ReportizFlow
Filtered by vendor
Subscriptions
Total
2723 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-6986 | 1 Duraspace | 1 Vitro | 2024-11-21 | N/A |
| SPARQL Injection in VIVO Vitro v1.10.0 allows a remote attacker to execute arbitrary SPARQL via the uri parameter, leading to a regular expression denial of service (ReDoS), as demonstrated by crafted use of FILTER%20regex in a /individual?uri= request. | ||||
| CVE-2019-6739 | 1 Malwarebytes | 1 Antimalware | 2024-11-21 | 8.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Malwarebytes Antimalware 3.6.1.2711. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. There is an issue with the way the product handles URIs within certain schemes. The product does not warn the user that a dangerous navigation is about to take place. Because special characters in the URI are not sanitized, this could lead to the execution of arbitrary commands. An attacker can leverage this vulnerability to execute code in the context of the current user at medium integrity. Was ZDI-CAN-7162. | ||||
| CVE-2019-6689 | 1 Dillonkane | 1 Tidal Workload Automation | 2024-11-21 | N/A |
| An issue was discovered in Dillon Kane Tidal Workload Automation Agent 3.2.0.5 (formerly known as Cisco Workload Automation or CWA). The Enterprise Scheduler for AIX allows local users to gain privileges via Command Injection in crafted Tidal Job Buffers (TJB) parameters. NOTE: this vulnerability exists because the CVE-2014-3272 solution did not address AIX operating systems. | ||||
| CVE-2019-6622 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2024-11-21 | N/A |
| On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.5, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, and 11.5.1-11.6.4, an undisclosed iControl REST worker is vulnerable to command injection by an administrator or resource administrator user. This attack is only exploitable on multi-bladed systems. | ||||
| CVE-2019-6579 | 1 Siemens | 1 Spectrum Power 4 | 2024-11-21 | 9.8 Critical |
| A vulnerability has been identified in Spectrum Power 4 (with Web Office Portal). An attacker with network access to the web server on port 80/TCP or 443/TCP could execute system commands with administrative privileges. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected service. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises confidentiality, integrity or availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known. | ||||
| CVE-2019-6552 | 1 Advantech | 1 Webaccess | 2024-11-21 | 9.8 Critical |
| Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple command injection vulnerabilities, caused by a lack of proper validation of user-supplied data, may allow remote code execution. | ||||
| CVE-2019-6288 | 1 Edge-core | 2 Ecs2020, Ecs2020 Firmware | 2024-11-21 | 9.8 Critical |
| Edgecore ECS2020 Firmware 1.0.0.0 devices allow Unauthenticated Command Injection via the command1 HTTP header to the /EXCU_SHELL URI. | ||||
| CVE-2019-6275 | 1 Gl-inet | 2 Gl-ar300m-lite, Gl-ar300m-lite Firmware | 2024-11-21 | N/A |
| Command injection vulnerability in firmware_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code. | ||||
| CVE-2019-6272 | 1 Gl-inet | 2 Gl-ar300m-lite, Gl-ar300m-lite Firmware | 2024-11-21 | N/A |
| Command injection vulnerability in login_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code. | ||||
| CVE-2019-5623 | 1 Accellion | 1 File Transfer Appliance | 2024-11-21 | 9.8 Critical |
| Accellion File Transfer Appliance version FTA_8_0_540 suffers from an instance of CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection'). | ||||
| CVE-2019-5446 | 1 Ui | 12 Edgeswitch Firmware, Ep-s16., Es-12f and 9 more | 2024-11-21 | 7.2 High |
| Command Injection in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to execute commands as root. | ||||
| CVE-2019-5424 | 1 Ui | 1 Edgeswitch X | 2024-11-21 | 8.8 High |
| In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, a privileged user can execute arbitrary shell commands over the SSH CLI interface. This allows to execute shell commands under the root user. | ||||
| CVE-2019-5420 | 3 Debian, Fedoraproject, Rubyonrails | 3 Debian Linux, Fedora, Rails | 2024-11-21 | 9.8 Critical |
| A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit. | ||||
| CVE-2019-5414 | 1 Kill-port Project | 1 Kill-port | 2024-11-21 | N/A |
| If an attacker can control the port, which in itself is a very sensitive value, they can inject arbitrary OS commands due to the usage of the exec function in a third-party module kill-port < 1.3.2. | ||||
| CVE-2019-5413 | 1 Morgan Project | 1 Morgan | 2024-11-21 | N/A |
| An attacker can use the format parameter to inject arbitrary commands in the npm package morgan < 1.9.1. | ||||
| CVE-2019-5390 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | N/A |
| A remote command injection vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | ||||
| CVE-2019-5323 | 1 Arubanetworks | 1 Airwave | 2024-11-21 | 7.2 High |
| There are command injection vulnerabilities present in the AirWave application. Certain input fields controlled by an administrative user are not properly sanitized before being parsed by AirWave. If conditions are met, an attacker can obtain command execution on the host. | ||||
| CVE-2019-4635 | 1 Ibm | 1 Security Secret Server | 2024-11-21 | 2.7 Low |
| IBM Security Secret Server 10.7 could allow a privileged user to perform unauthorized command injection due to imporoper input neutralization of special elements. IBM X-Force ID: 170011. | ||||
| CVE-2019-3920 | 1 Nokia | 2 I-240w-q Gpon Ont, I-240w-q Gpon Ont Firmware | 2024-11-21 | 8.8 High |
| The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to authenticated command injection via crafted HTTP request sent by a remote, authenticated attacker to /GponForm/device_Form?script/. | ||||
| CVE-2019-3919 | 1 Nokia | 2 I-240w-q Gpon Ont, I-240w-q Gpon Ont Firmware | 2024-11-21 | 8.8 High |
| The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to command injection via crafted HTTP request sent by a remote, authenticated attacker to /GponForm/usb_restore_Form?script/. | ||||