Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9789 matches found

Huntr
Huntradded 2021/05/29 4:59 p.m.9 views

OS Command Injection in falconchristmas/fpp

✍️ Description Hi, it is possible to inject arbitrary OS commands in https://github.com/FalconChristmas/fpp/blob/59b7f7e8039a7019143c2c4b44f7d95b6358a4ef/www/formatstorage.phpL24 php &1"; echo "Command: $command\n"; echo...

1.6AI score
Exploits0
Huntr
Huntradded 2021/05/29 4:15 p.m.9 views

OS Command Injection in falconchristmas/fpp

✍️ Description Hi, it is possible ot inject arbitrary OS commands in https://github.com/FalconChristmas/fpp/blob/f032d800a67ed280f8d577d95519a71c95114579/www/upgradeOS.phpL46 php system$SUDO . " $fppDir/SD/upgradeOS-part1.sh /home/fpp/media/upload/" . $GET'os'; 🕵️‍♂️ Proof of Concept Visit :...

1.4AI score
Exploits0
GithubExploit
GithubExploitadded 2021/05/28 5:55 p.m.62 views

Exploit for OS Command Injection in Cacti

CVE-2020-8813 Cacti v1.2.8 Unauthenticated Remote Code Executi...

9.3CVSS8.9AI score0.73779EPSS
Exploits24
Packet Storm
Packet Stormadded 2021/05/28 12:0 a.m.183 views

Trixbox 2.8.0.4 Remote Code Execution

Exploit Title: Trixbox 2.8.0.4 - 'lang' Remote Code Execution Unauthenticated Date: 27.05.2021 Exploit Author: Ron Jost Hacker5preme Credits to: https://secur1tyadvisory.wordpress.com/2018/02/11/trixbox-os-command-injection-vulnerability-cve-2017-14535/ Credits to: Sachin Wagh Vendor Homepage:...

9CVSS8.9AI score0.50762EPSS
Exploits4
Exploit DB
Exploit DBadded 2021/05/28 12:0 a.m.176 views

Trixbox 2.8.0.4 - 'lang' Remote Code Execution (Unauthenticated)

Exploit Title: Trixbox 2.8.0.4 - 'lang' Remote Code Execution Unauthenticated Date: 27.05.2021 Exploit Author: Ron Jost Hacker5preme Credits to: https://secur1tyadvisory.wordpress.com/2018/02/11/trixbox-os-command-injection-vulnerability-cve-2017-14535/ Credits to: Sachin Wagh Vendor Homepage:...

9CVSS8.8AI score0.50762EPSS
Exploits4
0day.today
0day.todayadded 2021/05/28 12:0 a.m.52 views

Trixbox 2.8.0.4 - (lang) Remote Code Execution (Unauthenticated) Exploit

Exploit Title: Trixbox 2.8.0.4 - 'lang' Remote Code Execution Unauthenticated Exploit Author: Ron Jost Hacker5preme Credits to: https://secur1tyadvisory.wordpress.com/2018/02/11/trixbox-os-command-injection-vulnerability-cve-2017-14535/ Credits to: Sachin Wagh Vendor Homepage:...

9CVSS8.9AI score0.50762EPSS
Exploits4
NVD
NVDadded 2021/05/27 7:15 p.m.15 views

CVE-2021-20026

A vulnerability in the SonicWall NSM On-Prem product allows an authenticated attacker to perform OS command injection using a crafted HTTP request. This vulnerability affects NSM On-Prem 2.2.0-R10 and earlier versions...

9CVSS0.11642EPSS
Exploits1References1
Prion
Prionadded 2021/05/27 7:15 p.m.13 views

Command injection

A vulnerability in the SonicWall NSM On-Prem product allows an authenticated attacker to perform OS command injection using a crafted HTTP request. This vulnerability affects NSM On-Prem 2.2.0-R10 and earlier versions...

9CVSS8.6AI score0.11642EPSS
Exploits1References1Affected Software1
CVE
CVEadded 2021/05/27 7:10 p.m.87 views

CVE-2021-20026

CVE-2021-20026 affects SonicWall NSM On-Prem; an authenticated attacker can perform OS command injection via a crafted HTTP request, impacting NSM On-Prem versions up to 2.2.0-R10 and earlier. Connected sources corroborate the vulnerability in SonicWall NSM On-Prem and indicate a fix was released...

9CVSS8.6AI score0.11642EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2021/05/27 7:10 p.m.14 views

CVE-2021-20026

A vulnerability in the SonicWall NSM On-Prem product allows an authenticated attacker to perform OS command injection using a crafted HTTP request. This vulnerability affects NSM On-Prem 2.2.0-R10 and earlier versions...

8.9AI score0.11642EPSS
Exploits1References1
SonicWall
SonicWalladded 2021/05/27 2:7 p.m.8 views

SonicWall NSM On-Prem authenticated command injection vulnerability

A vulnerability in the SonicWall NSM On-Prem product allows an authenticated attacker to perform OS command injection using a crafted HTTP request. This vulnerability affects NSM On-Prem 2.2.0-R10 and earlier versions. CVE: CVE-2021-20026 Last updated: May 27, 2021, 2:07 p.m...

8.8CVSS7AI score0.11642EPSS
Exploits1
seebug.org
seebug.orgadded 2021/05/26 12:0 a.m.204 views

VMware vCenter Server远程代码执行漏洞(CVE-2021-21985)

Rapid7 May 26, 2021 5:34pm UTC 1 day ago• Last updated May 27, 2021 6:39pm UTC 7 hours ago Technical Analysis Threat status: Impending threat Attacker utility: Network infrastructure compromise Description On Tuesday, May 25, 2021, VMware published security advisory VMSA-2021-0010, which includes...

10CVSS0.3AI score0.99999EPSS
Exploits58
OSV
OSVadded 2021/05/25 12:15 p.m.2 views

CVE-2021-30187

CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralization of Special Elements used in an OS Command...

5.3CVSS5.8AI score0.00268EPSS
Exploits0References2
NVD
NVDadded 2021/05/25 12:15 p.m.20 views

CVE-2021-30187

CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralization of Special Elements used in an OS Command...

5.3CVSS0.00268EPSS
Exploits0References2
Prion
Prionadded 2021/05/25 12:15 p.m.12 views

Command injection

CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralization of Special Elements used in an OS Command...

4.6CVSS5.3AI score0.00268EPSS
Exploits0References2Affected Software1
CVE
CVEadded 2021/05/25 11:47 a.m.45 views

CVE-2021-30187

Summary: CVE-2021-30187 affects the CODESYS V2 Runtime System SPs prior to 2.4.7.55, enabling an OS command injection via the SysFile library. Affected product/component: CODESYS Control/Runtime Toolkit 32‑bit full SP before 2.4.7.55 (CODESYS V2 Runtime System). Root cause: Improper neutralizatio...

5.3CVSS6.3AI score0.00268EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2021/05/25 11:47 a.m.36 views

CVE-2021-30187

CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralization of Special Elements used in an OS Command...

5.6AI score0.00268EPSS
Exploits0References2
Veracode
Veracodeadded 2021/05/25 4:14 a.m.12 views

OS Command Injection

@ronomon/opened is vulnerable to OS command injection. A remote attacker can execute commands on the system because an untrusted input is not filtered and used as part of a string executed as a command by childprocess.exec...

9.8CVSS4.2AI score0.04508EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blogadded 2021/05/24 10:18 p.m.18 views

apiconnect-cli-plugins vulnerable to OS Command Injection

apiconnect-cli-plugins through 6.0.1 is vulnerable to Command Injection. It allows execution of arbitrary commands via the pluginUri argument. PoC js var root = require"apiconnect-cli-plugins"; var payload = "& touch Song &"; root.pluginLoader.installPluginpayload, ""; The injection point is...

9.8CVSS7.7AI score0.04358EPSS
Exploits1References4Affected Software1
OSV
OSVadded 2021/05/24 10:18 p.m.10 views

GHSA-C9M9-48PW-6MPV apiconnect-cli-plugins vulnerable to OS Command Injection

apiconnect-cli-plugins through 6.0.1 is vulnerable to Command Injection. It allows execution of arbitrary commands via the pluginUri argument. PoC js var root = require"apiconnect-cli-plugins"; var payload = "& touch Song &"; root.pluginLoader.installPluginpayload, ""; The injection point is...

9.8CVSS9.9AI score0.04358EPSS
Exploits1References4
Rows per page
Query Builder