CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9788 matches found

CVE•added 2020/08/11 1:19 p.m.•99 views

CVE-2020-14324

CVE-2020-14324 affects Red Hat CloudForms (cfme) and is described as an Out-of-band OS Command Injection via the conversion host during Infrastructure Migration. Impact: authenticated attacker can execute arbitrary commands on the CloudForms server. Affected software includes CloudForms before 5....

9.1CVSS9.3AI score0.02515EPSS

Exploits0References2Affected Software1

NVD•added 2020/08/07 8:15 p.m.•18 views

CVE-2020-13376

SecurEnvoy SecurMail 9.3.503 allows attackers to upload executable files and achieve OS command execution via a crafted SecurEnvoyReply cookie...

9.3CVSS9.1AI score0.03507EPSS

Exploits1References2

NVD•added 2020/08/07 8:15 p.m.•20 views

CVE-2020-17352

Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated attacker to remotely execute arbitrary code...

8.8CVSS9.2AI score0.04098EPSS

Exploits0References2

Prion•added 2020/08/07 8:15 p.m.•18 views

Command injection

SecurEnvoy SecurMail 9.3.503 allows attackers to upload executable files and achieve OS command execution via a crafted SecurEnvoyReply cookie...

9.3CVSS8.9AI score0.03507EPSS

Exploits1References2Affected Software1

Cvelist•added 2020/08/07 7:3 p.m.•16 views

CVE-2020-13376

SecurEnvoy SecurMail 9.3.503 allows attackers to upload executable files and achieve OS command execution via a crafted SecurEnvoyReply cookie...

9.1AI score0.03507EPSS

Exploits1References2

CVE•added 2020/08/07 7:3 p.m.•94 views

CVE-2020-13376

CVE-2020-13376 affects SecurEnvoy SecurMail 9.3.503. A vulnerability in the SecurEnvoyReply cookie allows an attacker to upload executable files and achieve OS command execution. The issue is described as a file-upload/command-injection vector enabling remote code execution; CVSS metrics in sourc...

9.3CVSS9AI score0.03507EPSS

Exploits1References2Affected Software1

Veracode•added 2020/08/07 2:30 a.m.•21 views

OS Command Injection

cfme is vulnerable to OS command injection. An attacker is able to perform an out-of-band OS Command Injection through the conversion host...

9.1CVSS3.3AI score0.02515EPSS

Exploits0References5Affected Software5

Veracode•added 2020/08/06 9:29 p.m.•25 views

OS Command Injection

webkit2gtk is vulnerable to OS command injection. An attacker is able to inject and execute arbitrary OS command via the Web Inspector...

7.8CVSS5.5AI score0.01736EPSS

Exploits0References8Affected Software28

NVD•added 2020/08/06 4:15 p.m.•13 views

CVE-2020-7361

The EasyCorp ZenTao Pro application suffers from an OS command injection vulnerability in its '/pro/repo-create.html' component. After authenticating to the ZenTao dashboard, attackers may construct and send arbitrary OS commands via the POST parameter 'path', and those commands will run in an...

9.6CVSS9.7AI score0.17225EPSS

Exploits4References1

Prion•added 2020/08/06 4:15 p.m.•13 views

Command injection

9CVSS9AI score0.17225EPSS

Exploits4References1Affected Software1

Cvelist•added 2020/08/06 3:45 p.m.•19 views

CVE-2020-7361 ZenTao Pro Command Injection

9.6CVSS9.7AI score0.17225EPSS

Exploits4References1

CVE•added 2020/08/06 3:45 p.m.•90 views

CVE-2020-7361

CVE-2020-7361 affects EasyCorp ZenTao Pro (8.8.2 and earlier). A command-injection vulnerability exists in the vulnerable "/pro/repo-create.html" endpoint, where an authenticated user can send arbitrary OS commands through the POST parameter “path.” Executed commands run in the Windows SYSTEM con...

9.6CVSS9AI score0.17225EPSS

Exploits4References1Affected Software1

CVE•added 2020/08/06 3:45 p.m.•98 views

CVE-2020-7357

CVE-2020-7357 relates to Cayin CMS where an authenticated OS semi-blind command injection is possible via the NTP_Server_IP/NTP IP parameter in system.cgi. The issue requires authentication (default credentials) and can allow execution of arbitrary shell commands as root. Affected are multiple Ca...

9.9CVSS9.8AI score0.33874EPSS

Exploits8References3Affected Software1

GithubExploit•added 2020/08/06 9:1 a.m.•4 views

Exploit for OS Command Injection in Yaws

OS command injection in Yaws web server CVE-2020-24916 P...

10CVSS8AI score0.17374EPSS

Exploits3

Tenable Nessus•added 2020/08/06 12:0 a.m.•37 views

RHEL 8 : CloudForms 5.0.7 update (Critical) (RHSA-2020:3358)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3358 advisory. Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual...

9.1CVSS6.8AI score0.02515EPSS

Exploits0References46

GithubExploit•added 2020/08/04 10:23 a.m.•80 views

Exploit for OS Command Injection in Pi-Hole

CVE-2020-8816 Pi-hole Remote Code Execution authenticated...

9.1CVSS7.6AI score0.77847EPSS

Exploits13

Veracode•added 2020/08/03 5:43 a.m.•11 views

OS Command Injection

git-tags-remote is vulnerable to OS command injection. The vulnerability exists as it does not sanitize the value of repo in index.js, whose value is subsequently passed to an exec call...

2.3AI score

Exploits0

Prion•added 2020/07/29 7:15 p.m.•9 views

Command injection

Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to an OS command injection vulnerability. Unauthenticated remote attackers can execute arbitrary commands as root by crafting a special configuration file and sending a crafted SIP message...

9.3CVSS8.1AI score0.0547EPSS

Exploits1References2Affected Software6

Cvelist•added 2020/07/29 6:51 p.m.•13 views

CVE-2020-5760

8.2AI score0.0547EPSS

Exploits1References2

CVE•added 2020/07/29 6:51 p.m.•63 views

CVE-2020-5760

The CVE-2020-5760 entry applies to Grandstream HT800 series firmware

9.3CVSS8.1AI score0.0547EPSS

Exploits1References2Affected Software1

Rows per page