Total
3673 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-26704 | 1 Eprints | 1 Eprints | 2021-03-04 | 6.5 MEDIUM | 8.8 HIGH |
| EPrints 3.4.2 allows remote attackers to execute arbitrary commands via crafted input to the verb parameter in a cgi/toolbox/toolbox URI. | |||||
| CVE-2021-3342 | 1 Eprints | 1 Eprints | 2021-03-04 | 6.8 MEDIUM | 9.8 CRITICAL |
| EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via crafted LaTeX input to a cgi/latex2png?latex= URI. | |||||
| CVE-2021-20658 | 1 Contec | 2 Sv-cpt-mc310, Sv-cpt-mc310 Firmware | 2021-03-01 | 10.0 HIGH | 9.8 CRITICAL |
| SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to execute arbitrary OS commands with the web server privilege via unspecified vectors. | |||||
| CVE-2021-26747 | 1 Netis-systems | 4 Wf2411, Wf2411 Firmware, Wf2780 and 1 more | 2021-02-24 | 10.0 HIGH | 9.8 CRITICAL |
| Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metacharacter Injection into the ping command, leading to remote code execution. | |||||
| CVE-2019-25024 | 1 Alleghenycreative | 1 Openrepeater | 2021-02-24 | 10.0 HIGH | 9.8 CRITICAL |
| OpenRepeater (ORP) before 2.2 allows unauthenticated command injection via shell metacharacters in the functions/ajax_system.php post_service parameter. | |||||
| CVE-2019-14923 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2021-02-23 | 6.5 MEDIUM | 8.8 HIGH |
| EyesOfNetwork 5.1 allows Remote Command Execution via shell metacharacters in the module/tool_all/ host field. | |||||
| CVE-2020-27887 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2021-02-23 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in EyesOfNetwork 5.3 through 5.3-8. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the nmap_binary parameter to lilac/autodiscovery.php. | |||||
| CVE-2017-14118 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2021-02-23 | 6.5 MEDIUM | 8.8 HIGH |
| In the EyesOfNetwork web interface (aka eonweb) 5.1-0, module\tool_all\tools\interface.php does not properly restrict exec calls, which allows remote attackers to execute arbitrary commands via shell metacharacters in the host_list parameter to module/tool_all/select_tool.php. | |||||
| CVE-2017-14119 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2021-02-23 | 6.5 MEDIUM | 8.8 HIGH |
| In the EyesOfNetwork web interface (aka eonweb) 5.1-0, module\tool_all\tools\snmpwalk.php does not properly restrict popen calls, which allows remote attackers to execute arbitrary commands via shell metacharacters in a parameter. | |||||
| CVE-2017-14405 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2021-02-23 | 6.5 MEDIUM | 7.2 HIGH |
| The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote command execution via shell metacharacters in a hosts_cacti array parameter to module/admin_device/index.php. | |||||
| CVE-2021-20655 | 1 Soliton | 1 Filezen | 2021-02-22 | 9.0 HIGH | 7.2 HIGH |
| FileZen (V3.0.0 to V4.2.7 and V5.0.0 to V5.0.2) allows a remote attacker with administrator rights to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2021-27102 | 1 Accellion | 1 Fta | 2021-02-19 | 7.2 HIGH | 7.8 HIGH |
| Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call. The fixed version is FTA_9_12_416 and later. | |||||
| CVE-2020-35729 | 1 Klogserver | 1 Klog Server | 2021-02-18 | 10.0 HIGH | 9.8 CRITICAL |
| KLog Server 2.4.1 allows OS command injection via shell metacharacters in the actions/authenticate.php user parameter. | |||||
| CVE-2021-27104 | 1 Accellion | 1 Fta | 2021-02-17 | 10.0 HIGH | 9.8 CRITICAL |
| Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. The fixed version is FTA_9_12_380 and later. | |||||
| CVE-2021-20648 | 1 Elecom | 2 Wrc-300febk-s, Wrc-300febk-s Firmware | 2021-02-15 | 7.7 HIGH | 6.8 MEDIUM |
| ELECOM WRC-300FEBK-S allows an attacker with administrator rights to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2021-26752 | 1 Nedi | 1 Nedi | 2021-02-14 | 6.5 MEDIUM | 8.8 HIGH |
| NeDi 1.9C allows an authenticated user to execute operating system commands in the Nodes Traffic function on the endpoint /Nodes-Traffic.php via the md or ag HTTP GET parameter. This allows an attacker to obtain access to the operating system where NeDi is installed and to all application data. | |||||
| CVE-2020-26193 | 1 Dell | 1 Emc Powerscale Onefs | 2021-02-12 | 7.2 HIGH | 7.8 HIGH |
| Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain an improper input validation vulnerability. A user with the ISI_PRIV_CLUSTER privilege may exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. | |||||
| CVE-2021-3122 | 1 Ncr | 1 Command Center Agent | 2021-02-09 | 10.0 HIGH | 9.8 CRITICAL |
| CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH servers permits the submission of a runCommand parameter (within an XML document sent to port 8089) that enables the remote, unauthenticated execution of an arbitrary command as SYSTEM, as exploited in the wild in 2020 and/or 2021. NOTE: the vendor's position is that exploitation occurs only on devices with a certain "misconfiguration." | |||||
| CVE-2021-1370 | 1 Cisco | 7 8201, 8202, 8808 and 4 more | 2021-02-08 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in a CLI command of Cisco IOS XR Software for the Cisco 8000 Series Routers and Network Convergence System 540 Series Routers running NCS540L software images could allow an authenticated, local attacker to elevate their privilege to root. To exploit this vulnerability, an attacker would need to have a valid account on an affected device. The vulnerability is due to insufficient validation of command line arguments. An attacker could exploit this vulnerability by authenticating to the device and entering a crafted command at the prompt. A successful exploit could allow an attacker with low-level privileges to escalate their privilege level to root. | |||||
| CVE-2020-7775 | 1 Freediskspace Project | 1 Freediskproject | 2021-02-08 | 7.5 HIGH | 9.8 CRITICAL |
| This affects all versions of package freediskspace. The vulnerability arises out of improper neutralization of arguments in line 71 of freediskspace.js. | |||||