19611 matches found
CVE-2020-8963
TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.007, SR9210 1.0.007, SR9750 1.0.007, SR9850 1.0.007, T100 1.0.003, T300 1.0.003, and T550 1.0.003 devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the t3.cgi srmodel or srtime parameter...
CVE-2020-7129
A remote execution of arbitrary commands vulnerability was discovered in Aruba Airwave Software versions: Prior to 1.3.2...
CVE-2020-5626
Logstorage version 8.0.0 and earlier, and ELC Analytics version 3.0.0 and earlier allow remote attackers to execute arbitrary OS commands via a specially crafted log file...
CVE-2020-5601
Chrome Extension for e-Tax Reception System Ver1.0.0.0 allows remote attackers to execute an arbitrary command via unspecified vectors...
CVE-2020-5505
Freelancy v1.0.0 allows remote command execution via the "file":"data:application/x-php;base64 substring in conjunction with "type":"application/x-php" to the /api/files/ URI...
CVE-2020-25755
An issue was discovered on Enphase Envoy R3.x and D4.x and other current devices. The upgradestart function in /installer/upgradestart allows remote authenticated users to execute arbitrary commands via the force parameter...
CVE-2020-28250
Cellinx NVT Web Server 5.0.0.014b.test 2019-09-05 allows a remote user to run commands as root via SetFileContent.cgi because authentication is on the client side...
CVE-2020-26878
Ruckus through 1.5.1.0.21 is affected by remote command injection. An authenticated user can submit a query to the API /service/v1/createUser endpoint, injecting arbitrary commands that will be executed as root user via web.py...
CVE-2020-24948
The aoccssimport AJAX call in Autoptimize Wordpress Plugin 2.7.6 does not ensure that the file provided is a legitimate Zip file, allowing high privilege users to upload arbitrary files, such as PHP, leading to remote command execution...
CVE-2020-24949
Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user not admin to send a crafted request to the server and perform remote command execution RCE...
CVE-2020-24770
SQL injection vulnerability in modrules.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter...
CVE-2020-24364
MineTime through 1.8.5 allows arbitrary command execution via the notes field in a meeting. Could lead to RCE via meeting invite...
CVE-2020-20298
Eval injection vulnerability in the parserCommom method in the ParserTemplate class in zzztemplate.php in zzzphp 1.7.2 allows remote attackers to execute arbitrary commands...
CVE-2020-19664
DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi...
CVE-2020-14950
aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a modified /system?action=ServiceAdmin request start, stop, or restart to the setting menu of Sotfware Store...
CVE-2020-17496
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widgettabbedcontainertabpanel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759...
CVE-2025-32813
An issue was discovered in Infoblox NETMRI before 7.6.1. Remote Unauthenticated Command Injection can occur...
CVE-2025-32813
An issue was discovered in Infoblox NETMRI before 7.6.1. Remote Unauthenticated Command Injection can occur...
CVE-2020-16087
An issue was discovered in Zalo.exe in VNG Zalo Desktop 19.8.1.0. An attacker can run arbitrary commands on a remote Windows machine running the Zalo client by sending the user of the device a crafted file...
CVE-2020-13852
Artica Pandora FMS 7.44 allows arbitrary file upload leading to remote command execution via the File Manager feature...