Search
Total
898 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-18555 | 1 Vyos | 1 Vyos | 2019-10-03 | 9.0 HIGH | 9.9 CRITICAL |
| A sandbox escape issue was discovered in VyOS 1.1.8. It provides a restricted management shell for operator users to administer the device. By issuing various shell special characters with certain commands, an authenticated operator user can break out of the management shell and gain access to the underlying Linux shell. The user can then run arbitrary operating system commands with the privileges afforded by their account. | |||||
| CVE-2018-18322 | 1 Centos-webpanel | 1 Centos Web Panel | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Command Injection via shell metacharacters in the admin/index.php service_start, service_restart, service_fullstatus, or service_stop parameter. | |||||
| CVE-2018-17787 | 1 D-link | 2 Dir-823g, Dir-823g Firmware | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| On D-Link DIR-823G devices, the GoAhead configuration allows /HNAP1 Command Injection via shell metacharacters in the POST data, because this data is sent directly to the "system" library function. | |||||
| CVE-2018-17565 | 1 Grandstream | 12 Gxp1610, Gxp1610 Firmware, Gxp1615 and 9 more | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| Shell Metacharacter Injection in the SSH configuration interface on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to execute arbitrary system commands and gain a root shell. | |||||
| CVE-2018-17228 | 1 Nmap4j Project | 1 Nmap4j | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| nmap4j 1.1.0 allows attackers to execute arbitrary commands via shell metacharacters in an includeHosts call. | |||||
| CVE-2018-17068 | 1 D-link | 2 Dir-816 A2, Dir-816 A2 Firmware | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/Diagnosis route. This could lead to command injection via shell metacharacters in the sendNum parameter. | |||||
| CVE-2018-17066 | 1 D-link | 2 Dir-816 A2, Dir-816 A2 Firmware | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/form2systime.cgi route. This could lead to command injection via shell metacharacters in the datetime parameter. | |||||
| CVE-2018-17064 | 1 D-link | 2 Dir-816 A2, Dir-816 A2 Firmware | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/sylogapply route. This could lead to command injection via the syslogIp parameter after /goform/clearlog is invoked. | |||||
| CVE-2018-17063 | 1 D-link | 2 Dir-816 A2, Dir-816 A2 Firmware | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/NTPSyncWithHost route. This could lead to command injection via shell metacharacters. | |||||
| CVE-2018-16184 | 1 Ricoh | 16 D2200, D2200 Firmware, D5500 and 13 more | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| RICOH Interactive Whiteboard D2200 V1.6 to V2.2, D5500 V1.6 to V2.2, D5510 V1.6 to V2.2, and the display versions with RICOH Interactive Whiteboard Controller Type1 V1.6 to V2.2 attached (D5520, D6500, D6510, D7500, D8400) allows remote attackers to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2018-14933 | 1 Nuuo | 2 Nvrmini, Nvrmini Firmware | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command. | |||||
| CVE-2018-19986 | 1 D-link | 4 Dir-818lw, Dir-818lw Firmware, Dir-822 and 1 more | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| In the /HNAP1/SetRouterSettings message, the RemotePort parameter is vulnerable, and the vulnerability affects D-Link DIR-818LW Rev.A 2.05.B03 and DIR-822 B1 202KRb06 devices. In the SetRouterSettings.php source code, the RemotePort parameter is saved in the $path_inf_wan1."/web" internal configuration memory without any regex checking. And in the IPTWAN_build_command function of the iptwan.php source code, the data in $path_inf_wan1."/web" is used with the iptables command without any regex checking. A vulnerable /HNAP1/SetRouterSettings XML message could have shell metacharacters in the RemotePort element such as the `telnetd` string. | |||||
| CVE-2018-13797 | 1 Node-macaddress Project | 1 Node-macaddress | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| The macaddress module before 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec (rather than execFile) call. | |||||
| CVE-2018-13354 | 1 Terra-master | 1 Terramaster Operating System | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| System command injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "Event" parameter. | |||||
| CVE-2018-13338 | 1 Terra-master | 1 Terramaster Operating System | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "username" parameter during user creation. | |||||
| CVE-2018-13336 | 1 Terra-master | 1 Terramaster Operating System | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "pwd" parameter during user creation. | |||||
| CVE-2018-13316 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "subnet" POST parameter. | |||||
| CVE-2018-13314 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ipAddr" POST parameter. | |||||
| CVE-2018-13311 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "sambaUser" POST parameter. | |||||
| CVE-2018-13307 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| System command injection in fromNtp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ntpServerIp2" POST parameter. Certain payloads cause the device to become permanently inoperable. | |||||
| CVE-2018-13306 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ftpUser" POST parameter. | |||||
| CVE-2018-12972 | 1 Opentsdb | 1 Opentsdb | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in OpenTSDB 2.3.0. Many parameters to the /q URI can execute commands, including o, key, style, and yrange and y2range and their JSON input. | |||||
| CVE-2018-16144 | 1 Opsview | 1 Opsview | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| The test connection functionality in the NetAudit section of Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to command injection due to improper sanitization of the rancid_password parameter. | |||||
| CVE-2018-12313 | 1 Asustor | 2 As602t, Data Master | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| OS command injection in snmp.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands without authentication via the "rocommunity" URL parameter. | |||||
| CVE-2018-1235 | 1 Emc | 2 Recoverpoint, Recoverpoint For Virtual Machines | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contain a command injection vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to execute arbitrary commands on the affected system with root privilege. | |||||
| CVE-2018-12268 | 1 Acccheck Project | 1 Acccheck.pl | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| acccheck.pl in acccheck 0.2.1 allows Command Injection via shell metacharacters in a username or password file, as demonstrated by injection into an smbclient command line. | |||||
| CVE-2018-11510 | 1 Asustor | 1 Adm | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| The ASUSTOR ADM 3.1.0.RFQ3 NAS portal suffers from an unauthenticated remote code execution vulnerability in the portal/apis/aggrecate_js.cgi file by embedding OS commands in the 'script' parameter. | |||||
| CVE-2018-1144 | 1 Belkin | 2 N750, N750 Firmware | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| A remote unauthenticated user can execute commands as root in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to proxy.cgi. | |||||
| CVE-2018-1143 | 1 Belkin | 2 N750, N750 Firmware | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| A remote unauthenticated user can execute commands as root in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to twonky_command.cgi. | |||||
| CVE-2018-19989 | 1 D-link | 2 Dir-822, Dir-822 Firmware | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| In the /HNAP1/SetQoSSettings message, the uplink parameter is vulnerable, and the vulnerability affects D-Link DIR-822 Rev.B 202KRb06 and DIR-822 Rev.C 3.10B06 devices. In the SetQoSSettings.php source code, the uplink parameter is saved in the /bwc/entry:1/bandwidth and /bwc/entry:2/bandwidth internal configuration memory without any regex checking. And in the bwc_tc_spq_start, bwc_tc_wfq_start, and bwc_tc_adb_start functions of the bwcsvcs.php source code, the data in /bwc/entry:1/bandwidth and /bwc/entry:2/bandwidth is used with the tc command without any regex checking. A vulnerable /HNAP1/SetQoSSettings XML message could have shell metacharacters in the uplink element such as the `telnetd` string. | |||||
| CVE-2018-11143 | 1 Quest | 1 Disk Backup | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 1 of 46). | |||||
| CVE-2018-11138 | 1 Quest | 1 Kace System Management Appliance | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by anonymous users and can be abused to execute arbitrary commands on the system. | |||||
| CVE-2018-10660 | 1 Axis | 780 A1001, A1001 Firmware, A8004-v and 777 more | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in multiple models of Axis IP Cameras. There is Shell Command Injection. | |||||
| CVE-2018-10562 | 1 Dasannetworks | 2 Gpon Router, Gpon Router Firmware | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Dasan GPON home routers. Command Injection can occur via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. Because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html, it's quite simple to execute commands and retrieve their output. | |||||
| CVE-2018-1000885 | 1 Phkp Project | 1 Phkp | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| PHKP version including commit 88fd9cfdf14ea4b6ac3e3967feea7bcaabb6f03b contains a Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in function pgp_exec() phkp.php:98 that can result in It is possible to manipulate gpg-keys or execute commands remotely. This attack appear to be exploitable via HKP-Api: /pks/lookup?search. | |||||
| CVE-2018-19990 | 1 D-link | 2 Dir-822, Dir-822 Firmware | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| In the /HNAP1/SetWiFiVerifyAlpha message, the WPSPIN parameter is vulnerable, and the vulnerability affects D-Link DIR-822 B1 202KRb06 devices. In the SetWiFiVerifyAlpha.php source code, the WPSPIN parameter is saved in the $rphyinf1."/media/wps/enrollee/pin" and $rphyinf2."/media/wps/enrollee/pin" and $rphyinf3."/media/wps/enrollee/pin" internal configuration memory without any regex checking. And in the do_wps function of the wps.php source code, the data in $rphyinf3."/media/wps/enrollee/pin" is used with the wpatalk command without any regex checking. A vulnerable /HNAP1/SetWiFiVerifyAlpha XML message could have shell metacharacters in the WPSPIN element such as the `telnetd` string. | |||||
| CVE-2017-9828 | 1 Vivotek | 6 Network Camera Fd8164, Network Camera Fd8164 Firmware, Network Camera Fd816ba and 3 more | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| '/cgi-bin/admin/testserver.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable to shell command injection, which allows remote attackers to execute any shell command as root via a crafted HTTP request. This vulnerability is already verified on VIVOTEK Network Camera IB8369/FD8164/FD816BA; most others have similar firmware that may be affected. An attack uses shell metacharacters in the senderemail parameter. | |||||
| CVE-2017-9483 | 1 Cisco | 2 Dpc3939, Dpc3939 Firmware | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows Network Processor (NP) Linux users to obtain root access to the Application Processor (AP) Linux system via shell metacharacters in commands. | |||||
| CVE-2017-9328 | 1 Terra-master | 1 Terramaster Operating System | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| Shell metacharacter injection vulnerability in /usr/www/include/ajax/GetTest.php in TerraMaster TOS before 3.0.34 leads to remote code execution as root. | |||||
| CVE-2017-8799 | 1 Irods | 1 Irods | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| Untrusted input execution via igetwild in all iRODS versions before 4.1.11 and 4.2.1 allows other iRODS users (potentially anonymous) to execute remote shell commands via iRODS virtual pathnames. To exploit this vulnerability, a virtual iRODS pathname that includes a semicolon would be retrieved via igetwild. Because igetwild is a Bash script, the part of the pathname following the semicolon would be executed in the user's shell. | |||||
| CVE-2017-8220 | 1 Tp-link | 4 C2, C20i, C20i Firmware and 1 more | 2019-10-03 | 9.0 HIGH | 9.9 CRITICAL |
| TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow remote code execution with a single HTTP request by placing shell commands in a "host=" line within HTTP POST data. | |||||
| CVE-2017-8116 | 1 Teltonika | 8 Rut900, Rut900 Firmware, Rut905 and 5 more | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| The management interface for the Teltonika RUT9XX routers (aka LuCI) with firmware 00.03.265 and earlier allows remote attackers to execute arbitrary commands with root privileges via shell metacharacters in the username parameter in a login request. | |||||
| CVE-2017-8051 | 1 Tenable | 1 Appliance | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| Tenable Appliance 3.5 - 4.4.0, and possibly prior versions, contains a flaw in the simpleupload.py script in the Web UI. Through the manipulation of the tns_appliance_session_user parameter, a remote attacker can inject arbitrary commands. | |||||
| CVE-2017-6361 | 1 Qnap | 1 Qts | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| QNAP QTS before 4.2.4 Build 20170313 allows attackers to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2017-6360 | 1 Qnap | 1 Qts | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and obtain sensitive information via unspecified vectors. | |||||
| CVE-2017-6359 | 1 Qnap | 1 Qts | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and execute arbitrary commands via unspecified vectors. | |||||
| CVE-2017-6182 | 1 Sophos | 1 Web Appliance | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304. | |||||
| CVE-2017-4053 | 1 Mcafee | 1 Advanced Threat Defense | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| Command Injection vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to execute a command of their choice via a crafted HTTP request parameter. | |||||
| CVE-2017-3761 | 1 Lenovo | 1 Service Framework | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| The Lenovo Service Framework Android application executes some system commands without proper sanitization of external input. In certain cases, this could lead to command injection which, in turn, could lead to remote code execution. | |||||
| CVE-2017-18368 | 2 Billion, Zyxel | 6 5200w-t, 5200w-t Firmware, P660hn-t1a V1 and 3 more | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user. The vulnerability is in the ViewLog.asp page and can be exploited through the remote_host parameter. | |||||