CVE-2021-20853

ELECOM LAN routers WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior allows a network-adjacent attacker with an administrator privilege to execute arbitrary OS commands via unspecified vectors...

CVE-2020-10056

A vulnerability has been identified in License Management Utility LMU All versions V2.4. The lmgrd service of the affected application is executed with local SYSTEM privileges on the server while its configuration can be modified by local users. The vulnerability could allow a local authenticated...

CVE-2020-0391

In applyPolicy of PackageManagerService.java, there is possible arbitrary command execution as System due to an unenforced protected-broadcast. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2020-8946

Netis WF2471 v1.2.30142 devices allow an authenticated attacker to execute arbitrary OS commands via shell metacharacters in the /cgi-bin-igd/syslogclean.cgi log3gtype parameter...

CVE-2020-7606

docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. Within 'index.js' of the package, the function 'execserviceName, cmd, fnStdout, fnStderr, fnExit' uses the variable 'serviceName' which can be controlled by users without any sanitization...

CVE-2020-13976

An issue was discovered in DD-WRT through 16214. The Diagnostic page allows remote attackers to execute arbitrary commands via shell metacharacters in the host field of the ping command. Exploitation through CSRF might be possible. NOTE: software maintainers consider the report invalid because it...

CVE-2020-25483

An arbitrary command execution vulnerability exists in the fopen function of file writes of UCMS v1.4.8, where an attacker can gain access to the server...

CVE-2020-28026

Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations that enable Delivery Status Notification DSN. Certain uses of ORCPT= can place a newline into a spool header file, and indirectly allow unauthenticated remote attackers to execute arbitrary...

CVE-2020-8270

An unprivileged Windows user on the VDA or an SMB user can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285871 and CTX285872, 7.15 LTSR CU6 hotfix CTX285341 and CTX285342...

CVE-2020-8149

Lack of output sanitization allowed an attack to execute arbitrary shell commands via the logkitty npm package before version 0.7.1...

CVE-2020-8269

An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9...

CVE-2020-26124

openmediavault before 4.1.36 and 5.x before 5.5.12 allows authenticated PHP code injection attacks, via the sortfield POST parameter of rpc.php, because jsonencodesafe is not used in config/databasebackend.inc. Successful exploitation allows arbitrary command execution on the underlying operating...

CVE-2020-2159

Jenkins CryptoMove Plugin 0.1.33 and earlier allows attackers with Job/Configure access to execute arbitrary OS commands on the Jenkins master as the OS user account running Jenkins...

CVE-2014-8366

SQL injection vulnerability in openSIS 4.5 through 5.3 allows remote attackers to execute arbitrary SQL commands via the Username and password to index.php...

CVE-2018-14996

The Oppo F5 Android device with a build fingerprint of OPPO/CPH1723/CPH1723:7.1.1/N6F26Q/1513597833:user/release-keys contains a pre-installed platform app with a package name of com.dropboxchmod versionCode=1, versionName=1.0 that contains an exported service named...

CVE-2013-3628

Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability...

CVE-2013-5556

The license-installation module on the Cisco Nexus 1000V switch 4.21SV15.2b and earlier for VMware vSphere, Cisco Nexus 1000V switch 5.21SM15.1 for Microsoft Hyper-V, and Cisco Virtual Security Gateway 4.21VSG11 for Nexus 1000V switches allows local users to gain privileges and execute arbitrary...

CVE-2013-4203

The self.rungpg function in lib/rgpg/gpghelper.rb in the rgpg gem before 0.2.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors...

CVE-2013-4731

ajax.cgi in the web interface on the Choice Wireless Green Packet WIXFMR-111 4G WiMax modem allows remote attackers to execute arbitrary commands via shell metacharacters in the pip parameter in an Ajax tagipPing request, a different vulnerability than CVE-2013-3581...

CVE-2013-4789

SQL injection vulnerability in modules/rss/rss.php in Cotonti before 0.9.14 allows remote attackers to execute arbitrary SQL commands via the "c" parameter to index.php...