CVE-2023-27874

IBM Aspera Faspex 4.4.2 is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands. IBM X-Force ID: 249845...

CVE-2023-51984

D-Link DIR-822+ V1.0.2 was found to contain a command injection in SetStaticRouteSettings function. allows remote attackers to execute arbitrary commands via shell...

CVE-2023-51707

MotionPro in Array ArrayOS AG before 9.4.0.505 on AG and vxAG allows remote command execution via crafted packets. AG and vxAG 9.3.0.259.x are unaffected...

CVE-2023-37428

A vulnerability in the EdgeConnect SD-WAN Orchestrator web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading t...

CVE-2023-37424

A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to run arbitrary commands on the underlying host if certain preconditions outside of the attacker's control are met. Successful exploitation of this vulnerabilit...

CVE-2023-35899

IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file...

CVE-2023-46416

TOTOLINK X6000R v9.4.0cu.652B20230116 was discovered to contain a remote command execution RCE vulnerability via the sub The 41A414 function...

CVE-2023-46947

Subrion 4.2.1 has a remote command execution vulnerability in the backend...

CVE-2023-43270

dst-admin v1.5.0 was discovered to contain a remote command execution RCE vulnerability via the userId parameter at /home/playerOperate...

CVE-2023-41748

Remote command execution due to improper input validation. The following products are affected: Acronis Cloud Manager Windows before build 6.2.23089.203...

CVE-2023-47709

IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 271524...

CVE-2023-39416

Proself Enterprise/Standard Edition Ver5.61 and earlier, Proself Gateway Edition Ver1.62 and earlier, and Proself Mail Sanitize Edition Ver1.07 and earlier allow a remote authenticated attacker with an administrative privilege to execute arbitrary OS commands...

CVE-2023-38942

Dango-Translator v4.5.5 was discovered to contain a remote command execution RCE vulnerability via the component app/config/cloudconfig.json...

CVE-2023-38943

ShuiZe0x727 v1.0 was discovered to contain a remote command execution RCE vulnerability via the component /iniFile/config.ini...

CVE-2023-38941

django-sspanel v2022.2.2 was discovered to contain a remote command execution RCE vulnerability via the component sspanel/adminview.py - GoodsCreateView.post...

CVE-2023-38303

An issue was discovered in Webmin 2.021. One can exploit a stored Cross-Site Scripting XSS attack to achieve Remote Command Execution RCE through the Users and Group's real name parameter...

CVE-2023-4724

The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not validate and sanitise the wpquery parameter which allows an attacker to run arbitrary command on the remote server...

CVE-2023-37656

WebsiteGuide v0.2 is vulnerable to Remote Command Execution RCE via image upload...

CVE-2023-37659

xalpha v0.11.4 is vulnerable to Remote Command Execution RCE...

CVE-2023-37407

IBM Aspera Orchestrator 4.0.1 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 260116...