CVE-2020-29311

Ubilling v1.0.9 allows Remote Command Execution as Root user by executing a malicious command that is injected inside the config file and being triggered by another part of the software...

CVE-2020-26582

D-Link DAP-1360U before 3.0.1 devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the IP JSON value for ping aka resconfigaction=3configid=18...

CVE-2020-5624

SQL injection vulnerability in the XooNIps 3.48 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2020-14425

Foxit Reader before 10.0 allows Remote Command Execution via the app.opencPDFWebPage JavsScript API. An attacker can execute local files and bypass the security dialog...

CVE-2020-13887

documentsadd.php in Kordil EDMS through 2.2.60rc3 allows Remote Command Execution because .php files can be uploaded to the documents folder...

CVE-2020-23691

YFCMF v2.3.1 has a Remote Command Execution RCE vulnerability in the index.php...

CVE-2020-11490

Manage::Certificates in Zen Load Balancer 3.10.1 allows remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the index.cgi certissuer, certdivision, certorganization, certlocality, certstate, certcountry, or certemail parameter...

CVE-2020-21564

An issue was discovered in Pluck CMS 4.7.10-dev2 and 4.7.11. There is a file upload vulnerability that can cause a remote command execution via admin.php?action=files...

CVE-2020-25952

SQL injection vulnerability in PHPGurukul User Registration & Login and User Management System With admin panel 2.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication...

CVE-2020-14414

NeDi 1.9C is vulnerable to Remote Command Execution. pwsec.php improperly escapes shell metacharacters from a POST request. An attacker can exploit this by crafting an arbitrary payload any system commands that contains shell metacharacters via a POST request with a pw parameter. This can also be...

CVE-2020-24631

A remote execution of arbitrary commands vulnerability was discovered in Aruba Airwave Software versions: Prior to 1.3.2...

CVE-2020-15541

SolarWinds Serv-U FTP server before 15.2.1 allows remote command execution...

CVE-2020-14947

OCS Inventory NG 2.7 allows Remote Command Execution via shell metacharacters to require/commandLine/CommandLine.php because mibfile in plugins/mainsections/msconfig/mssnmpconfig.php is mishandled in getmiboid...

CVE-2020-15901

In Nagios XI before 5.7.3, ajaxhelper.php allows remote authenticated attackers to execute arbitrary commands via cmdsubsys...

CVE-2020-13851

Artica Pandora FMS 7.44 allows remote command execution via the events feature...

CVE-2020-13855

Artica Pandora FMS 7.44 allows arbitrary file upload leading to remote command execution via the File Repository Manager feature...

CVE-2020-10213

An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the wpsstaenrolleepin parameter in a setstaenrolleepin.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected...

CVE-2020-35715

Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote authenticated users to execute arbitrary commands via shell metacharacters in a filename to the uploadsettings.cgi page...

CVE-2020-9374

On TP-Link TL-WR849N 0.9.1 4.16 devices, a remote command execution vulnerability in the diagnostics area can be exploited when an attacker sends specific shell metacharacters to the panel's traceroute feature...

CVE-2020-9463

Centreon 19.10 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the serverip field in JSON data in an api/internal.php?object=centreonconfigurationremote request...