CVE-2019-3986

Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the encryption parameter...

CVE-2019-5390

A remote command injection vulnerability was identified in HPE Intelligent Management Center IMC PLAT earlier than version 7.3 E0506P09...

CVE-2019-15954

An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the widgets privilege can gain achieve Remote Command Execution RCE on the remote server by creating a malicious widget with a special tag containing JavaScript code that will be evaluated server side. In the process of...

CVE-2019-6579

A vulnerability has been identified in Spectrum Power 4 with Web Office Portal. An attacker with network access to the web server on port 80/TCP or 443/TCP could execute system commands with administrative privileges. The security vulnerability could be exploited by an unauthenticated attacker wi...

CVE-2019-13561

D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to execute arbitrary commands via shell metacharacters in the onlinefirmwarecheck.cgi checkfwurl parameter...

CVE-2019-17364

The processCommandUploadLog function of libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user...

CVE-2019-17642

An issue was discovered in Centreon before 18.10.8, 19.10.1, and 19.04.2. It allows CSRF with resultant remote command execution via shell metacharacters in a POST to centreon-autodiscovery-server/views/scan/ajax/call.php in the Autodiscovery plugin...

CVE-2011-3626

Double free vulnerability in the prepareexec function in src/exec.c in Logsurfer 1.5b and earlier, and Logsurfer+ 1.7 and earlier, allows remote attackers to execute arbitrary commands via crafted strings in a log file...

CVE-2011-5274

The drawAdminToolsPackageInstaller function in shared/inc/forms/packager.php in Domain Technologie Control DTC before 0.32.11 allows remote attackers to execute arbitrary commands via shell metacharacters in the dtcpkgdirectory parameter in a doinstall action to dtc/...

CVE-2011-5102

The Investigative Reports web interface in the TRITON management console in Websense Web Security 7.1 before Hotfix 109, 7.1.1 before Hotfix 06, 7.5 before Hotfix 78, 7.5.1 before Hotfix 12, 7.6 before Hotfix 24, and 7.6.2 before Hotfix 12; Web Filter; Web Security Gateway; and Web Security Gatew...

CVE-2019-9945

SoftNAS Cloud 4.2.0 and 4.2.1 allows remote command execution. The NGINX default configuration file has a check to verify the status of a user cookie. If not set, a user is redirected to the login page. An arbitrary value can be provided for this cookie to access the web interface without valid...

CVE-2019-8387

MASTER IPCAMERA01 3.3.4.2103 devices allow Remote Command Execution, related to the thttpd component...

CVE-2019-6783

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. GitLab Pages contains a directory traversal vulnerability that could lead to remote command execution...

CVE-2019-5987

Access analysis CGI An-Analyzer released in 2019 June 24 and earlier allows remote authenticated attackers to execute arbitrary OS commands via the Management Page...

CVE-2019-19842

emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=spectra-analysis to admin/cmdstat.jsp via the mac attribute...

CVE-2019-3987

Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the key parameter...

CVE-2019-14923

EyesOfNetwork 5.1 allows Remote Command Execution via shell metacharacters in the module/toolall/ host field...

CVE-2019-16057

The loginmgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection...

CVE-2019-7296

typora through 0.9.64 has XSS, with resultant remote command execution, during inline rendering of a mathematical formula...

CVE-2019-19538

In Sangoma FreePBX 13 through 15 and sysadmin aka System Admin 13.0.92 through 15.0.13.6 modules have a Remote Command Execution vulnerability that results in Privilege Escalation...