CVE-2021-33730

A vulnerability has been identified in SINEC NMS All versions V1.0 SP2 Update 1. A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application...

CVE-2021-33523

MashZone NextGen through 10.7 GA allows a remote authenticated user, with access to the admin console, to upload a new JDBC driver that can execute arbitrary commands on the underlying host. This occurs in com.idsscheer.ppmmashup.business.jdbc.DriverUploadController...

CVE-2021-33356

Multiple privilege escalation vulnerabilities in RaspAP 1.5 to 2.6.5 could allow an authenticated remote attacker to inject arbitrary commands to /installers/common.sh component that can result in remote command execution with root privileges...

CVE-2021-33964

China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /api/ZRRuleFilter/setfirewalllevel which receives parameters by POST request, and the parameter firewalllevel has a command injection vulnerability. An attacker can use the vulnerability to execute remote commands...

CVE-2021-33191

From Apache NiFi MiNiFi C++ version 0.5.0 the c2 protocol implements an "agent-update" command which was designed to patch the application binary. This "patching" command defaults to calling a trusted binary, but might be modified to an arbitrary value through a "c2-update" command. Said command ...

CVE-2021-33731

A vulnerability has been identified in SINEC NMS All versions V1.0 SP2 Update 1. A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application...

CVE-2021-33357

A vulnerability exists in RaspAP 2.6 to 2.6.5 in the "iface" GET parameter in /ajax/networking/getnetcfg.php, when the "iface" parameter value contains special characters such as ";" which enables an unauthenticated attacker to execute arbitrary OS commands...

CVE-2021-33735

A vulnerability has been identified in SINEC NMS All versions V1.0 SP2 Update 1. A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application...

CVE-2021-28254

A deserialization vulnerability in the destruct function of Laravel v8.5.9 allows attackers to execute arbitrary commands...

CVE-2021-28119

Twinkle Tray aka twinkle-tray through 1.13.3 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal API...

CVE-2021-28999

SQL Injection vulnerability in CMS Made Simple through 2.2.15 allows remote attackers to execute arbitrary commands via the m1sortby parameter to modules/News/function.adminarticlestab.php...

CVE-2021-31760

Webmin 1.973 is affected by Cross Site Request Forgery CSRF to achieve Remote Command Execution RCE through Webmin's running process feature...

CVE-2021-22990

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, on systems with Advanced WAF or BIG-IP ASM provisioned, the Traffic Management User Interface TMUI, also referred to as the...

CVE-2021-22989

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, when running in Appliance mode with Advanced WAF or BIG-IP ASM provisioned, the TMUI, also referred to as the Configuration utility,...

CVE-2021-22352

There is a Configuration Defect Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may allow attackers to hijack the device and forge UIs to induce users to execute malicious commands...

CVE-2021-22987

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3 when running in Appliance mode, the Traffic Management User Interface TMUI, also referred to as the Configuration utility, has an...

CVE-2021-22988

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, TMUI, also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed page...

CVE-2021-22153

A Remote Code Execution vulnerability in the Management Console component of BlackBerry UEM versions 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially cause the spreadsheet application to run commands on the victim’s local machine with the authority of th...

CVE-2021-22801

A CWE-269: Improper Privilege Management vulnerability exists that could cause an arbitrary command execution when the software is configured with specially crafted event actions. Affected Product: ConneXium Network Manager Software All Versions...

CVE-2016-10322

Synology Photo Station before 6.3-2958 allows remote authenticated guest users to execute arbitrary commands via shell metacharacters in the X-Forwarded-For HTTP header to photo/login.php...