Med.
Dlink DSL2750U Command Injection
25.06.2021
Mohammed Hadi
High
Adobe ColdFusion 8 Remote Command Execution
25.06.2021
Pergyz
Med.
TP-Link TL-WR841N Command Injection
25.06.2021
Koh You Liang
High
Seeddms 5.1.10 Remote Command Execution
25.06.2021
Bryan Leong
High
Cisco Modeling Labs 2.1.1-b19 Remote Command Execution
24.06.2021
Jeremy Brown
Low
SAP Wily Introscope Enterprise OS Command Injection
19.06.2021
Yvan Genuer
High
HashiCorp Nomad Remote Command Execution
15.06.2021
Wyatt Dahlenburg
High
Cisco HyperFlex HX Data Platform Command Execution
06.06.2021
wvu
High
Cacti 1.2.12 SQL Injection / Remote Command Execution
02.06.2021
h00die
Med.
Thecus N4800Eco Command Injection
02.06.2021
Metin Yunus Kandemir
Med.
Korenix CSRF / Backdoor Accounts / Command Injection / Missing Authentication
01.06.2021
T. Weber
Med.
QNAP MusicStation / MalwareRemover File Upload / Command Injection
28.05.2021
polict
High
PHP 8.1.0-dev Backdoor Remote Command Injection
26.05.2021
Richard Jones
High
IGEL OS Secure VNC/Terminal Command Injection
04.05.2021
Rob Vinson
High
Apache Druid 0.20.0 Remote Command Execution
27.04.2021
Litch1
High
OTRS 6.0.1 Remote Command Execution
22.04.2021
Hex_26
High
MariaDB 10.2 /MySQL wsrep_provider OS Command Execution
21.04.2021
Central InfoSec
High
Cockpit CMS 0.11.1 NoSQL Injection / Remote Command Execution
21.04.2021
h00die
High
GravCMS 1.10.7 Remote Command Execution
21.04.2021
Mehmet Ince
High
Genexis PLATINUM 4410 2.1 P4410-V2-1.28 Remote Command Execution
15.04.2021
Jay Sharma
High
vsftpd 2.3.4 Backdoor Command Execution
12.04.2021
HerculesRD
High
F5 iControl Server-Side Request Forgery / Remote Command Execution
04.04.2021
wvu
High
phpPgAdmin 7.13.0 COPY FROM PROGRAM Command Execution (Authenticated)
01.04.2021
Valerio Severini
High
SAP Solution Manager 7.2 Remote Command Execution
27.03.2021
Dmitry Chastuhin
High
MyBB 1.8.25 Remote Command Execution
22.03.2021
SivertPL
Med.
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Authenticated Command Injection
19.03.2021
LiquidWorm
Med.
VestaCP 0.9.8 Command Injection
19.03.2021
numan turle
Med.
D-Link DIR-3060 1.11b04 Command Injection
13.03.2021
T Shiomitsu
Low
Webkrea Cross Site Scripting (XSS)
26.02.2021
Tuan Tran
Low
Webkrea Cross Site Scripting (XSS)
17.02.2021
Calvin Bruce
Med.
LiteSpeed Web Server Enterprise 5.4.11 Command Injection
06.02.2021
SunCSR
Med.
Metasploit Framework 6.0.11 Command Injection
30.01.2021
Justin Steven
Med.
Klog Server 2.4.1 Unauthenticated Command Injection (Metasploit)
27.01.2021
Metin
Low
Openlitespeed Web Server 1.7.8 Command Injection (Authenticated)
27.01.2021
SunCSR
High
Cisco UCS Manager 2.2(1d) Remote Command Execution
18.01.2021
liquidsky
Med.
Pepperl+Fuchs IO-Link Master Series 1.36 CSRF / XSS / Command Injection
14.01.2021
T. Weber
High
Online Learning Management System 1.0 Remote Command Execution
06.01.2021
Bedri Sertkaya
Low
SpamTitan 7.07 Command Injection
05.01.2021
Christophe de la Fuent...
Med.
Klog Server 2.4.1 Command Injection
05.01.2021
B3KC4T
High
Webmin 1.962 Remote Command Execution
23.12.2020
AkkuS
High
SCO Openserver 5.0.7 Command Injection
22.12.2020
Ramikan
High
Rejetto HttpFileServer 2.3.x Remote Command Execution
01.12.2020
Oscar Andreu
High
ZeroShell 3.9.0 Remote Command Execution
24.11.2020
Juan Manuel Fernandez
High
Gemtek WVRTM-127ACN 01.01.02.141 Command Injection
22.11.2020
Gabriele Zuddas
High
Aerospike Database 5.1.0.3 Remote Command Execution
18.11.2020
Matt S
High
SaltStack Salt REST API Arbitrary Command Execution
13.11.2020
wvu
High
ASUS TM-AC1900 Arbitrary Command Execution
13.11.2020
b1ack0wl
High
Rapid7 Metasploit Framework msfvenom APK Template Command Injection
10.11.2020
Justin Steven
High
Nagios XI 5.7.3 mibs.php Remote Command Injection (Authenticated)
04.11.2020
Matthew Aberegg
High
Foxit Reader 9.7.1 Remote Command Execution
02.11.2020
Nassim Asrir
High
Nagios XI 5.7.3 Remote Command Injection
29.10.2020
Chris Lyne
Med.
RocketLinx Series Authentication Bypass / CSRF / Command Injection
05.10.2020
T. Weber
Med.
SevOne Network Management System 5.7.2.22 SQL Injection / Command Injection
03.10.2020
Calvin Phang
High
DOMOS 5.8 Command Injection
30.09.2020
Patrick Hener
High
Artica Proxy 4.30.000000 Authentication Bypass / Command Injection
24.09.2020
Redouane Niboucha
High
Mida Solutions eFramework ajaxreq.php Command Injection
17.09.2020
Brendan Coles
High
Yaws 2.0.7 XML Injection / Command Injection
10.09.2020
Alexey Pronin
High
Rebar3 3.13.2 Command Injection
02.09.2020
Alexey Pronin
High
Geutebruck testaction.cgi Remote Command Execution
17.08.2020
Davy Douhine
High
eGroupWare 1.14 spellchecker.php Remote Command Execution
30.07.2020
Berk KIRAS
Med.
Rittal Products Bypass / Command Injection / Privilege Escalation
12.07.2020
Johannes Kruchem
High
Pandora FMS 7.0 NG 7XX Remote Command Execution
12.07.2020
Fernando Catoira
High
Aruba ClearPass Policy Manager 6.7.0 Unauthenticated Remote Command Execution
11.07.2020
SpicyItalian
High
Aruba ClearPass Policy Manager 6.7.0 Unauthenticated Remote Command Execution
11.07.2020
SpicyItalian
High
ZenTao Pro 8.8.2 Command Injection
03.07.2020
Daniel Monzon
High
Zivif Camera 2.3.4.2103 iptest.cgi Blind Remote Command Execution
17.06.2020
Silas Cutler
High
Cayin Signage Media Player 3.0 Remote Command Injection (root)
12.06.2020
LiquidWorm
High
LinuxKI Toolset 6.01 Remote Command Execution
10.06.2020
numan turle
High
Pi-Hole 3.3 Command Execution
27.05.2020
h00die
High
Synology DiskStation Manager smart.cgi Remote Command Execution
23.05.2020
h00die
High
HP LinuxKI 6.01 Remote Command Injection
19.05.2020
Cody Winkler
High
ManageEngine AssetExplorer Authenticated Command Execution
17.05.2020
Sahil Dhar
High
Netlink XPON 1GE WiFi V2801RGW Remote Command Execution
17.05.2020
Seecko Das
Med.
Qik Chat 3.0 Command Injection
09.05.2020
Benjamin Kunz Mejri


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2021-12-02
Medium
CVE-2020-36131

Vendor: Aomedia
Software: Aomedia
 

 
AOM v2.0.1 was discovered to contain a stack buffer overflow via the component stats/rate_hist.c.

 
Medium
CVE-2020-36129

Vendor: Aomedia
Software: Aomedia
 

 
AOM v2.0.1 was discovered to contain a stack buffer overflow via the component src/aom_image.c.

 
2021-12-01
High
CVE-2021-20863

Updating...
 

 
OS command injection vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent authenticated attackers to execute an arbitrary OS command with the root privilege via unspecified vectors.

 
High
CVE-2021-20859

Updating...
 

 
ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent authenticated attacker to execute an arbitrary OS command via unspecified vectors.

 
Medium
CVE-2021-20854

Updating...
 

 
ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a network-adjacent attacker with an administrator privilege to execute arbitrary OS commands via unspecified vectors.

 
Medium
CVE-2021-20853

Updating...
 

 
ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a network-adjacent attacker with an administrator privilege to execute arbitrary OS commands via unspecified vectors.

 
High
CVE-2021-33274

Updating...
 

 
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_80040af8 in /formWlanSetup. This vulnerability is triggered via a crafted POST request.

 
High
CVE-2021-33271

Updating...
 

 
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function sub_80046EB4 in /formSetPortTr. This vulnerability is triggered via a crafted POST request.

 
High
CVE-2021-33270

Updating...
 

 
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_800462c4 in /formAdvFirewall. This vulnerability is triggered via a crafted POST request.

 
High
CVE-2021-33269

Updating...
 

 
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_8004776c in /formVirtualServ. This vulnerability is triggered via a crafted POST request.

 

 


Copyright 2021, cxsecurity.com

 

Back to Top