CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1086 matches found

CNVD•added 2023/07/14 12:0 a.m.•6 views

SAP NetWeaver ABAP Server Operating System Command Injection Vulnerability

SAP NetWeaver ABAP Server is a German SAP SAP company used as a Web application server for SAP products. SAP NetWeaver ABAP Server suffers from an operating system command injection vulnerability that arises from the application failing to properly filter constructor command special characters,...

9.1CVSS7.5AI score0.007EPSS

Exploits0References1

CNNVD•added 2023/07/11 12:0 a.m.•3 views

ELECOM WRC 代码注入漏洞

The ELECOM WRC is a home-applicable network camera from ELECOM Japan. A code injection vulnerability exists in ELECOM WRC-1167FEBK-A v1.18 and earlier versions, which stems from the presence of a code injection that allows network-adjacent authenticated attackers to execute arbitrary operating...

8CVSS7.7AI score0.00475EPSS

Exploits0References4

CNVD•added 2023/07/03 12:0 a.m.•14 views

D-Link DIR-823G Command Execution Vulnerability (CNVD-2023-65130)

The D-Link DIR-823G is a wireless router from China's AUO D-Link. A command execution vulnerability exists in the D-Link DIR-823G version 1.02B05, which stems from the application failing to properly filter construct command special characters, commands, etc. An attacker can exploit this...

9.8CVSS7.7AI score0.29098EPSS

Exploits1References1

BDU FSTEC•added 2023/06/30 12:0 a.m.•7 views

The vulnerability in the FortiADC Manager web management tool, a controller for FortiADC applications, allows a attacker to execute arbitrary commands with root privileges.

The vulnerability of the FortiADC Manager web management tool, a controller for FortiADC application delivery, is related to the failure to remove special elements used in the operating system’s command set. Exploiting this vulnerability can allow an attacker to execute arbitrary commands with ro...

7.8CVSS7.6AI score0.00496EPSS

Exploits0References3Affected Software2

CVE•added 2023/06/29 12:0 a.m.•40 views

CVE-2023-37237

The CVE-2023-37237 issue affects Veritas NetBackup Appliance software prior to 4.1.0.1 MR3. Insecure permissions allow an authenticated Admin to bypass shell restrictions and execute arbitrary OS commands via SSH. Root cause: insecure permissions on the appliance environment. Impact: potential fu...

7.2CVSS7.2AI score0.00517EPSS

Exploits0References1Affected Software1

Cvelist•added 2023/06/29 12:0 a.m.•21 views

CVE-2023-26613

An OS command injection vulnerability in D-Link DIR-823G firmware version 1.02B05 allows unauthorized attackers to execute arbitrary operating system commands via a crafted GET request to EXCUSHELL...

10AI score0.29098EPSS

Exploits1References2

CNNVD•added 2023/06/19 12:0 a.m.•4 views

Zyxel NAS326 操作系统命令注入漏洞

Zyxel NAS326 is a cloud storage NAS from China Heqin Zyxel. A security vulnerability exists in the Zyxel NAS326 V5.21 AAZF.14 firmware version prior to C0, NAS540 V5.21 AATB.11 firmware version prior to C0, and NAS542V5.21 firmware version prior to V5.21, which originates from a vulnerability tha...

9.8CVSS8.8AI score0.84265EPSS

Exploits0References2

BDU FSTEC•added 2023/06/16 12:0 a.m.•5 views

The vulnerability of the cable gateway Hitron CODA-5310 arises from the failure to take measures to neutralize special elements used in the operating system’s command set. This allows a hacker to execute arbitrary commands.

The vulnerability of the Hitron CODA-5310 cable gateway exists due to the failure to take measures to neutralize special elements used in the operating system’s commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

8.3CVSS7.4AI score0.01281EPSS

Exploits0References3

CNNVD•added 2023/06/13 12:0 a.m.•5 views

Inaba Denki Sangyo Wi-Fi AP UNIT 操作系统命令注入漏洞

The Inaba Denki Sangyo Wi-Fi AP UNIT is a Wi-Fi AP unit from Inaba Denki Sangyo Japan. A security vulnerability exists in the Inaba Denki Sangyo Wi-Fi AP UNIT. An attacker could exploit the vulnerability by sending a specially crafted request to execute arbitrary operating system commands. Affect...

7.2CVSS7.4AI score0.01476EPSS

Exploits0References3

Positive Technologies•added 2023/06/13 12:0 a.m.•5 views

PT-2023-22962 · Kb-Ahr08D +3 · Kb-Ahr08D +5

Name of the Vulnerable Software and Affected Versions: KB-AHR04D versions prior to 91110.1.101106.78 KB-AHR08D versions prior to 91210.1.101106.78 KB-AHR16D versions prior to 91310.1.101106.78 KB-IRIP04A versions prior to 95110.1.100290.78A KB-IRIP08A versions prior to 95210.1.100290.78A KB-IRIP1...

9.8CVSS7.9AI score0.00733EPSS

Exploits0References5

Positive Technologies•added 2023/06/13 12:0 a.m.•5 views

PT-2023-22965 · Kb-Ahr08D +3 · Kb-Ahr08D +5

9.8CVSS7.4AI score0.00703EPSS

Exploits0References5

CNNVD•added 2023/06/11 12:0 a.m.•3 views

Danfoss AK-EM100 web applications 命令注入漏洞

Danfoss AK-EM100 web applications is a web application from Danfoss, Denmark. It provides a web-based graphical user interface to the store that allows a range of everyday users to locally or remotely monitor data, alarms, and reports on all of their refrigeration equipment. A command injection...

9.9CVSS8.5AI score0.02302EPSS

Exploits0References5

Positive Technologies•added 2023/06/03 12:0 a.m.•6 views

PT-2023-24325 · Mitrastar · Mitrastar Gpt-2741Gnac

Name of the Vulnerable Software and Affected Versions: MitraStar GPT-2741GNAC router version AR g5.8 110WVN0b7 2 Description: A command injection issue was found in the ping functionality of the router. This issue allows an authenticated user to execute arbitrary OS commands by sending specially...

7.2CVSS8.4AI score0.28309EPSS

Exploits1References7

BDU FSTEC•added 2023/05/31 12:0 a.m.•4 views

The vulnerability of the /bin/boa component of D-Link’s router microprogramming software, DIR-619L and DIR-605L, allows a hacker to execute arbitrary commands.

The vulnerability of the /bin/boa microprogramming system components of D-Link’s DIR-619L and DIR-605L routers lies in the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

9CVSS8AI score0.07396EPSS

Exploits1References2Affected Software2

NVD•added 2023/05/30 2:15 a.m.•17 views

CVE-2023-27988

The post-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21AAZF.13C0 could allow an authenticated attacker with administrator privileges to execute some operating system OS commands on an affected device remotely...

7.2CVSS7.2AI score0.01415EPSS

Exploits0References1

ATTACKERKB•added 2023/05/23 2:15 a.m.•4 views

CVE-2023-28394

Beekeeper Studio versions prior to 3.9.9 allows a remote authenticated attacker to execute arbitrary JavaScript code with the privilege of the application on the PC where the affected product is installed. As a result, an arbitrary OS command may be executed as well...

8.8CVSS6.2AI score0.01388EPSS

Exploits0References4Affected Software1