Search
Total
2443 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-16118 | 1 Sophos | 2 Sfos, Xg Firewall | 2019-06-25 | 9.3 HIGH | 8.1 HIGH |
| A shell escape vulnerability in /webconsole/APIController in the API Configuration component of Sophos XG firewall 17.0.8 MR-8 allows remote attackers to execute arbitrary OS commands via shell metachracters in the "X-Forwarded-for" HTTP header. | |||||
| CVE-2018-6444 | 2 Brocade, Netapp | 2 Network Advisor, Brocade Network Advisor | 2019-06-19 | 10.0 HIGH | 9.8 CRITICAL |
| A Vulnerability in Brocade Network Advisor versions before 14.1.0 could allow a remote unauthenticated attacker to execute arbitray code. The vulnerability could also be exploited to execute arbitrary OS Commands. | |||||
| CVE-2018-18852 | 1 Cerio | 2 Dt-300n, Dt-300n Firmware | 2019-06-18 | 9.0 HIGH | 8.8 HIGH |
| Cerio DT-300N 1.1.6 through 1.1.12 devices allow OS command injection because of improper input validation of the web-interface PING feature's use of Save.cgi to execute a ping command, as exploited in the wild in October 2018. | |||||
| CVE-2014-4326 | 1 Elastic | 1 Logstash | 2019-06-17 | 7.5 HIGH | N/A |
| Elasticsearch Logstash 1.0.14 through 1.4.x before 1.4.2 allows remote attackers to execute arbitrary commands via a crafted event in (1) zabbix.rb or (2) nagios_nsca.rb in outputs/. | |||||
| CVE-2019-12735 | 2 Neovim, Vim | 2 Neovim, Vim | 2019-06-13 | 9.3 HIGH | 8.6 HIGH |
| getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim. | |||||
| CVE-2018-20841 | 1 Hootoo | 2 Tripmate Titan Ht-tm05, Tripmate Titan Ht-tm05 Firmware | 2019-06-12 | 10.0 HIGH | 9.8 CRITICAL |
| HooToo TripMate Titan HT-TM05 and HT-05 routers with firmware 2.000.022 and 2.000.082 allow remote command execution via shell metacharacters in the mac parameter of a protocol.csp?function=set&fname=security&opt=mac_table request. | |||||
| CVE-2019-12739 | 1 Nextcloud | 1 Extract | 2019-06-06 | 6.5 MEDIUM | 8.8 HIGH |
| lib/Controller/ExtractionController.php in the Extract add-on before 1.2.0 for Nextcloud allows Remote Code Execution via shell metacharacters in a RAR filename via ajax/extractRar.php (nameOfFile and directory parameters). | |||||
| CVE-2019-9156 | 1 Gemalto | 1 Ezio Ds3 Server | 2019-06-06 | 5.2 MEDIUM | 8.0 HIGH |
| Gemalto DS3 Authentication Server 2.6.1-SP01 allows OS Command Injection. | |||||
| CVE-2018-20434 | 1 Librenms | 1 Librenms | 2019-06-04 | 10.0 HIGH | 9.8 CRITICAL |
| LibreNMS 1.46 allows remote attackers to execute arbitrary OS commands by using the $_POST['community'] parameter to html/pages/addhost.inc.php during creation of a new device, and then making a /ajax_output.php?id=capture&format=text&type=snmpwalk&hostname=localhost request that triggers html/includes/output/capture.inc.php command mishandling. | |||||
| CVE-2019-10048 | 1 Pydio | 1 Pydio | 2019-06-03 | 9.0 HIGH | 7.2 HIGH |
| The ImageMagick plugin that is installed by default in Pydio through 8.2.2 does not perform the appropriate validation and sanitization of user supplied input in the plugin's configuration options, allowing arbitrary shell commands to be entered that result in command execution on the underlying operating system, with the privileges of the local user running the web server. The attacker must be authenticated into the application with an administrator user account in order to be able to edit the affected plugin configuration. | |||||
| CVE-2018-16217 | 1 Yealink | 2 Ultra-elegant Ip Phone Sip-t41p, Ultra-elegant Ip Phone Sip-t41p Firmware | 2019-05-31 | 9.0 HIGH | 8.8 HIGH |
| The network diagnostic function (ping) in the Yeahlink Ultra-elegant IP Phone SIP-T41P (firmware 66.83.0.35) allows a remote authenticated attacker to trigger OS commands or open a reverse shell via command injection. | |||||
| CVE-2019-3727 | 1 Dell | 2 Emc Recoverpoint, Recoverpoint For Virtual Machines | 2019-05-22 | 7.2 HIGH | 6.7 MEDIUM |
| Dell EMC RecoverPoint versions prior to 5.1.3 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an OS command injection vulnerability in the installation feature of Boxmgmt CLI. A malicious boxmgmt user may potentially be able to execute arbitrary commands as root. | |||||
| CVE-2019-1769 | 1 Cisco | 67 N9k-c9504-fm-r, N9k-c9508-fm-r, N9k-x96136yc-r and 64 more | 2019-05-21 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system of an attached line card with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system of an attached line card with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. | |||||
| CVE-2019-1776 | 1 Cisco | 134 7000 10-slot, 7000 18-slot, 7000 4-slot and 131 more | 2019-05-20 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. | |||||
| CVE-2019-11224 | 1 Harman | 2 Amx Mvp5150, Amx Mvp5150 Firmware | 2019-05-16 | 6.5 MEDIUM | 8.8 HIGH |
| HARMAN AMX MVP5150 v2.87.13 devices allow remote OS Command Injection. | |||||
| CVE-2017-12636 | 1 Apache | 1 Couchdb | 2019-05-13 | 9.0 HIGH | 7.2 HIGH |
| CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary shell commands as the CouchDB user, including downloading and executing scripts from the public internet. | |||||
| CVE-2018-11229 | 1 Crestron | 8 Crestron Toolbox Protocol Firmware, Dmc-str, Tsw-1060 and 5 more | 2019-05-13 | 7.5 HIGH | 9.8 CRITICAL |
| Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via command injection in Crestron Toolbox Protocol (CTP). | |||||
| CVE-2019-11444 | 1 Liferay | 1 Liferay Portal | 2019-05-09 | 9.0 HIGH | 7.2 HIGH |
| ** DISPUTED ** An issue was discovered in Liferay Portal CE 7.1.2 GA3. An attacker can use Liferay's Groovy script console to execute OS commands. Commands can be executed via a [command].execute() call, as demonstrated by "def cmd =" in the ServerAdminPortlet_script value to group/control_panel/manage. Valid credentials for an application administrator user account are required. NOTE: The developer disputes this as a vulnerability since it is a feature for administrators to run groovy scripts and therefore not a design flaw. | |||||
| CVE-2017-1000393 | 1 Jenkins | 1 Jenkins | 2019-05-08 | 9.0 HIGH | 8.8 HIGH |
| Jenkins 2.73.1 and earlier, 2.83 and earlier users with permission to create or configure agents in Jenkins could configure a launch method called 'Launch agent via execution of command on master'. This allowed them to run arbitrary shell commands on the master node whenever the agent was supposed to be launched. Configuration of this launch method now requires the Run Scripts permission typically only granted to administrators. | |||||
| CVE-2018-4061 | 1 Sierrawireless | 2 Airlink Es450, Airlink Es450 Firmware | 2019-05-07 | 9.0 HIGH | 8.8 HIGH |
| An exploitable command injection vulnerability exists in the ACEManager iplogging.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can inject arbitrary commands, resulting in arbitrary command execution. An attacker can send an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2019-9804 | 2 Apple, Mozilla | 2 Mac Os X, Firefox | 2019-04-30 | 7.5 HIGH | 9.8 CRITICAL |
| In Firefox Developer Tools it is possible that pasting the result of the 'Copy as cURL' command into a command shell on macOS will cause the execution of unintended additional bash script commands if the URL was maliciously crafted. This is the result of an issue with the native version of Bash on macOS. *Note: This issue only affects macOS. Other operating systems are unaffected.*. This vulnerability affects Firefox < 66. | |||||
| CVE-2017-16667 | 1 Backintime Project | 1 Backintime | 2019-04-30 | 9.3 HIGH | 7.8 HIGH |
| backintime (aka Back in Time) before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft an unreadable file with a specific name to run arbitrary shell commands. | |||||
| CVE-2018-16660 | 1 Imperva | 1 Securesphere | 2019-04-29 | 9.0 HIGH | 8.8 HIGH |
| A command injection vulnerability in PWS in Imperva SecureSphere 13.0.0.10 and 13.1.0.10 Gateway allows an attacker with authenticated access to execute arbitrary OS commands on a vulnerable installation. | |||||
| CVE-2019-11001 | 1 Reolink | 10 C1 Pro, C1 Pro Firmware, C2 Pro and 7 more | 2019-04-09 | 9.0 HIGH | 7.2 HIGH |
| On Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W devices through 1.0.227, an authenticated admin can use the "TestEmail" functionality to inject and run OS commands as root, as demonstrated by shell metacharacters in the addr1 field. | |||||
| CVE-2018-5757 | 1 Audiocodes | 2 420hd Ip Phone, 420hd Ip Phone Firmware | 2019-04-04 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on AudioCodes 450HD IP Phone devices with firmware 3.0.0.535.106. The traceroute and ping functionality, which uses a parameter in a request to command.cgi from the Monitoring page in the web UI, unsafely puts user-alterable data directly into an OS command, leading to Remote Code Execution via shell metacharacters in the query string. | |||||
| CVE-2018-17990 | 1 Dlink | 2 Dsl-3782, Dsl-3782 Firmware | 2019-04-02 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on D-Link DSL-3782 devices with firmware 1.01. An OS command injection vulnerability in Acl.asp allows a remote authenticated attacker to execute arbitrary OS commands via the ScrIPaddrEndTXT parameter. | |||||
| CVE-2018-20323 | 1 Mailcleaner | 1 Mailcleaner | 2019-03-27 | 9.0 HIGH | 8.8 HIGH |
| www/soap/application/MCSoap/Logs.php in MailCleaner Community Edition 2018.08 allows remote attackers to execute arbitrary OS commands. | |||||
| CVE-2019-9118 | 1 Motorola | 4 C1, C1 Firmware, M2 and 1 more | 2019-03-08 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetNTPServerSettings API function, as demonstrated by shell metacharacters in the system_time_timezone field. | |||||
| CVE-2019-9119 | 1 Motorola | 4 C1, C1 Firmware, M2 and 1 more | 2019-03-08 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetStaticRouteSettings API function, as demonstrated by shell metacharacters in the staticroute_list field. | |||||
| CVE-2019-9120 | 1 Motorola | 4 C1, C1 Firmware, M2 and 1 more | 2019-03-08 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetWLanACLSettings API function, as demonstrated by shell metacharacters in the wl(0).(0)_maclist field. | |||||
| CVE-2019-9117 | 1 Motorola | 4 C1, C1 Firmware, M2 and 1 more | 2019-03-08 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetNetworkTomographySettings API function, as demonstrated by shell metacharacters in the tomography_ping_number field. | |||||
| CVE-2018-1000666 | 2 Gig, Openvcloud Project | 2 Jumpscale, Openvcloud | 2019-03-07 | 10.0 HIGH | 9.8 CRITICAL |
| GIG Technology NV JumpScale Portal 7 version before commit 15443122ed2b1cbfd7bdefc048bf106f075becdb contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in method: notifySpaceModification; that can result in Improper validation of parameters results in command execution. This attack appear to be exploitable via Network connectivity, required minimal auth privileges (everyone can register an account). This vulnerability appears to have been fixed in After commit 15443122ed2b1cbfd7bdefc048bf106f075becdb. | |||||
| CVE-2018-8735 | 1 Nagios | 1 Nagios Xi | 2019-03-04 | 9.0 HIGH | 8.8 HIGH |
| Remote command execution (RCE) vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary commands on the target system, aka OS command injection. | |||||
| CVE-2018-7046 | 1 Kentico | 1 Kentico Cms | 2019-02-28 | 9.0 HIGH | 7.2 HIGH |
| ** DISPUTED ** Arbitrary code execution vulnerability in Kentico 9 through 11 allows remote authenticated users to execute arbitrary operating system commands in a dynamic .NET code evaluation context via C# code in a "Pages -> Edit -> Template -> Edit template properties -> Layout" box. NOTE: the vendor has responded that there is intended functionality for authorized users to edit and update ascx code layout. | |||||
| CVE-2018-7187 | 2 Debian, Golang | 2 Debian Linux, Go | 2019-02-28 | 9.3 HIGH | 8.8 HIGH |
| The "go get" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path (get/vcs.go only checks for "://" anywhere in the string), which allows remote attackers to execute arbitrary OS commands via a crafted web site. | |||||
| CVE-2010-1885 | 1 Microsoft | 3 Windows 2003 Server, Windows Server 2003, Windows Xp | 2019-02-26 | 9.3 HIGH | N/A |
| The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka "Help Center URL Validation Vulnerability." | |||||
| CVE-2016-1142 | 1 Seeds | 1 Acmailer | 2019-02-20 | 9.0 HIGH | 9.1 CRITICAL |
| Seeds acmailer before 3.8.21 and 3.9.x before 3.9.15 Beta allows remote authenticated users to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2019-7297 | 1 D-link | 2 Dir-823g, Dir-823g Firmware | 2019-02-19 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via shell metacharacters in a crafted /HNAP1 request. This occurs when the GetNetworkTomographyResult function calls the system function with an untrusted input parameter named Address. Consequently, an attacker can execute any command remotely when they control this input. | |||||
| CVE-2018-15007 | 1 Skydevices | 2 Sky Elite 6.0l\+, Sky Elite 6.0l\+ Firmware | 2019-02-14 | 4.6 MEDIUM | 7.8 HIGH |
| The Sky Elite 6.0L+ Android device with a build fingerprint of SKY/x6069_trx_l601_sky/x6069_trx_l601_sky:6.0/MRA58K/1482897127:user/release-keys contains a pre-installed platform app with a package name of com.fw.upgrade.sysoper (versionCode=238, versionName=2.3.8) that contains an exported broadcast receiver app component named com.adups.fota.sysoper.WriteCommandReceiver that allows any app co-located on the device to supply arbitrary commands to be executed as the system user. The com.fw.upgrade.sysoper app cannot be disabled by the user and the attack can be performed by a zero-permission app. Executing commands as system user can allow a third-party app to video record the user's screen, factory reset the device, obtain the user's notifications, read the logcat logs, inject events in the Graphical User Interface (GUI), change the default Input Method Editor (IME) (e.g., keyboard) with one contained within the attacking app that contains keylogging functionality, obtain the user's text messages, and more. | |||||
| CVE-2018-12237 | 1 Symantec | 1 Reporter | 2019-02-11 | 9.0 HIGH | 7.2 HIGH |
| The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8 is susceptible to an OS command injection vulnerability. An authenticated malicious administrator with Enable mode access can execute arbitrary OS commands with elevated system privileges. | |||||
| CVE-2018-0677 | 1 Panasonic | 2 Bn-sdwbp3, Bn-sdwbp3 Firmware | 2019-02-11 | 7.7 HIGH | 6.8 MEDIUM |
| BN-SDWBP3 firmware version 1.0.9 and earlier allows attacker with administrator rights on the same network segment to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2019-7632 | 1 Lifesize | 8 Networker 220, Networker 220 Firmware, Passport 220 and 5 more | 2019-02-08 | 9.0 HIGH | 8.8 HIGH |
| LifeSize Team, Room, Passport, and Networker 220 devices allow Authenticated Remote OS Command Injection, as demonstrated by shell metacharacters in the support/mtusize.php mtu_size parameter. The lifesize default password for the cli account may sometimes be used for authentication. | |||||
| CVE-2019-7298 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2019-02-05 | 9.3 HIGH | 8.1 HIGH |
| An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body, such as a body of ' /bin/telnetd' for the GetDeviceSettingsset API function. Consequently, an attacker can execute any command remotely when they control this input. | |||||
| CVE-2018-19646 | 1 Imperva | 1 Securesphere | 2019-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| The Python CGI scripts in PWS in Imperva SecureSphere 13.0.10, 13.1.10, and 13.2.10 allow remote attackers to execute arbitrary OS commands because command-line arguments are mishandled. | |||||
| CVE-2015-0525 | 1 Emc | 1 Secure Remote Services | 2019-02-01 | 7.5 HIGH | N/A |
| The Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2018-19660 | 1 Moxa | 2 Nport W2x50a, Nport W2x50a Firmware | 2019-01-30 | 9.0 HIGH | 8.8 HIGH |
| An exploitable authenticated command-injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware before 2.2 Build_18082311. A specially crafted HTTP POST request to /goform/webSettingProfileSecurity can result in running OS commands as the root user. | |||||
| CVE-2018-19659 | 1 Moxa | 2 Nport W2x50a, Nport W2x50a Firmware | 2019-01-30 | 9.0 HIGH | 8.8 HIGH |
| An exploitable authenticated command-injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware before 2.2 Build_18082311. A specially crafted HTTP POST request to /goform/net_WebPingGetValue can result in running OS commands as the root user. This is similar to CVE-2017-12120. | |||||
| CVE-2018-16200 | 1 Toshiba | 4 Hem-gw16a, Hem-gw16a Firmware, Hem-gw26a and 1 more | 2019-01-24 | 5.8 MEDIUM | 8.8 HIGH |
| Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to execute arbitrary OS commands. | |||||
| CVE-2018-12317 | 1 Asustor | 2 As-602t, Data Master | 2019-01-24 | 9.0 HIGH | 8.8 HIGH |
| OS command injection in group.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root by modifying the "name" POST parameter. | |||||
| CVE-2018-3955 | 1 Linksys | 4 E1200, E1200 Firmware, E2500 and 1 more | 2019-01-23 | 9.0 HIGH | 7.2 HIGH |
| An exploitable operating system command injection exists in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04). Specially crafted entries to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An attacker can send an authenticated HTTP request to trigger this vulnerability. Data entered into the 'Domain Name' input field through the web portal is submitted to apply.cgi as the value to the 'wan_domain' POST parameter. The wan_domain data goes through the nvram_set process described above. When the 'preinit' binary receives the SIGHUP signal it enters a code path that calls a function named 'set_host_domain_name' from its libshared.so shared object. | |||||