Vulnerabilities (CVE)

Filtered by CWE-78
Total 3673 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-45741 1 Buffalo 2 Vr-s1000, Vr-s1000 Firmware 2024-01-04 N/A 6.8 MEDIUM
VR-S1000 firmware Ver. 2.37 and earlier allows an attacker with access to the product's web management page to execute arbitrary OS commands.
CVE-2022-39818 1 Nokia 1 Network Functions Manager For Transport 2024-01-03 N/A 8.8 HIGH
In NOKIA NFM-T R19.9, an OS Command Injection vulnerability occurs in /cgi-bin/R19.9/log.pl of the VM Manager WebUI via the cmd HTTP GET parameter. This allows authenticated users to execute commands, with root privileges, on the operating system.
CVE-2023-51035 1 Totolink 2 Ex1200l, Ex1200l Firmware 2024-01-03 N/A 9.8 CRITICAL
TOTOLINK EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution on the cstecgi.cgi NTPSyncWithHost interface.
CVE-2020-17010 1 Microsoft 2 Windows 10, Windows Server 2016 2023-12-31 7.2 HIGH 7.8 HIGH
Win32k Elevation of Privilege Vulnerability
CVE-2023-51100 1 Tenda 2 W9, W9 Firmware 2023-12-30 N/A 9.8 CRITICAL
Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formGetDiagnoseInfo .
CVE-2023-51099 1 Tenda 2 W9, W9 Firmware 2023-12-30 N/A 9.8 CRITICAL
Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formexeCommand .
CVE-2023-51098 1 Tenda 2 W9, W9 Firmware 2023-12-30 N/A 9.8 CRITICAL
Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formSetDiagnoseInfo .
CVE-2023-51094 1 Tenda 2 M3, M3 Firmware 2023-12-30 N/A 9.8 CRITICAL
Tenda M3 V1.0.0.12(4856) was discovered to contain a Command Execution vulnerability via the function TendaTelnet.
CVE-2023-51033 1 Totolink 2 Ex1200l, Ex1200l Firmware 2023-12-29 N/A 9.8 CRITICAL
TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi setOpModeCfg interface.
CVE-2023-51028 1 Totolink 2 Ex1800t, Ex1800t Firmware 2023-12-29 N/A 9.8 CRITICAL
TOTOLINK EX1800T 9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the apcliChannel parameter of the setWiFiExtenderConfig interface of the cstecgi.cgi.
CVE-2023-50147 1 Totolink 2 A3700r, A3700r Firmware 2023-12-29 N/A 9.8 CRITICAL
There is an arbitrary command execution vulnerability in the setDiagnosisCfg function of the cstecgi .cgi of the TOTOlink A3700R router device in its firmware version V9.1.2u.5822_B20200513.
CVE-2023-50466 1 Weintek 2 Cmt2078x, Cmt2078x Firmware 2023-12-29 N/A 8.8 HIGH
An authenticated command injection vulnerability in Weintek cMT2078X easyweb Web Version v2.1.3, OS v20220215 allows attackers to execute arbitrary code or access sensitive information via injecting a crafted payload into the HMI Name parameter.
CVE-2023-50993 1 Ruijie 4 Rg-ws6008, Rg-ws6008 Firmware, Rg-ws6108 and 1 more 2023-12-29 N/A 9.8 CRITICAL
Ruijie WS6008 v1.x v2.x AC_RGOS11.9(6)W3B2_G2C6-01_10221911 and WS6108 v1.x AC_RGOS11.9(6)W3B2_G2C6-01_10221911 was discovered to contain a command injection vulnerability via the function downFiles.
CVE-2023-7002 1 Backupbliss 1 Backup Migration 2023-12-29 N/A 7.2 HIGH
The Backup Migration plugin for WordPress is vulnerable to OS Command Injection in all versions up to, and including, 1.3.9 via the 'url' parameter. This vulnerability allows authenticated attackers, with administrator-level permissions and above, to execute arbitrary commands on the host operating system.
CVE-2023-35895 1 Ibm 1 Informix Jdbc 2023-12-28 N/A 9.8 CRITICAL
IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 259116.
CVE-2023-44277 1 Dell 12 Apex Protection Storage, Dd3300, Dd6400 and 9 more 2023-12-27 N/A 7.8 HIGH
Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in the CLI. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.
CVE-2023-44279 1 Dell 12 Apex Protection Storage, Dd3300, Dd6400 and 9 more 2023-12-27 N/A 6.7 MEDIUM
Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in administrator CLI. A local high privileged attacker could potentially exploit this vulnerability, to bypass security restrictions. Exploitation may lead to a system take over by an attacker
CVE-2023-48667 1 Dell 12 Apex Protection Storage, Dd3300, Dd6400 and 9 more 2023-12-27 N/A 7.2 HIGH
Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in administrator CLI. A remote high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS to bypass security restriction. Exploitation may lead to a system take over by an attacker.
CVE-2023-48668 1 Dell 1 Powerprotect Data Domain Management Center 2023-12-27 N/A 6.7 MEDIUM
Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 on DDMC contain an OS command injection vulnerability in an admin operation. A local high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the managed system application's underlying OS with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker on a managed system of DDMC.
CVE-2023-47565 1 Qnap 1 Qvr Firmware 2023-12-22 N/A 8.8 HIGH
An OS command injection vulnerability has been found to affect legacy QNAP VioStor NVR models running QVR Firmware 4.x. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QVR Firmware 5.0.0 and later