CVE-2019-9204

SQL injection vulnerability in Nagios IM component of Nagios XI before 2.2.7 allows attackers to execute arbitrary SQL commands...

CVE-2019-15027

The MediaTek Embedded Multimedia Card eMMC subsystem for Android on MT65xx, MT66xx, and MT8163 SoC devices allows attackers to execute arbitrary commands as root via shell metacharacters in a filename under /data, because clearemmcnomediaentry in platform/mt6577/external/meta/emmc/metaclremmc.c...

CVE-2019-15348

The Tecno Camon Android device with a build fingerprint of TECNO/H612/TECNO-ID5a:8.1.0/O11019/F-180828V106:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer versionCode=7, versionName=7.0.11. This app contains an exported service named...

CVE-2019-17526

An issue was discovered in SageMath Sage Cell Server through 2019-10-05. Python Code Injection can occur in the context of an internet facing web application. Malicious actors can execute arbitrary commands on the underlying operating system, as demonstrated by an import'os'.popen'whoami'.read...

CVE-2018-12692

TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the wpssetuppin parameter to /data/wps.setup.json...

CVE-2014-5023

Repository.php in Gitter, as used in Gitlist, allows remote attackers with commit privileges to execute arbitrary commands via shell metacharacters in a branch name, as demonstrated by a "git checkout -b" command...

CVE-2014-5112

maint/modules/home/index.php in Fonality trixbox allows remote attackers to execute arbitrary commands via shell metacharacters in the lang parameter...

CVE-2019-9653

NUUO Network Video Recorder Firmware 1.7.x through 3.3.x allows unauthenticated attackers to execute arbitrary commands via shell metacharacters to handleloadconfig.php...

CVE-2019-20197

In Nagios XI 5.6.9, an authenticated user is able to execute arbitrary OS commands via shell metacharacters in the id parameter to schedulereport.php, in the context of the web-server user account...

CVE-2019-10796

rpi through 0.0.3 allows execution of arbritary commands. The variable pinNumbver in function GPIO within src/lib/gpio.js is used as part of the arguement of exec function without any sanitization...

CVE-2018-17228

nmap4j 1.1.0 allows attackers to execute arbitrary commands via shell metacharacters in an includeHosts call...

CVE-2017-7647

SolarWinds Log & Event Manager LEM before 6.3.1 Hotfix 4 allows an authenticated user to execute arbitrary commands...

CVE-2013-1947

kelredd-pruview gem 0.3.8 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument to 1 document.rb, 2 video.rb, or 3 videoimage.rb...

CVE-2013-1177

SQL injection vulnerability in Cisco Network Admission Control NAC Manager before 4.8.3.1 and 4.9.x before 4.9.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCub23095...

CVE-2013-5647

lib/sounder/sound.rb in the sounder gem 1.0.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a filename...

CVE-2019-5497

NetApp AFF A700s Baseboard Management Controller BMC firmware versions 1.22 and higher were shipped with a default account enabled that could allow unauthorized arbitrary command execution...

CVE-2019-19034

Zoho ManageEngine Asset Explorer 6.5 does not validate the System Center Configuration Manager SCCM database username when dynamically generating a command to schedule scans for SCCM. This allows an attacker to execute arbitrary commands on the AssetExplorer Server with NT AUTHORITY/SYSTEM...

CVE-2019-10802

giting version prior to 0.0.8 allows execution of arbritary commands. The first argument "repo" of function "pull" is executed by the package without any validation...

CVE-2019-10799

compile-sass prior to 1.0.5 allows execution of arbritary commands. The function "setupCleanupOnExitcssPath" within "dist/index.js" is executed as part of the "rm" command without any sanitization...

CVE-2011-4201

remotesupport.cgi in the Tadasoft Restorepoint 3.2 evaluation image allows remote attackers to execute arbitrary commands via shell metacharacters in the 1 pid1 or 2 pid2 parameter in a stopremotesupport action...