30 matches found
EUVD-2017-17712
Malware in sbrugna...
CVE-2024-28011
Hidden Functionality vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX-MS, WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP,...
CVE-2025-24864
Incorrect access permission of a specific folder issue exists in RemoteView Agent for Windows versions prior to v8.1.5.2. If this vulnerability is exploited, a non-administrative user on the remote PC may execute an arbitrary OS command with LocalSystem privilege...
CVE-2025-24864
CVE-2025-24864 affects RemoteView Agent (Windows) prior to v8.1.5.2. Root cause: incorrect access permissions on a specific folder (CWE-276) allowing a non-administrative remote-access user to execute arbitrary OS commands with LocalSystem privileges. Impact: local user on a remote PC gains full ...
CVE-2024-33439
An issue in Kasda LinkSmart Router KW5515 v1.7 and before allows an authenticated remote attacker to execute arbitrary OS commands via cgi parameters...
JVN#58236836: Multiple vulnerabilities in BUFFALO wireless LAN routers
Multiple wireless LAN routers provided by BUFFALO INC. contain multiple vulnerabilities listed below. Plaintext storage of a password CWE-256 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Base Score 6.5 CVE-2024-23486 OS Command Injection CWE-78 CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base...
Exploit for Deserialization of Untrusted Data in Nextgen Mirth_Connect
CVE-2023-43208 - Mirth Connect Remote Code Execution RCE Exp...
CVE-2023-30766
Hidden functionality issue exists in KB-AHR series and KB-IRIP series. If this vulnerability is exploited, an arbitrary OS command may be executed on the product or the device settings may be altered. Affected products and versions are as follows: KB-AHR04D versions prior to 91110.1.101106.78,...
Siemens SCALANCE M875 Arbitrary OS Command Execution (CVE-2018-4859)
A vulnerability has been identified in SCALANCE M875 All versions. An authenticated remote attacker with access to the web interface 443/tcp, could execute arbitrary operating system commands. Successful exploitation requires that the attacker has network access to the web interface. The attacker...
Siemens SCALANCE M875 Arbitrary OS Command Execution (CVE-2018-4860)
A vulnerability has been identified in SCALANCE M875 All versions. An authenticated remote attacker with access to the web interface 443/tcp, could execute arbitrary operating system commands. Successful exploitation requires that the attacker has network access to the web interface. The attacker...
JVN#57296685: Multiple vulnerabilities in PIXELA PIX-RT100
PIX-RT100 provided by PIXELA CORPORATION contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2023-22304 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H| Base Score: 8.0 CVSS v2| AV:A/AC:L/Au:S/C:C/I:C/A:C| Base Score: 7.7...
CVE-2022-45145
egg-compile.scm in CHICKEN 5.x before 5.3.1 allows arbitrary OS command execution during package installation via escape characters in a .egg file...
CVE-2022-45145
CVE-2022-45145 concerns CHICKEN 5.x; vulnerability exists in egg-compile.scm that allows arbitrary OS command execution during package installation via escaped characters in a .egg file. Root cause: insecure handling in egg-compile.scm leading to command injection during installation. Affected: C...
CVE-2022-29078
The ejs aka Embedded JavaScript templates package 3.1.6 for Node.js allows server-side template injection in settingsview optionsoutputFunctionName. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command which is executed upon template...
CVE-2021-21805
CVE-2021-21805 affects Advantech R-SeeNet v2.4.12. The ping.php script is vulnerable to remote OS command injection via specially crafted HTTP requests, enabling arbitrary commands execution without credentials. The Nuclei template and Red Hat/other feeds corroborate remote execution risk; report...
CVE-2021-20658
SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to execute arbitrary OS commands with the web server privilege via unspecified vectors...
CVE-2021-20639
LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute arbitrary OS commands via unspecified vectors...
CVE-2020-19142
The CVE-2020-19142 entry describes a vulnerability in iCMS 7 where an attacker can execute arbitrary OS commands by injecting shell metacharacters into the DB_PREFIX parameter used by install/install.php. The issue permits unauthenticated remote command execution with high to critical impact (as ...
CVE-2020-19527
iCMS 7.0.14 attackers to execute arbitrary OS commands via shell metacharacters in the DBNAME parameter to install/install.php...
CVE-2020-13978
Monstra CMS 3.0.4 allows an attacker, who already has administrative access to modify .chunk.php files on the Edit Chunk screen, to execute arbitrary OS commands via the Theme Module by visiting the admin/index.php?id=themes&action=editchunk URI. NOTE: there is no indication that the Edit Chunk...