CVE-2018-19025

In JUUKO K-808, an attacker could specially craft a packet that encodes an arbitrary command, which could be executed on the K-808 Firmware versions prior to numbers ending ...9A, ...9B, ...9C, etc...

CVE-2018-4061

An exploitable command injection vulnerability exists in the ACEManager iplogging.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can inject arbitrary commands, resulting in arbitrary command execution. An attacker can send an authenticated HTTP reque...

CVE-2021-27710

Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes glibc's system...

CVE-2021-33191

From Apache NiFi MiNiFi C++ version 0.5.0 the c2 protocol implements an "agent-update" command which was designed to patch the application binary. This "patching" command defaults to calling a trusted binary, but might be modified to an arbitrary value through a "c2-update" command. Said command ...

CVE-2021-33731

A vulnerability has been identified in SINEC NMS All versions V1.0 SP2 Update 1. A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application...

CVE-2021-22801

A CWE-269: Improper Privilege Management vulnerability exists that could cause an arbitrary command execution when the software is configured with specially crafted event actions. Affected Product: ConneXium Network Manager Software All Versions...

CVE-2022-38826

In TOTOLINK T6 V4.1.5cu.709B20210518, there is an execute arbitrary command in cstecgi.cgi...

CVE-2022-23329

A vulnerability in $"freemarker.template.utility.Execute"?new of UJCMS Jspxcms v10.2.0 allows attackers to execute arbitrary commands via uploading malicious files...

CVE-2022-33948

HOME SPOT CUBE2 V102 contains an OS command injection vulnerability due to improper processing of data received from DHCP server. An adjacent attacker may execute an arbitrary OS command on the product if a malicious DHCP server is placed on the WAN side of the product...

CVE-2022-26212

Totolink A830R V5.9c.4729B20191112, A3100R V4.1.2cu.5050B20200504, A950RG V4.1.2cu.5161B20200903, A800R V4.1.2cu.5137B20200730, A3000RU V5.9c.5185B20201128, and A810R V4.1.2cu.5182B20201026 were discovered to contain a command injection vulnerability in the function setDeviceName, via the deviceM...

CVE-2022-26999

Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the static ip settings function via the wanipstat, wanmaskstat, wangwstat, and wandns1stat parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2022-26211

Totolink A830R V5.9c.4729B20191112, A3100R V4.1.2cu.5050B20200504, A950RG V4.1.2cu.5161B20200903, A800R V4.1.2cu.5137B20200730, A3000RU V5.9c.5185B20201128, and A810R V4.1.2cu.5182B20201026 were discovered to contain a command injection vulnerability in the function CloudACMunualUpdate, via the...

CVE-2022-26992

Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the ddns function via the DdnsUserName, DdnsHostName, and DdnsPassword parameters. This vulnerability allows attackers to execute arbitrary commands...

CVE-2022-35555

A command injection vulnerability exists in /goform/exeCommand in Tenda W6 V1.0.0.94122, which allows attackers to construct cmdinput parameters for arbitrary command execution...

CVE-2011-0703

In gksu-polkit before 0.0.3, the source file for xauth may contain arbitrary commands that may allow an attacker to overtake an administrator X11 session...

CVE-2020-7602

node-prompt-here through 1.0.1 allows execution of arbitrary commands. The "runCommand" is called by "getDevices" function in file "linux/manager.js", which is required by the "index. process.env.NMCLI" in the file "linux/manager.js". This function is used to construct the argument of function...

CVE-2020-7604

pulverizr through 0.7.0 allows execution of arbitrary commands. Within "lib/job.js", the variable "filename" can be controlled by the attacker. This function uses the variable "filename" to construct the argument of the exec call without any sanitization. In order to successfully exploit this...

CVE-2020-7199

A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software. The vulnerability could be remotely exploited to bypass remote authentication leading to execution of arbitrary commands, gaining privileged...

CVE-2020-7623

jscover through 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary command via the source argument...

CVE-2020-7636

adb-driver through 0.1.8 is vulnerable to Command Injection.It allows execution of arbitrary commands via the command function...