Total
1755 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-0714 | 1 Qnap | 2 Helpdesk, Qts | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| Command injection vulnerability in Helpdesk versions 1.1.21 and earlier in QNAP QTS 4.2.6 build 20180531, QTS 4.3.3 build 20180528, QTS 4.3.4 build 20180528 and their earlier versions could allow remote attackers to run arbitrary commands in the compromised application. | |||||
| CVE-2018-14746 | 1 Qnap | 1 Qts | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| Command Injection vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to run arbitrary commands on the NAS. | |||||
| CVE-2017-6649 | 1 Cisco | 10 Nexus 5548up, Nexus 5596t, Nexus 5596up and 7 more | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| A vulnerability in the CLI of Cisco NX-OS System Software 7.1 through 7.3 running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command. An exploit could allow the attacker to read or write arbitrary files at the user's privilege level outside of the user's path. Cisco Bug IDs: CSCvb86787, CSCve60516, CSCve60555. | |||||
| CVE-2017-12335 | 1 Cisco | 2 Nx-os, Unified Computing System | 2019-10-03 | 4.6 MEDIUM | 6.3 MEDIUM |
| A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command and gain unauthorized access to the underlying operating system of the device. An exploit could allow the attacker to execute arbitrary commands at the user's privilege level. On products that support multiple virtual device contexts (VDCs), this vulnerability could allow an attacker to execute commands at the user's privilege level outside the user's environment. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, Unified Computing System Manager. Cisco Bug IDs: CSCvf14923, CSCvf14926, CSCvg04095. | |||||
| CVE-2017-14593 | 1 Atlassian | 1 Sourcetree | 2019-10-03 | 9.0 HIGH | 8.8 HIGH |
| Sourcetree for Windows had several argument and command injection bugs in Mercurial and Git repository handling. An attacker with permission to commit to a repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system. From version 0.8.4b of Sourcetree for Windows, this vulnerability can be triggered from a webpage through the use of the Sourcetree URI handler. Versions of Sourcetree for Windows starting with 0.5.1.0 before version 2.4.7.0 are affected by this vulnerability | |||||
| CVE-2018-15356 | 1 Eltex | 2 Esp-200, Esp-200 Firmware | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| An authenticated attacker can execute arbitrary code using command ejection in Eltex ESP-200 firmware version 1.2.0. | |||||
| CVE-2018-0718 | 1 Qnap | 2 Music Station, Qts | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| Command injection vulnerability in Music Station 5.1.2 and earlier versions in QNAP QTS 4.3.3 and 4.3.4 could allow remote attackers to run arbitrary commands in the compromised application. | |||||
| CVE-2019-12104 | 1 Tp-link | 2 M7350, M7350 Firmware | 2019-08-19 | 9.0 HIGH | 8.8 HIGH |
| The web-based configuration interface of the TP-Link M7350 V3 with firmware before 190531 is affected by several post-authentication command injection vulnerabilities. | |||||
| CVE-2017-18400 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 7.2 HIGH | 7.8 HIGH |
| cPanel before 68.0.15 allows local root code execution via cpdavd (SEC-333). | |||||
| CVE-2016-3081 | 2 Apache, Oracle | 2 Struts, Siebel E-billing | 2019-08-12 | 9.3 HIGH | 8.1 HIGH |
| Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to chained expressions. | |||||
| CVE-2016-10849 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| cPanel before 11.54.0.4 allows certain file-chmod operations in scripts/secureit (SEC-82). | |||||
| CVE-2016-10843 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 5.5 MEDIUM | 8.1 HIGH |
| cPanel before 11.54.0.4 allows code execution in the context of shared users via JSON-API (SEC-76). | |||||
| CVE-2017-18442 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| cPanel before 64.0.21 allows demo accounts to execute Cpanel::SPFUI API commands (SEC-246). | |||||
| CVE-2019-7610 | 1 Elastic | 1 Kibana | 2019-07-30 | 9.3 HIGH | 9.0 CRITICAL |
| Kibana versions before 6.6.1 contain an arbitrary code execution flaw in the security audit logger. If a Kibana instance has the setting xpack.security.audit.enabled set to true, an attacker could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system. | |||||
| CVE-2015-1561 | 1 Centreon | 1 Centreon | 2019-07-30 | 6.5 MEDIUM | N/A |
| The escape_command function in include/Administration/corePerformance/getStats.php in Centreon (formerly Merethis Centreon) 2.5.4 and earlier (fixed in Centreon 19.10.0) uses an incorrect regular expression, which allows remote authenticated users to execute arbitrary commands via shell metacharacters in the ns_id parameter. | |||||
| CVE-2019-13024 | 1 Centreon | 1 Centreon | 2019-07-26 | 9.0 HIGH | 8.8 HIGH |
| Centreon 18.x before 18.10.6, 19.x before 19.04.3, and Centreon web before 2.8.29 allows the attacker to execute arbitrary system commands by using the value "init_script"-"Monitoring Engine Binary" in main.get.php to insert a arbitrary command into the database, and execute it by calling the vulnerable page www/include/configuration/configGenerate/xml/generateFiles.php (which passes the inserted value to the database to shell_exec without sanitizing it, allowing one to execute system arbitrary commands). | |||||
| CVE-2019-7850 | 3 Adobe, Linux, Microsoft | 3 Campaign, Linux Kernel, Windows | 2019-07-19 | 7.5 HIGH | 9.8 CRITICAL |
| Adobe Campaign Classic version 18.10.5-8984 and earlier versions have a Command injection vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user. | |||||
| CVE-2016-10762 | 1 Automattic | 1 Camptix Event Ticketing | 2019-07-18 | 5.1 MEDIUM | 7.5 HIGH |
| The CampTix Event Ticketing plugin before 1.5 for WordPress allows CSV injection when the export tool is used. | |||||
| CVE-2019-6622 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2019-07-03 | 6.5 MEDIUM | 7.2 HIGH |
| On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.5, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, and 11.5.1-11.6.4, an undisclosed iControl REST worker is vulnerable to command injection by an administrator or resource administrator user. This attack is only exploitable on multi-bladed systems. | |||||
| CVE-2019-13148 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2019-07-02 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the UDP Ports To Open in Add Gaming Rule. | |||||