Filtered by vendor
Subscriptions
Total
4127 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-54082 | 2024-12-23 | N/A | ||
home 5G HR02 and Wi-Fi STATION SH-54C contain an OS command injection vulnerability in the configuration restore function. An arbitrary OS command may be executed with the root privilege by an administrative user. | ||||
CVE-2024-45721 | 2024-12-23 | N/A | ||
home 5G HR02, Wi-Fi STATION SH-52B, and Wi-Fi STATION SH-54C contain an OS command injection vulnerability in the HOST name configuration screen. An arbitrary OS command may be executed with the root privilege by an administrative user. | ||||
CVE-2021-40407 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2024-12-21 | 9.8 Critical |
An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [1] or [2], based on DDNS type, the ddns->domain variable, that has the value of the domain parameter provided through the SetDdns API, is not validated properly. This would lead to an OS command injection. An attacker can send an HTTP request to trigger this vulnerability. | ||||
CVE-2019-11001 | 1 Reolink | 10 C1 Pro, C1 Pro Firmware, C2 Pro and 7 more | 2024-12-21 | 7.2 High |
On Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W devices through 1.0.227, an authenticated admin can use the "TestEmail" functionality to inject and run OS commands as root, as demonstrated by shell metacharacters in the addr1 field. | ||||
CVE-2018-14933 | 1 Nuuo | 2 Nvrmini, Nvrmini Firmware | 2024-12-21 | N/A |
upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command. | ||||
CVE-2020-13712 | 2024-12-21 | N/A | ||
A command injection is possible through the user interface, allowing arbitrary command execution as the root user. oMG2000 running MGOS 3.15.1 or earlier is affected. MG90 running MGOS 4.2.1 or earlier is affected. | ||||
CVE-2024-4577 | 2 Fedoraproject, Php | 2 Fedora, Php | 2024-12-20 | 9.8 Critical |
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc. | ||||
CVE-2024-8806 | 1 Cohesive | 1 Vns3 | 2024-12-20 | 9.8 Critical |
Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cohesive Networks VNS3. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 8000 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24160. | ||||
CVE-2024-8807 | 1 Cohesive | 1 Vns3 | 2024-12-20 | 9.8 Critical |
Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cohesive Networks VNS3. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 8000 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24176. | ||||
CVE-2024-8808 | 1 Cohesive | 1 Vns3 | 2024-12-20 | 8.8 High |
Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cohesive Networks VNS3. Authentication is required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 8000 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24177. | ||||
CVE-2023-43208 | 1 Nextgen | 1 Mirth Connect | 2024-12-20 | 9.8 Critical |
NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that this vulnerability is caused by the incomplete patch of CVE-2023-37679. | ||||
CVE-2024-12829 | 2024-12-20 | N/A | ||
Arista NG Firewall ExecManagerImpl Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Authentication is required to exploit this vulnerability. The specific flaw exists within the ExecManagerImpl class. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24015. | ||||
CVE-2024-28767 | 1 Ibm | 1 Security Directory Integrator | 2024-12-20 | 6.8 Medium |
IBM Security Directory Integrator 7.2.0 through 7.2.0.13 and 10.0.0 through 10.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. | ||||
CVE-2021-26115 | 2024-12-20 | 7.6 High | ||
An OS command injection (CWE-78) vulnerability in FortiWAN version 4.5.7 and below Command Line Interface may allow a local, authenticated and unprivileged attacker to escalate their privileges to root via executing a specially-crafted command.An OS command injection (CWE-78) vulnerability in FortiWAN Command Line Interface may allow a local, authenticated and unprivileged attacker to escalate their privileges to root via executing a specially-crafted command. | ||||
CVE-2024-28892 | 2 Gocast, Mayuresh82 | 2 Gocast, Gocast | 2024-12-20 | 9.8 Critical |
An OS command injection vulnerability exists in the name parameter of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. | ||||
CVE-2024-9474 | 1 Paloaltonetworks | 1 Pan-os | 2024-12-20 | 7.2 High |
A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges. Cloud NGFW and Prisma Access are not impacted by this vulnerability. | ||||
CVE-2024-45519 | 1 Zimbra | 2 Collaboration, Zimbra Collaboration Suite | 2024-12-20 | 10 Critical |
The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute commands. | ||||
CVE-2020-21583 | 1 Kernel | 1 Util-linux | 2024-12-20 | 6.7 Medium |
An issue was discovered in hwclock.13-v2.27 allows attackers to gain escalated privlidges or execute arbitrary commands via the path parameter when setting the date. | ||||
CVE-2024-48889 | 1 Fortinet | 1 Fortimanager | 2024-12-20 | 7.2 High |
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiManager version 7.6.0, version 7.4.4 and below, version 7.2.7 and below, version 7.0.12 and below, version 6.4.14 and below and FortiManager Cloud version 7.4.4 and below, version 7.2.7 to 7.2.1, version 7.0.12 to 7.0.1 may allow an authenticated remote attacker to execute unauthorized code via FGFM crafted requests. | ||||
CVE-2010-4345 | 5 Canonical, Debian, Exim and 2 more | 5 Ubuntu Linux, Debian Linux, Exim and 2 more | 2024-12-19 | 7.8 High |
Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive. |