CVE-2021-32826

Proxyee-Down is open source proxy software. An attacker being able to provide an extension script eg: through a MiTM attack or by hosting a malicious extension may be able to run arbitrary commands on the system running Proxyee-Down. For more details including a PoC see the referenced...

CVE-2021-21954

A command execution vulnerability exists in the wificountrycodeupdate functionality of the homesecurity binary of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to arbitrary command execution...

CVE-2020-5873

On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.6.1-11.6.5 and BIG-IQ 5.2.0-7.1.0, a user associated with the Resource Administrator role who has access to the secure copy scp utility but does not have access to Advanced Shell bash can execute arbitrary commands...

CVE-2020-35665

An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in the Event parameter in include/makecvs.php during CSV creation...

CVE-2020-9377

D-Link DIR-610 devices allow Remote Command Execution via the cmd parameter to command.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2020-36243

The Patient Portal of OpenEMR 5.0.2.1 is affected by a Command Injection vulnerability in /interface/main/backup.php. To exploit the vulnerability, an authenticated attacker can send a POST request that executes arbitrary OS commands via shell metacharacters...

CVE-2020-15817

In JetBrains YouTrack before 2020.1.1331, an external user could execute commands against arbitrary issues...

CVE-2020-13376

SecurEnvoy SecurMail 9.3.503 allows attackers to upload executable files and achieve OS command execution via a crafted SecurEnvoyReply cookie...

CVE-2020-23584

Unauthenticated remote code execution in OPTILINK OP-XT71000N, Hardware Version: V2.2 occurs when the attacker passes arbitrary commands with IP-ADDRESS using " | " to execute commands on " /diagtracertadmin.asp " in the "PingTest" parameter that leads to command execution...

CVE-2013-3384

The web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-550; Email Security Appliance devices before 7.1.5-104, 7.3 before 7.3.2-026, 7.5 before 7.5.2-203, and 7.6 before 7.6.3-019; and Content Security Management...

CVE-2019-9859

Vesta Control Panel VestaCP 0.9.7 through 0.9.8-23 is vulnerable to an authenticated command execution that can result in remote root access on the server. The platform works with PHP as the frontend language and uses shell scripts to execute system actions. PHP executes shell script through the...

CVE-2019-15395

The Asus ZenFone 3s Max Android device with a build fingerprint of asus/INX00G/ASUSX00G1:7.0/NRD90M/INX00G-14.02.1807.33-20180706:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app versionCode=1570000015, versionName=7.0.0.3161222 that allows other...

CVE-2019-15397

The Asus ZenFone Max 4 Android device with a build fingerprint of asus/WWPhone/ASUSX00HD4:7.1.1/NMF26F/14.2016.1803.373-20180308:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app versionCode=1570000020, versionName=7.0.0.4170901 that allows other...

CVE-2019-15400

The Asus ZenFone 3 Ultra Android device with a build fingerprint of asus/WWPhone/ASUSA001:7.0/NRD90M/14.1010.1804.75-20180612:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app versionCode=1570000020, versionName=7.0.0.4170901 that allows other...

CVE-2019-15404

The Asus ZenFone Max 4 Android device with a build fingerprint of asus/WWPhone/ASUSX00HD4:7.1.1/NMF26F/14.2016.1712.367-20171225:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app versionCode=1570000020, versionName=7.0.0.4170901 that allows other...

CVE-2019-15411

The Asus ZenFone 3 Laser Android device with a build fingerprint of asus/WWmsm8937/msm8937:7.1.1/NMF26F/WW32.40.106.11420180928:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app versionCode=1570000020, versionName=7.0.0.4170901 that allows other...

CVE-2019-15312

An issue was discovered on Zolo Halo devices via the Linkplay firmware. There is a Zolo Halo DNS rebinding attack. The device was found to be vulnerable to DNS rebinding. Combined with one of the many /httpapi.asp endpoint command-execution security issues, the DNS rebinding attack could allow an...

CVE-2019-15412

The Asus ZenFone 4 Selfie Android device with a build fingerprint of asus/WWZ01M/ASUSZ01M1:7.1.1/NMF26F/WW71.50.395.5720180913:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app versionCode=1570000020, versionName=7.0.0.4170901 that allows other...

CVE-2019-16737

The processCommandSetMac function of libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user...

CVE-2019-10786

network-manager through 1.0.2 allows remote attackers to execute arbitrary commands via the "execSync" argument...