Search
Total
1192 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-16118 | 1 Sophos | 2 Sfos, Xg Firewall | 2019-06-25 | 9.3 HIGH | 8.1 HIGH |
| A shell escape vulnerability in /webconsole/APIController in the API Configuration component of Sophos XG firewall 17.0.8 MR-8 allows remote attackers to execute arbitrary OS commands via shell metachracters in the "X-Forwarded-for" HTTP header. | |||||
| CVE-2018-18852 | 1 Cerio | 2 Dt-300n, Dt-300n Firmware | 2019-06-18 | 9.0 HIGH | 8.8 HIGH |
| Cerio DT-300N 1.1.6 through 1.1.12 devices allow OS command injection because of improper input validation of the web-interface PING feature's use of Save.cgi to execute a ping command, as exploited in the wild in October 2018. | |||||
| CVE-2019-12735 | 2 Neovim, Vim | 2 Neovim, Vim | 2019-06-13 | 9.3 HIGH | 8.6 HIGH |
| getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim. | |||||
| CVE-2019-12739 | 1 Nextcloud | 1 Extract | 2019-06-06 | 6.5 MEDIUM | 8.8 HIGH |
| lib/Controller/ExtractionController.php in the Extract add-on before 1.2.0 for Nextcloud allows Remote Code Execution via shell metacharacters in a RAR filename via ajax/extractRar.php (nameOfFile and directory parameters). | |||||
| CVE-2019-9156 | 1 Gemalto | 1 Ezio Ds3 Server | 2019-06-06 | 5.2 MEDIUM | 8.0 HIGH |
| Gemalto DS3 Authentication Server 2.6.1-SP01 allows OS Command Injection. | |||||
| CVE-2019-10048 | 1 Pydio | 1 Pydio | 2019-06-03 | 9.0 HIGH | 7.2 HIGH |
| The ImageMagick plugin that is installed by default in Pydio through 8.2.2 does not perform the appropriate validation and sanitization of user supplied input in the plugin's configuration options, allowing arbitrary shell commands to be entered that result in command execution on the underlying operating system, with the privileges of the local user running the web server. The attacker must be authenticated into the application with an administrator user account in order to be able to edit the affected plugin configuration. | |||||
| CVE-2018-16217 | 1 Yealink | 2 Ultra-elegant Ip Phone Sip-t41p, Ultra-elegant Ip Phone Sip-t41p Firmware | 2019-05-31 | 9.0 HIGH | 8.8 HIGH |
| The network diagnostic function (ping) in the Yeahlink Ultra-elegant IP Phone SIP-T41P (firmware 66.83.0.35) allows a remote authenticated attacker to trigger OS commands or open a reverse shell via command injection. | |||||
| CVE-2019-11224 | 1 Harman | 2 Amx Mvp5150, Amx Mvp5150 Firmware | 2019-05-16 | 6.5 MEDIUM | 8.8 HIGH |
| HARMAN AMX MVP5150 v2.87.13 devices allow remote OS Command Injection. | |||||
| CVE-2017-12636 | 1 Apache | 1 Couchdb | 2019-05-13 | 9.0 HIGH | 7.2 HIGH |
| CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary shell commands as the CouchDB user, including downloading and executing scripts from the public internet. | |||||
| CVE-2019-11444 | 1 Liferay | 1 Liferay Portal | 2019-05-09 | 9.0 HIGH | 7.2 HIGH |
| ** DISPUTED ** An issue was discovered in Liferay Portal CE 7.1.2 GA3. An attacker can use Liferay's Groovy script console to execute OS commands. Commands can be executed via a [command].execute() call, as demonstrated by "def cmd =" in the ServerAdminPortlet_script value to group/control_panel/manage. Valid credentials for an application administrator user account are required. NOTE: The developer disputes this as a vulnerability since it is a feature for administrators to run groovy scripts and therefore not a design flaw. | |||||
| CVE-2017-1000393 | 1 Jenkins | 1 Jenkins | 2019-05-08 | 9.0 HIGH | 8.8 HIGH |
| Jenkins 2.73.1 and earlier, 2.83 and earlier users with permission to create or configure agents in Jenkins could configure a launch method called 'Launch agent via execution of command on master'. This allowed them to run arbitrary shell commands on the master node whenever the agent was supposed to be launched. Configuration of this launch method now requires the Run Scripts permission typically only granted to administrators. | |||||
| CVE-2018-4061 | 1 Sierrawireless | 2 Airlink Es450, Airlink Es450 Firmware | 2019-05-07 | 9.0 HIGH | 8.8 HIGH |
| An exploitable command injection vulnerability exists in the ACEManager iplogging.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can inject arbitrary commands, resulting in arbitrary command execution. An attacker can send an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2017-16667 | 1 Backintime Project | 1 Backintime | 2019-04-30 | 9.3 HIGH | 7.8 HIGH |
| backintime (aka Back in Time) before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft an unreadable file with a specific name to run arbitrary shell commands. | |||||
| CVE-2018-16660 | 1 Imperva | 1 Securesphere | 2019-04-29 | 9.0 HIGH | 8.8 HIGH |
| A command injection vulnerability in PWS in Imperva SecureSphere 13.0.0.10 and 13.1.0.10 Gateway allows an attacker with authenticated access to execute arbitrary OS commands on a vulnerable installation. | |||||
| CVE-2019-11001 | 1 Reolink | 10 C1 Pro, C1 Pro Firmware, C2 Pro and 7 more | 2019-04-09 | 9.0 HIGH | 7.2 HIGH |
| On Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W devices through 1.0.227, an authenticated admin can use the "TestEmail" functionality to inject and run OS commands as root, as demonstrated by shell metacharacters in the addr1 field. | |||||
| CVE-2018-5757 | 1 Audiocodes | 2 420hd Ip Phone, 420hd Ip Phone Firmware | 2019-04-04 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on AudioCodes 450HD IP Phone devices with firmware 3.0.0.535.106. The traceroute and ping functionality, which uses a parameter in a request to command.cgi from the Monitoring page in the web UI, unsafely puts user-alterable data directly into an OS command, leading to Remote Code Execution via shell metacharacters in the query string. | |||||
| CVE-2018-17990 | 1 Dlink | 2 Dsl-3782, Dsl-3782 Firmware | 2019-04-02 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on D-Link DSL-3782 devices with firmware 1.01. An OS command injection vulnerability in Acl.asp allows a remote authenticated attacker to execute arbitrary OS commands via the ScrIPaddrEndTXT parameter. | |||||
| CVE-2018-20323 | 1 Mailcleaner | 1 Mailcleaner | 2019-03-27 | 9.0 HIGH | 8.8 HIGH |
| www/soap/application/MCSoap/Logs.php in MailCleaner Community Edition 2018.08 allows remote attackers to execute arbitrary OS commands. | |||||
| CVE-2018-8735 | 1 Nagios | 1 Nagios Xi | 2019-03-04 | 9.0 HIGH | 8.8 HIGH |
| Remote command execution (RCE) vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary commands on the target system, aka OS command injection. | |||||
| CVE-2018-7046 | 1 Kentico | 1 Kentico Cms | 2019-02-28 | 9.0 HIGH | 7.2 HIGH |
| ** DISPUTED ** Arbitrary code execution vulnerability in Kentico 9 through 11 allows remote authenticated users to execute arbitrary operating system commands in a dynamic .NET code evaluation context via C# code in a "Pages -> Edit -> Template -> Edit template properties -> Layout" box. NOTE: the vendor has responded that there is intended functionality for authorized users to edit and update ascx code layout. | |||||
| CVE-2018-7187 | 2 Debian, Golang | 2 Debian Linux, Go | 2019-02-28 | 9.3 HIGH | 8.8 HIGH |
| The "go get" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path (get/vcs.go only checks for "://" anywhere in the string), which allows remote attackers to execute arbitrary OS commands via a crafted web site. | |||||
| CVE-2018-15007 | 1 Skydevices | 2 Sky Elite 6.0l\+, Sky Elite 6.0l\+ Firmware | 2019-02-14 | 4.6 MEDIUM | 7.8 HIGH |
| The Sky Elite 6.0L+ Android device with a build fingerprint of SKY/x6069_trx_l601_sky/x6069_trx_l601_sky:6.0/MRA58K/1482897127:user/release-keys contains a pre-installed platform app with a package name of com.fw.upgrade.sysoper (versionCode=238, versionName=2.3.8) that contains an exported broadcast receiver app component named com.adups.fota.sysoper.WriteCommandReceiver that allows any app co-located on the device to supply arbitrary commands to be executed as the system user. The com.fw.upgrade.sysoper app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, obtain the user's text messages, and more. | |||||
| CVE-2018-12237 | 1 Symantec | 1 Reporter | 2019-02-11 | 9.0 HIGH | 7.2 HIGH |
| The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8 is susceptible to an OS command injection vulnerability. An authenticated malicious administrator with Enable mode access can execute arbitrary OS commands with elevated system privileges. | |||||
| CVE-2019-7632 | 1 Lifesize | 8 Networker 220, Networker 220 Firmware, Passport 220 and 5 more | 2019-02-08 | 9.0 HIGH | 8.8 HIGH |
| LifeSize Team, Room, Passport, and Networker 220 devices allow Authenticated Remote OS Command Injection, as demonstrated by shell metacharacters in the support/mtusize.php mtu_size parameter. The lifesize default password for the cli account may sometimes be used for authentication. | |||||
| CVE-2019-7298 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2019-02-05 | 9.3 HIGH | 8.1 HIGH |
| An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body, such as a body of ' /bin/telnetd' for the GetDeviceSettingsset API function. Consequently, an attacker can execute any command remotely when they control this input. | |||||
| CVE-2018-19660 | 1 Moxa | 2 Nport W2x50a, Nport W2x50a Firmware | 2019-01-30 | 9.0 HIGH | 8.8 HIGH |
| An exploitable authenticated command-injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware before 2.2 Build_18082311. A specially crafted HTTP POST request to /goform/webSettingProfileSecurity can result in running OS commands as the root user. | |||||
| CVE-2018-19659 | 1 Moxa | 2 Nport W2x50a, Nport W2x50a Firmware | 2019-01-30 | 9.0 HIGH | 8.8 HIGH |
| An exploitable authenticated command-injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware before 2.2 Build_18082311. A specially crafted HTTP POST request to /goform/net_WebPingGetValue can result in running OS commands as the root user. This is similar to CVE-2017-12120. | |||||
| CVE-2018-16200 | 1 Toshiba | 4 Hem-gw16a, Hem-gw16a Firmware, Hem-gw26a and 1 more | 2019-01-24 | 5.8 MEDIUM | 8.8 HIGH |
| Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to execute arbitrary OS commands. | |||||
| CVE-2018-12317 | 1 Asustor | 2 As-602t, Data Master | 2019-01-24 | 9.0 HIGH | 8.8 HIGH |
| OS command injection in group.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root by modifying the "name" POST parameter. | |||||
| CVE-2018-3955 | 1 Linksys | 4 E1200, E1200 Firmware, E2500 and 1 more | 2019-01-23 | 9.0 HIGH | 7.2 HIGH |
| An exploitable operating system command injection exists in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04). Specially crafted entries to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An attacker can send an authenticated HTTP request to trigger this vulnerability. Data entered into the 'Domain Name' input field through the web portal is submitted to apply.cgi as the value to the 'wan_domain' POST parameter. The wan_domain data goes through the nvram_set process described above. When the 'preinit' binary receives the SIGHUP signal it enters a code path that calls a function named 'set_host_domain_name' from its libshared.so shared object. | |||||
| CVE-2018-3953 | 1 Linksys | 4 E1200, E1200 Firmware, E2500 and 1 more | 2019-01-23 | 9.0 HIGH | 7.2 HIGH |
| Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04) are susceptible to OS command injection vulnerabilities due to improper filtering of data passed to and retrieved from NVRAM. Data entered into the 'Router Name' input field through the web portal is submitted to apply.cgi as the value to the 'machine_name' POST parameter. When the 'preinit' binary receives the SIGHUP signal, it enters a code path that continues until it reaches offset 0x0042B5C4 in the 'start_lltd' function. Within the 'start_lltd' function, a 'nvram_get' call is used to obtain the value of the user-controlled 'machine_name' NVRAM entry. This value is then entered directly into a command intended to write the host name to a file and subsequently executed. | |||||
| CVE-2018-3954 | 1 Linksys | 4 E1200, E1200 Firmware, E2500 and 1 more | 2019-01-23 | 9.0 HIGH | 7.2 HIGH |
| Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04) are susceptible to OS command injection vulnerabilities due to improper filtering of data passed to and retrieved from NVRAMData entered into the 'Router Name' input field through the web portal is submitted to apply.cgi as the value to the 'machine_name' POST parameter. When the 'preinit' binary receives the SIGHUP signal it enters a code path that calls a function named 'set_host_domain_name' from its libshared.so shared object. | |||||
| CVE-2018-16194 | 1 Nec | 4 Aterm Wf1200cr, Aterm Wf1200cr Firmware, Aterm Wg1200cr and 1 more | 2019-01-17 | 9.0 HIGH | 7.2 HIGH |
| Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows authenticated attackers to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2018-16195 | 1 Nec | 4 Aterm Wf1200cr, Aterm Wf1200cr Firmware, Aterm Wg1200cr and 1 more | 2019-01-17 | 8.3 HIGH | 8.8 HIGH |
| Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands via SOAP interface of UPnP. | |||||
| CVE-2018-0639 | 1 Nec | 2 Aterm Hc100rc, Aterm Hc100rc Firmware | 2019-01-17 | 9.0 HIGH | 7.2 HIGH |
| Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via tools_firmware.cgi date parameter, time parameter, and offset parameter. | |||||
| CVE-2018-0631 | 1 Nec | 2 Aterm W300p, Aterm W300p Firmware | 2019-01-17 | 9.0 HIGH | 7.2 HIGH |
| Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via targetAPSsid parameter. | |||||
| CVE-2018-0634 | 1 Nec | 2 Aterm Hc100rc, Aterm Hc100rc Firmware | 2019-01-17 | 9.0 HIGH | 7.2 HIGH |
| Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via FactoryPassword parameter or bootmode parameter of a certain URL. | |||||
| CVE-2018-0630 | 1 Nec | 2 Aterm W300p, Aterm W300p Firmware | 2019-01-17 | 9.0 HIGH | 7.2 HIGH |
| Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via sysCmd parameter. | |||||
| CVE-2018-0629 | 1 Nec | 2 Aterm W300p, Aterm W300p Firmware | 2019-01-17 | 9.0 HIGH | 7.2 HIGH |
| Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via HTTP request and response. | |||||
| CVE-2018-0628 | 1 Nec | 2 Aterm Wg1200hp, Aterm Wg1200hp Firmware | 2019-01-17 | 9.0 HIGH | 7.2 HIGH |
| Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via HTTP request and response. | |||||
| CVE-2018-0636 | 1 Nec | 2 Aterm Hc100rc, Aterm Hc100rc Firmware | 2019-01-15 | 9.0 HIGH | 7.2 HIGH |
| Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via FactoryPassword parameter of a certain URL, different URL from CVE-2018-0634. | |||||
| CVE-2018-0635 | 1 Nec | 2 Aterm Hc100rc, Aterm Hc100rc Firmware | 2019-01-15 | 9.0 HIGH | 7.2 HIGH |
| Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via filename parameter. | |||||
| CVE-2018-0637 | 1 Nec | 2 Aterm Hc100rc, Aterm Hc100rc Firmware | 2019-01-15 | 9.0 HIGH | 7.2 HIGH |
| Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via export.cgi encKey parameter. | |||||
| CVE-2018-0638 | 1 Nec | 2 Aterm Hc100rc, Aterm Hc100rc Firmware | 2019-01-15 | 9.0 HIGH | 7.2 HIGH |
| Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via import.cgi encKey parameter. | |||||
| CVE-2018-0627 | 1 Nec | 2 Aterm Wg1200hp, Aterm Wg1200hp Firmware | 2019-01-15 | 9.0 HIGH | 7.2 HIGH |
| Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via targetAPSsid parameter. | |||||
| CVE-2018-0626 | 1 Nec | 2 Aterm Wg1200hp, Aterm Wg1200hp Firmware | 2019-01-15 | 9.0 HIGH | 7.2 HIGH |
| Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via sysCmd in formWsc parameter. | |||||
| CVE-2018-0625 | 1 Nec | 2 Aterm Wg1200hp, Aterm Wg1200hp Firmware | 2019-01-15 | 9.0 HIGH | 7.2 HIGH |
| Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via formSysCmd parameter. | |||||
| CVE-2018-19239 | 1 Trendnet | 2 Tew-673gru, Tew-673gru Firmware | 2019-01-14 | 9.0 HIGH | 7.2 HIGH |
| TRENDnet TEW-673GRU v1.00b40 devices have an OS command injection vulnerability in the start_arpping function of the timer binary, which allows remote attackers to execute arbitrary commands via three parameters (dhcpd_start, dhcpd_end, and lan_ipaddr) passed to the apply.cgi binary through a POST request. | |||||
| CVE-2018-1239 | 1 Dell | 2 Emc Unity Operating Environment, Emc Unityvsa Operating Environment | 2019-01-07 | 9.0 HIGH | 7.2 HIGH |
| Dell EMC Unity Operating Environment (OE) versions prior to 4.3.0.1522077968 are affected by multiple OS command injection vulnerabilities. A remote application admin user could potentially exploit the vulnerabilities to execute arbitrary OS commands as system root on the system where Dell EMC Unity is installed. | |||||
| CVE-2018-20057 | 1 D-link | 4 Dir-605l, Dir-605l Firmware, Dir-619l and 1 more | 2018-12-31 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices. goform/formSysCmd allows remote authenticated users to execute arbitrary OS commands via the sysCmd POST parameter. | |||||