CVE-2014-3114

The EZPZ One Click Backup ezpz-one-click-backup plugin 12.03.10 and earlier for WordPress allows remote attackers to execute arbitrary commands via the cmd parameter to functions/ezpz-archive-cmd.php...

ILIAS Cross-Site Scripting Vulnerability (CNVD-2018-03162)

ILIAS is a Web-based learning management system developed by the ILIAS team. The system contains modules for course management, file sharing, and live chat. A cross-site scripting vulnerability exists in ILIAS. A remote attacker can exploit this vulnerability by sending a 'cmd' parameter to the...

ILIAS < 5.2.4 XSS Vulnerability

ILIAS eLearning is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

The vulnerability of the cmd parameter in D-Link router microprogramming devices such as D-Link DNS-320L, D-Link DNS-327L, D-Link DNR-326, D-Link DNS-320B, D-Link DNS-345, D-Link DNS-325, and D-Link DNS-322L allows attackers to bypass the authentication process.

The vulnerability of the cmd parameter in D-Link DNS-320L, D-Link DNS-327L, D-Link DNR-326, D-Link DNS-320B, D-Link DNS-345, D-Link DNS-325, and D-Link DNS-322L routers is related to deficiencies in authentication procedures. Exploiting this vulnerability allows a malicious actor to bypass...

phpFileManager cmd Parameter Command Execution

A remote command execution vulnerability exists in phpFileManager. The vulnerability is due to a design weakness when handling HTTP requests with "action" parameter set to 6 or 9. A remote user can exploit this vulnerability by injecting arbitrary command in the "cmd" parameter...

CVE-2009-4427

Directory traversal vulnerability in cmd.php in phpLDAPadmin 1.1.0.5 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the cmd parameter...

Directory traversal

Directory traversal vulnerability in cmd.php in phpLDAPadmin 1.1.0.5 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the cmd parameter...

CVE-2009-4427

Directory traversal vulnerability in cmd.php in phpLDAPadmin 1.1.0.5 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the cmd parameter...

DEBIAN-CVE-2009-4427

Directory traversal vulnerability in cmd.php in phpLDAPadmin 1.1.0.5 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the cmd parameter...

CVE-2007-6700

Cross-site scripting XSS vulnerability in cgi-bin/bgplg in the web interface for the BGPD daemon in OpenBSD 4.1 allows remote attackers to inject arbitrary web script or HTML via the cmd parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in cgi-bin/bgplg in the web interface for the BGPD daemon in OpenBSD 4.1 allows remote attackers to inject arbitrary web script or HTML via the cmd parameter...

CVE-2008-0148

CVE-2008-0148 affects TUTOS 1.3, where access to php/admin/cmd.php is not restricted, allowing remote attackers to execute arbitrary shell commands via the cmd parameter in a direct request. The vulnerability is described with a base CVSSv2 score of 10.0 (HIGH) and a complete impact on confidenti...

CVE-2007-5673

Cross-site scripting XSS vulnerability in cgi-bin/webif.exe in ifnet WebIf allows remote attackers to inject arbitrary web script or HTML via the cmd parameter...

CVE-2007-5673

CVE-2007-5673 is a confirmed cross-site scripting (XSS) vulnerability in the device’s web interface: specifically the cgi-bin/webif.exe component of the ifnet WebIf. The issue allows remote attackers to inject arbitrary web script or HTML via the cmd parameter, resulting in likely client-side scr...

Cross site scripting

Cross-site scripting XSS vulnerability in webevent.cgi in WebEvent 2.61 through 4.03 allows remote attackers to inject arbitrary web script or HTML via the cmd parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

MyCMS 0.9.8 - Remote Command Execution (2)

!/usr/bin/php -q -d shortopentag=on Thanks to rgod for the php code and Marty for the Love "; if $argcNo new score set"; elseif $score $data $file1 = "snakescore.txt"; $file2 = "snakesetby.txt"; $file1h = fopen$file1, 'w' or die"can't open file"; $file2h = fopen$file2, 'w' or die"can't open file"...

CVE-2007-2020

Unspecified vulnerability in administration.php in xodagallery allows remote attackers to execute arbitrary code via the cmd parameter. NOTE: CVE disputes this vulnerability because administration.php does not use the cmd parameter for inclusion...

PT-2007-3364 · Xo Design · Xodagallery

Name of the Vulnerable Software and Affected Versions: xodagallery affected versions not specified Description: The issue allows remote attackers to execute arbitrary code via the cmd parameter in administration.php. However, it's noted that administration.php does not use the cmd parameter for...

CVE-2007-1429

Multiple PHP remote file inclusion vulnerabilities in Moodle 1.7.1 allow remote attackers to execute arbitrary PHP code via a URL in the cmd parameter to 1 admin/utfdbmigrate.php or 2 filter.php...

CVE-2007-1429

CVE-2007-1429 affects Moodle 1.7.1, exposing remote PHP code execution via remote file inclusion. The vulnerability allows an attacker to supply a URL in the cmd parameter to either admin/utfdbmigrate.php or filter.php, leading to arbitrary code execution on the server. Multiple connected sources...