Lucene search
K

71136 matches found

Nuclei
Nuclei
added yesterday33 views

TerraMaster TOS <.1.29 - Remote Code Execution

TerraMaster TOS before 4.1.29 has invalid parameter checking that leads to code injection as root. This is a dynamic class method invocation vulnerability in include/exportUser.php, in which an attacker can trigger a call to the exec method with for example OS commands in the opt parameter. id:...

10CVSS7.2AI score0.28495EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday86 views

Linksys RE7000 - Command Injection

Linksys RE7000 v2.0.9, v2.0.11, and v2.0.15 have a command execution vulnerability in the "AccessControlList" parameter of the access control function point id: CVE-2024-25852 info: name: Linksys RE7000 - Command Injection author: s4e-io severity: high description: | Linksys RE7000 v2.0.9, v2.0.1...

8.8CVSS7.3AI score0.16519EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday23 views

YouPHPTube Encoder - Arbitrary File Write

Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube.The parameter base64Url in /objects/getImageMP4.php is vulnerable to a command injection attack. id: CVE-2019-5128 info: name: YouPHPTube Encoder - Arbitrary...

10CVSS7.2AI score0.30174EPSS
Exploits1References1
Nuclei
Nuclei
added yesterday74 views

Citrix SD-WAN Center - Remote Command Injection

Citrix SD-WAN Center is susceptible to remote command injection via the ping function in DiagnosticsController, which does not sufficiently validate or sanitize HTTP request parameter values used to construct a shell command. An attacker can trigger this vulnerability by routing traffic through t...

10CVSS7.3AI score0.42551EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday126 views

YouPHPTube Encoder 2.3 - Remote Command Injection

YouPHPTube Encoder 2.3 is susceptible to a command injection vulnerability which could allow an attacker to compromise the server. These exploitable unauthenticated command injections exist via the parameter base64Url in /objects/getImage.php. id: CVE-2019-5127 info: name: YouPHPTube Encoder 2.3 ...

10CVSS7.2AI score0.45302EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday10 views

APsystems ECU-R Firmware - Command Injection

Command injection in the administration interface in APSystems ECU-R version 5203 allows a remote unauthenticated attacker to execute arbitrary commands as root using the timezone parameter. id: CVE-2022-45699 info: name: APsystems ECU-R Firmware - Command Injection author: pussycat0x severity:...

9.8CVSS7.5AI score0.76604EPSS
Exploits1References1
Nuclei
Nuclei
added yesterday63 views

Barco/AWIND OEM Presentation Platform - Remote Command Injection

The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pr...

10CVSS7.3AI score0.98952EPSS
Exploits10References5
Nuclei
Nuclei
added yesterday35 views

Yachtcontrol Webapplication 1.0 - Remote Command Injection

Yachtcontrol Webapplication 1.0 makes it possible to perform direct operating system commands as an unauthenticated user via the "/pages/systemcall.php?command=COMMAND" page and parameter, where COMMAND will be executed and returning the results to the client. Affects Yachtcontrol webservers...

10CVSS7.1AI score0.58879EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday94 views

Citrix SD-WAN Center - Remote Command Injection

Citrix SD-WAN Center is susceptible to remote command injection via the addModifyZTDProxy function in NmsController. The function does not sufficiently validate or sanitize HTTP request parameter values that are used to construct a shell command. An attacker can trigger this vulnerability by...

10CVSS7.3AI score0.42551EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday35 views

YouPHPTube Encoder 2.3 - Command Injection

Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube.The parameter base64Url in /objects/getImageMP4.php is vulnerable to a command injection attack. id: CVE-2019-5129 info: name: YouPHPTube Encoder 2.3 - Command...

10CVSS7.2AI score0.38531EPSS
Exploits1References1
Nuclei
Nuclei
added yesterday34 views

TOTOLink - Unauthenticated Command Injection

TOTOLink A950RG V5.9c.4050B20190424 and V4.1.2cu.5204B20210112 were discovered to contain a command injection vulnerability in the Main function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter. id: CVE-2022-25082 info: name: TOTOLink -...

9.8CVSS7.4AI score0.16089EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday59 views

Node.JS System Information Library <5.3.1 - Remote Command Injection

Node.JS System Information Library System before version 5.3.1 is susceptible to remote command injection. Node.JS npm package "systeminformation" is an open source collection of functions to retrieve detailed hardware, system and OS information. id: CVE-2021-21315 info: name: Node.JS System...

7.8CVSS7.1AI score0.9024EPSS
Exploits4References5
Nuclei
Nuclei
added yesterday66 views

Geutebruck - Remote Command Injection

Geutebruck is susceptible to multiple vulnerabilities its web-based management interface that could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. id: CVE-2021-33544 info: name: Geutebruck - Remote Command Injection author: gy741 severit...

7.2CVSS7.1AI score0.94622EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday88 views

Hongdian H8922 3.0.5 - Remote Command Injection

Hongdian H8922 3.0.5 devices are susceptible to remote command injection via shell metacharacters into the ip-address a/k/a Destination field to the tools.cgi ping command, which is accessible with the username guest and password guest. An attacker can execute malware, obtain sensitive informatio...

9CVSS7.3AI score0.27912EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday97 views

Lexmark Printers - Command Injection

Certain Lexmark devices through 2023-02-19 mishandle Input Validation issue 1 of 4. id: CVE-2023-26067 info: name: Lexmark Printers - Command Injection author: DhiyaneshDK severity: high description: | Certain Lexmark devices through 2023-02-19 mishandle Input Validation issue 1 of 4. impact: |...

8.1CVSS7.1AI score0.37835EPSS
Exploits4References5
Nuclei
Nuclei
added yesterday26 views

Enigma NMS < 65.0.0 - Authenticated OS Command Injection

An OS command injection vulnerability in the discoverandmanage CGI script in NETSAS Enigma NMS 65.0.0 and prior allows an authenticated attacker to execute arbitrary code because of improper neutralization of shell metacharacters in the ipaddress variable within an snmpbrowser action. id:...

10CVSS7.5AI score0.25279EPSS
Exploits5References3
Nuclei
Nuclei
added yesterday40 views

D-Link Routers - Remote Command Injection

D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 device may allow an authenticated attacker to execute arbitrary code by injecting the shell command into the chkisg.htm page Sip parameter. This allows for...

9CVSS7.6AI score0.78191EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday25 views

SolarView 6.00 - Remote Command Execution

SolarView Compact 6.00 is vulnerable to a command injection via networktest.php. id: CVE-2022-40881 info: name: SolarView 6.00 - Remote Command Execution author: For3stCo1d severity: critical description: | SolarView Compact 6.00 is vulnerable to a command injection via networktest.php. impact: |...

9.8CVSS7.2AI score0.29451EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday13 views

EnGenius EnShare IoT Gigabit Cloud Service 1.4.11 Root Remote Code Execution

An OS command injection vulnerability exists in EnGenius EnShare Cloud Service version 1.4.11 and earlier.The usbinteract.cgi script fails to properly sanitize user input passed to the path parameter, allowing unauthenticated remote attackers to inject arbitrary shell commands.The injected comman...

10CVSS6.1AI score0.12334EPSS
Exploits2References4
Nuclei
Nuclei
added yesterday13 views

DELMIA Apriso - Command Injection

An Improper Control of Generation of Code code injection / file upload → RCE vulnerability affecting DELMIA Apriso Release 2020 → Release 2025. When an authenticated user can upload files and the upload handler fails to canonicalize filenames or enforce storage restrictions, an attacker may place...

8CVSS6.8AI score0.75306EPSS
Exploits0References3
Rows per page
Query Builder