11236 matches found
Pandora FMS 7.0NG - Remote Command Injection
Pandora FMS 7.0NG allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ipsrc parameter in an index.php?operation/netflow/nfliveview request. id: CVE-2019-20224 info: name: Pandora FMS 7.0NG - Remote Command Injection author: ritikchaddha severity: hig...
Appium Desktop Server - Remote Code Execution
OS Command Injection in GitHub repository appium/appium-desktop prior to v1.22.3-4. id: CVE-2023-2479 info: name: Appium Desktop Server - Remote Code Execution author: zn9988 severity: critical description: | OS Command Injection in GitHub repository appium/appium-desktop prior to v1.22.3-4...
Media Library Assistant < 3.09 - Remote Code Execution/Local File Inclusion
A vulnerability in the Wordpress Media-Library-Assistant plugins in version 3.09 is vulnerable to a local file inclusion which leading to RCE on default Imagegick installation/configuration. id: CVE-2023-4634 info: name: Media Library Assistant 3.09 - Remote Code Execution/Local File Inclusion...
Blink Router - Command Injection
Blink routers BL-WR9000 V2.4.9 , BL-AC2100AZ3 V1.0.4, BL-X10AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200AT1 v1.0.0, BL-X26AC8 v1.2.8, BLAC450MAE4 v4.0.0 and BL-X26DA3 v1.2.7 were discovered to contain a command injection vulnerability via the bsSetSSIDHide function. id: CVE-2025-45985 info: name: Blin...
Embedded JavaScript(EJS) 3.1.6 - Template Injection
ejs v3.1.9 is vulnerable to server-side template injection. If the ejs file is controllable, template injection can be implemented through the configuration settings of the closeDelimiter parameter. id: CVE-2023-29827 info: name: Embedded JavaScriptEJS 3.1.6 - Template Injection author:...
LyLme-Spage - Arbitary File Upload
An arbitrary file upload vulnerability in the component /include/file.php of lylmespage v1.9.5 allows attackers to execute arbitrary code via uploading a crafted file. id: CVE-2024-34982 info: name: LyLme-Spage - Arbitary File Upload author: DhiyaneshDk severity: high description: | An arbitrary...
TurboMeeting - Post-Authentication Command Injection
The Certificate Signing Request CSR feature in the admin portal of the application is vulnerable to command injection. This vulnerability could allow authenticated admin users to execute arbitrary commands on the underlying server by injecting malicious input into the CSR generation process. The...
Chaosblade < 1.7.4 - Remote Code Execution
exec.CommandContext in Chaosblade 0.3 through 1.7.3, when server mode is used, allows OS command execution via the cmd parameter without authentication. id: CVE-2023-47105 info: name: Chaosblade 1.7.4 - Remote Code Execution author: s4e-io severity: high description: | exec.CommandContext in...
IBM Operational Decision Manager - JNDI Injection
IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 279145. id: CVE-2024-22319 info: name: IBM Operational Decision Manager -...
Citrix ShareFile StorageZones Controller - Unauthenticated Remote Code Execution
A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller. id: CVE-2023-24489 info: name: Citrix ShareFile StorageZones...
Fujian Kelixin Communication - Command Injection
A vulnerability was found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240318 and classified as critical. Affected by this issue is some unknown functionality of the file api/client/user/pwdupdate.php. id: CVE-2024-2621 info: name: Fujian Kelixin Communication - Command...
Change Detection - Server Side Template Injection
A Server Side Template Injection in changedetection.io caused by usage of unsafe functions of Jinja2 allows Remote Command Execution on the server host. id: CVE-2024-32651 info: name: Change Detection - Server Side Template Injection author: edoardottt severity: critical description: | A Server...
Cassia Gateway Firmware - Remote Code Execution
In Cassia Gateway firmware XC10002.1.1.2303082218 and XC20002.1.1.2303090947, the queueUrl parameter in /bypass/config is not sanitized. This leads to injecting Bash code and executing it with root privileges on device startup. id: CVE-2023-31446 info: name: Cassia Gateway Firmware - Remote Code...
cPH2 Charging Station v1.87.0 - OS Command Injection
An OS command injection vulnerability in Hardy Barth cPH2 Ladestation v1.87.0 and earlier, may allow an unauthenticated remote attacker to execute arbitrary commands on the system via a specifically crafted arguments passed to the connectivity check feature. id: CVE-2023-46359 info: name: cPH2...
WAVLINK WN530H4 live_api.cgi - Command Injection
A remote command-line injection vulnerability in the /cgi-bin/liveapi.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication. id: CVE-2020-12124 info: name: WAVLINK WN530H4 liveapi.cgi - Command Injection author...
Faculty Evaluation System v1.0 - Remote Code Execution
Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via /eval/ajax.php?action=saveuser. id: CVE-2023-33440 info: name: Faculty Evaluation System v1.0 - Remote Code Execution author: Harsh severity: high description: | Sourcecodester Faculty Evaluation System v1...
Cuppa CMS v1.0 - Remote Code Execution
CuppaCMS 1.0 is vulnerable to Remote Code Execution RCE. An authenticated user can control both parameters action and function from "/api/index.php. id: CVE-2022-37190 info: name: Cuppa CMS v1.0 - Remote Code Execution author: theamanrawat severity: high description: | CuppaCMS 1.0 is vulnerable ...
VMware Aria Operations for Logs - Unauthenticated Remote Code Execution
VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root. id: CVE-2023-20864 info: name: VMware Aria Operations for Logs - Unauthenticated Remo...
WooCommerce Checkout Field Manager < 18.0 - Arbitrary File Upload
The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server. id: CVE-2022-4328 info: name: WooCommerce Checkout Field Manager 18.0 - Arbitrary File Uploa...
TOTOLINK EX1800T TOTOLINK EX1800T - Command Injection
TOTOLINK EX1800T V9.1.0cu.2112B20220316 has a vulnerability in the apcliEncrypType parameter that allows unauthorized execution of arbitrary commands, allowing an attacker to obtain device administrator privileges. id: CVE-2024-34257 info: name: TOTOLINK EX1800T TOTOLINK EX1800T - Command Injecti...