CVE-2023-33374

Connected IO v2.1.0 and prior has a command as part of its communication protocol allowing the management platform to specify arbitrary OS commands for devices to execute. Attackers abusing this dangerous functionality may issue all devices OS commands to execute, resulting in arbitrary remote...

CVE-2023-33413

The configuration functionality in the Intelligent Platform Management Interface IPMI baseboard management controller BMC implementation on Supermicro X11 and M11 based devices, with firmware versions through 3.17.02, allows remote authenticated users to execute arbitrary commands...

CVE-2023-33294

An issue was discovered in KaiOS 3.0 before 3.1. The /system/bin/tctwebserver binary exposes a local web server that responds to GET and POST requests on port 2929. The server accepts arbitrary Bash commands and executes them as root. Because it is not permission or context restricted and returns...

CVE-2023-33412

The web interface in the Intelligent Platform Management Interface IPMI baseboard management controller BMC implementation on Supermicro X11 and M11 based devices, with firmware versions before 3.17.02, allows remote authenticated users to execute arbitrary commands via a crafted request targetin...

CVE-2023-33676

Sourcecodester Lost and Found Information System's Version 1.0 is vulnerable to unauthenticated SQL Injection at "?page=items/view=" which can be escalated to the remote command execution...

CVE-2023-46415

TOTOLINK X6000R v9.4.0cu.652B20230116 was discovered to contain a remote command execution RCE vulnerability via the sub41E588 function...

CVE-2023-23356

A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands. We have already fixed the vulnerability in the following versions:...

CVE-2023-20219

Multiple vulnerabilities in the web management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The attacker would need valid device credentials but does not require...

CVE-2022-29516

The web console of FUJITSU Network IPCOM series IPCOM EX2 IN3200, 3500, IPCOM EX2 LB1100, 3200, 3500, IPCOM EX2 SC1100, 3200, 3500, IPCOM EX2 NW1100, 3200, 3500, IPCOM EX2 DC, IPCOM EX2 DC, IPCOM EX IN2300, 2500, 2700, IPCOM EX LB1100, 1300, 2300, 2500, 2700, IPCOM EX SC1100, 1300, 2300, 2500,...

CVE-2022-24553

An issue was found in Zfaka = 1.4.5. The verification of the background file upload function check is not strict, resulting in remote command execution...

CVE-2022-28076

Seacms v11.6 was discovered to contain a remote command execution RCE vulnerability via the Mail Server Settings...

CVE-2022-28810

Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary operating OS commands as SYSTEM via the policy custom script feature. Due to the use of a default administrator password, attackers may be able to abuse this functionality with...

CVE-2022-37780

Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers V3.0.1.17 were discovered to contain a remote command execution RCE vulnerability via the pingAddr parameter of the tracert function...

CVE-2022-37880

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to comple...

CVE-2022-31814

pfSense pfBlockerNG through 2.1.426 allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the HTTP Host header. NOTE: 3.x is unaffected...

CVE-2022-46552

D-Link DIR-846 Firmware FW100A53DBR was discovered to contain a remote command execution RCE vulnerability via the lan0dhcpsstaticlist parameter. This vulnerability is exploited via a crafted POST request...

CVE-2022-43946

Multiple vulnerabilities including an incorrect permission assignment for critical resource CWE-732 vulnerability and a time-of-check time-of-use TOCTOU race condition CWE-367 vulnerability in Fortinet FortiClientWindows before 7.0.7 allows attackers on the same file sharing network to execute...

CVE-2022-25441

Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution RCE vulnerability via the vlanid parameter in the SetIPTVCfg function...

CVE-2022-25438

Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution RCE vulnerability via the SetIPTVCfg function...

CVE-2022-25390

DCN Firewall DCME-520 was discovered to contain a remote command execution RCE vulnerability via the host parameter in the file /system/tool/ping.php...