Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

107 matches found

OSV
OSVadded 2020/04/28 2:15 p.m.37 views

CVE-2020-12078

An issue was discovered in Open-AudIT 3.3.1. There is shell metacharacter injection via attributes to an open-audit/configuration/ URI. An attacker can exploit this by adding an excluded IP address to the global discovery settings internally called excludeip. This excludeip value is passed to the...

8.8CVSS7AI score0.09999EPSS
Exploits3References4
Prion
Prionadded 2020/04/28 2:15 p.m.20 views

Design/Logic Flaw

An issue was discovered in Open-AudIT 3.3.1. There is shell metacharacter injection via attributes to an open-audit/configuration/ URI. An attacker can exploit this by adding an excluded IP address to the global discovery settings internally called excludeip. This excludeip value is passed to the...

9CVSS8.7AI score0.09999EPSS
Exploits3References4Affected Software1
CVE
CVEadded 2020/04/28 1:26 p.m.66 views

CVE-2020-12078

CVE-2020-12078 - Open-AudIT 3.3.1 : A shell metacharacter injection flaw exists in the open-audit/configuration/ URI. The exclude_ip value from global discovery settings is passed to an unfiltered exec in discoveries_helper.php (inside all_ip_list), allowing a payload to execute commands. Connect...

9CVSS8.7AI score0.09999EPSS
Exploits3References4Affected Software1
Cvelist
Cvelistadded 2020/04/28 1:26 p.m.21 views

CVE-2020-12078

An issue was discovered in Open-AudIT 3.3.1. There is shell metacharacter injection via attributes to an open-audit/configuration/ URI. An attacker can exploit this by adding an excluded IP address to the global discovery settings internally called excludeip. This excludeip value is passed to the...

8.7AI score0.09999EPSS
Exploits3References4
UbuntuCve
UbuntuCveadded 2019/11/21 3:15 p.m.22 views

CVE-2014-1937

Gamera before 3.4.1 insecurely creates temporary files...

7.5CVSS7.1AI score0.01317EPSS
Exploits0References1
OSV
OSVadded 2019/08/16 4:15 a.m.34 views

CVE-2018-20969

doedscript in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter...

7.8CVSS6.6AI score
Exploits0References9
NVD
NVDadded 2019/08/16 4:15 a.m.16 views

CVE-2018-20969

doedscript in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter...

9.3CVSS7.3AI score0.02706EPSS
Exploits1References9
UbuntuCve
UbuntuCveadded 2019/08/16 4:15 a.m.36 views

CVE-2018-20969

doedscript in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter...

9.3CVSS7.1AI score0.02706EPSS
Exploits1References3
Prion
Prionadded 2019/08/16 4:15 a.m.20 views

Code injection

doedscript in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter...

9.3CVSS7.3AI score0.0453EPSS
Exploits1References9Affected Software1
NVD
NVDadded 2019/06/19 7:15 p.m.16 views

CVE-2018-16593

The Photo Sharing Plus component on Sony Bravia TV through 8.587 devices allows Shell Metacharacter Injection...

8.8CVSS8.8AI score0.00913EPSS
Exploits0References2
OSV
OSVadded 2019/06/19 7:15 p.m.4 views

CVE-2018-16593

The Photo Sharing Plus component on Sony Bravia TV through 8.587 devices allows Shell Metacharacter Injection...

8.8CVSS5.8AI score0.00913EPSS
Exploits0References2
Cvelist
Cvelistadded 2019/06/19 6:18 p.m.17 views

CVE-2018-16593

The Photo Sharing Plus component on Sony Bravia TV through 8.587 devices allows Shell Metacharacter Injection...

8.8AI score0.00913EPSS
Exploits0References2
CVE
CVEadded 2019/06/19 6:18 p.m.103 views

CVE-2018-16593

CVE-2018-16593 affects Sony Bravia TV Photo Sharing Plus (up to version 8.587). The flaw is a shell metacharacter injection in the Photo Sharing Plus component, enabling arbitrary commands execution with root privileges if a device is on the same network. Exploitation is described as local/adjace...

8.8CVSS8.6AI score0.00913EPSS
Exploits0References2Affected Software1
OSV
OSVadded 2019/04/09 5:29 a.m.3 views

CVE-2019-10631

Shell Metacharacter Injection in the package installer on Zyxel NAS 326 version 5.21 and below allows an authenticated attacker to execute arbitrary code via multiple different requests...

8.8CVSS7.6AI score0.02291EPSS
Exploits1References1
Prion
Prionadded 2019/04/09 5:29 a.m.19 views

Design/Logic Flaw

Shell Metacharacter Injection in the package installer on Zyxel NAS 326 version 5.21 and below allows an authenticated attacker to execute arbitrary code via multiple different requests...

6.5CVSS9AI score0.02291EPSS
Exploits1References1Affected Software1
CVE
CVEadded 2019/04/09 4:59 a.m.55 views

CVE-2019-10631

CVE-2019-10631 describes a Shell Metacharacter Injection in the Zyxel NAS 326 package installer (versions 5.21 and earlier). An authenticated attacker can execute arbitrary code via multiple different requests. Affected product: Zyxel NAS 326 (Hopscotch). Root cause: shell metacharacter handling ...

8.8CVSS8.9AI score0.02291EPSS
Exploits1References1Affected Software1
CNVD
CNVDadded 2019/04/02 12:0 a.m.2 views

Grandstream GXP16xx Shell Metacharacter Injection Vulnerability

The Grandstream GXP16xx VoIP is a 16XX series IP phone from Grandstream. A shell metacharacter injection vulnerability exists in the SSH configuration interface of the Grandstream GXP16xx 1.0.4.128, which can be exploited by an attacker to execute arbitrary system commands and obtain a root shell...

10CVSS8AI score0.01935EPSS
Exploits0References1
NVD
NVDadded 2019/04/01 9:29 p.m.20 views

CVE-2018-17565

Shell Metacharacter Injection in the SSH configuration interface on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to execute arbitrary system commands and gain a root shell...

10CVSS10AI score0.01935EPSS
Exploits0References2
CVE
CVEadded 2019/04/01 8:51 p.m.53 views

CVE-2018-17565

The CVE-2018-17565 entry concerns a Shell Metacharacter Injection vulnerability in the SSH configuration interface of Grandstream GXP16xx VoIP phones (firmware 1.0.4.128). The vulnerability allows an attacker to execute arbitrary system commands and obtain a root shell. Public documents identify ...

10CVSS9.8AI score0.01935EPSS
Exploits0References2Affected Software1
NVD
NVDadded 2018/11/11 12:29 a.m.12 views

CVE-2018-19168

Shell Metacharacter Injection in www/modules/save.php in FruityWifi aka PatatasFritas/PatataWifi through 2.4 allows remote attackers to execute arbitrary code with root privileges via a crafted modname parameter in a POST request. NOTE: unlike in CVE-2018-17317, the attacker does not need a valid...

10CVSS9.4AI score0.06512EPSS
Exploits0References1
Rows per page
Query Builder