Total
3673 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-12312 | 1 Asustor | 2 As602t, Data Master | 2018-12-20 | 9.0 HIGH | 8.8 HIGH |
| OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "secret_key" URL parameter. | |||||
| CVE-2018-0694 | 1 Soliton | 1 Filezen | 2018-12-17 | 10.0 HIGH | 9.8 CRITICAL |
| FileZen V3.0.0 to V4.2.1 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2015-6396 | 1 Cisco | 6 Rv110w Wireless-n Vpn Firewall, Rv110w Wireless-n Vpn Firewall Firmware, Rv130w Wireless-n Multifunction Vpn Router and 3 more | 2018-12-15 | 7.2 HIGH | 7.8 HIGH |
| The CLI command parser on Cisco RV110W, RV130W, and RV215W devices allows local users to execute arbitrary shell commands as an administrator via crafted parameters, aka Bug IDs CSCuv90134, CSCux58161, and CSCux73567. | |||||
| CVE-2018-19081 | 2 Foscam, Opticam | 6 C2, C2 Application Firmware, C2 System Firmware and 3 more | 2018-12-13 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SetDNS method allows remote attackers to execute arbitrary OS commands via the IPv4Address field. | |||||
| CVE-2018-10587 | 1 Netgain-systems | 1 Enterprise Manager | 2018-12-12 | 9.0 HIGH | 7.2 HIGH |
| NetGain Enterprise Manager (EM) is affected by OS Command Injection vulnerabilities in versions before 10.0.57. These vulnerabilities could allow remote authenticated attackers to inject arbitrary code, resulting in remote code execution. | |||||
| CVE-2018-19070 | 2 Foscam, Opticam | 6 C2, C2 Application Firmware, C2 System Firmware and 3 more | 2018-12-11 | 9.0 HIGH | 7.2 HIGH |
| An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. They allow remote attackers to execute arbitrary OS commands via shell metacharacters in the usrName parameter of a CGIProxy.fcgi addAccount action. | |||||
| CVE-2018-19073 | 2 Foscam, Opticam | 6 C2, C2 Application Firmware, C2 System Firmware and 3 more | 2018-12-11 | 9.0 HIGH | 7.2 HIGH |
| An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. They allow attackers to execute arbitrary OS commands via shell metacharacters in the modelName, by leveraging /mnt/mtd/app/config/ProductConfig.xml write access. | |||||
| CVE-2018-17532 | 1 Teltonika | 6 Rut900, Rut900 Firmware, Rut950 and 3 more | 2018-11-30 | 10.0 HIGH | 9.8 CRITICAL |
| Teltonika RUT9XX routers with firmware before 00.04.233 are prone to multiple unauthenticated OS command injection vulnerabilities in autologin.cgi and hotspotlogin.cgi due to insufficient user input sanitization. This allows remote attackers to execute arbitrary commands with root privileges. | |||||
| CVE-2018-0643 | 2 Canonical, Orcamo | 2 Ubuntu Linux, Online Receipt Computer Advantage | 2018-11-13 | 7.4 HIGH | 6.6 MEDIUM |
| Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 4.8.0 (panda-server) 1:1.4.9+p41-u4jma1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2018-15484 | 1 Kone | 2 Group Controller, Group Controller Firmware | 2018-11-13 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Unauthenticated Remote Code Execution is possible through the open HTTP interface by modifying autoexec.bat, aka KONE-01. | |||||
| CVE-2018-15477 | 1 Mystrom | 2 Wifi Switch, Wifi Switch Firmware | 2018-11-09 | 10.0 HIGH | 9.8 CRITICAL |
| myStrom WiFi Switch V1 devices before 2.66 did not sanitize a parameter received from the cloud that was used in an OS command. Malicious servers were able to run operating system commands on the device. | |||||
| CVE-2018-16282 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2018-11-05 | 9.0 HIGH | 8.8 HIGH |
| A command injection vulnerability in the web server functionality of Moxa EDR-810 V4.2 build 18041013 allows remote attackers to execute arbitrary OS commands with root privilege via the caname parameter to the /xml/net_WebCADELETEGetValue URI. | |||||
| CVE-2018-15887 | 1 Asus | 2 Dsl-n12e C1, Dsl-n12e C1 Firmware | 2018-11-05 | 6.5 MEDIUM | 8.8 HIGH |
| Main_Analysis_Content.asp in ASUS DSL-N12E_C1 1.1.2.3_345 is prone to Authenticated Remote Command Execution, which allows a remote attacker to execute arbitrary OS commands via service parameters, such as shell metacharacters in the destIP parameter of a cmdMethod=ping request. | |||||
| CVE-2018-15553 | 1 Telus | 2 Actiontec T2200h, Actiontec T2200h Firmware | 2018-11-01 | 9.0 HIGH | 8.8 HIGH |
| fileshare.cmd on Telus Actiontec T2200H T2200H-31.128L.03 devices allows OS Command Injection via shell metacharacters in the smbdUserid or smbdPasswd field. | |||||
| CVE-2012-3074 | 1 Cisco | 11 Telepresence System 1300 65, Telepresence System 3000, Telepresence System 3010 and 8 more | 2018-10-30 | 8.3 HIGH | N/A |
| An unspecified API on Cisco TelePresence Immersive Endpoint Devices before 1.9.1 allows remote attackers to execute arbitrary commands by leveraging certain adjacency and sending a malformed request on TCP port 61460, aka Bug ID CSCtz38382. | |||||
| CVE-2018-16334 | 1 Tendacn | 4 Ac10, Ac10 Firmware, Ac9 and 1 more | 2018-10-25 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN and AC10 V15.03.06.23_CN devices. The mac parameter in a POST request is used directly in a doSystemCmd call, causing OS command injection. | |||||
| CVE-2006-0325 | 1 Etomite | 1 Etomite | 2018-10-19 | 7.5 HIGH | N/A |
| Etomite Content Management System 0.6, and possibly earlier versions, when downloaded from the web site in January 2006 after January 10, contains a back door in manager/includes/todo.inc.php, which allows remote attackers to execute arbitrary commands via the "cij" parameter. | |||||
| CVE-2007-4560 | 1 Clam Anti-virus | 1 Clamav | 2018-10-15 | 7.6 HIGH | N/A |
| clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the "recipient field of sendmail." | |||||
| CVE-2008-6554 | 1 Aztech | 1 Adsl2\/2\+4-port Router | 2018-10-11 | 10.0 HIGH | N/A |
| cgi-bin/script in Aztech ADSL2/2+ 4-port router 3.7.0 build 070426 allows remote attackers to execute arbitrary commands via shell metacharacters in the query string. | |||||
| CVE-2010-4278 | 1 Artica | 1 Pandora Fms | 2018-10-10 | 9.0 HIGH | N/A |
| operation/agentes/networkmap.php in Pandora FMS before 3.1.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the layout parameter in an operation/agentes/networkmap action to index.php. | |||||