CVE-2022-33750

CA Automic Automation 12.2 and 12.3 contain an authentication error vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary commands...

CVE-2022-29774

iSpy v7.2.2.0 is vulnerable to remote command execution via path traversal...

CVE-2022-29077

A heap-based buffer overflow exists in rippled before 1.8.5. The vulnerability allows attackers to cause a crash or execute commands remotely on a rippled node, which may lead to XRPL mainnet DoS or compromise. This exposes all digital assets on the XRPL to a security threat...

CVE-2022-28888

Spryker Commerce OS 1.4.2 allows Remote Command Execution...

CVE-2022-28568

Sourcecodester Doctor's Appointment System 1.0 is vulnerable to File Upload to RCE via Image upload from the administrator panel. An attacker can obtain remote command execution just by knowing the path where the images are stored...

CVE-2022-27488

A cross-site request forgery CSRF in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.0 through 6.2.7, 6.0.x, FortiMail version 7.0.0 through 7.0.3, 6.4.0 through 6.4.6, 6.2.x, 6.0.x FortiRecorder version 6.4.0 through 6.4.2,...

CVE-2022-27947

NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands such as telnetd via shell metacharacters in the ipv6fix.cgi ipv6wanipaddr, ipv6lanipaddr, ipv6wanlength, or ipv6lanlength parameter...

CVE-2022-27004

Totolink routers s X5000R V9.1.0u.6118B20201102 and A7000R V9.1.0u.6115B20201022 were discovered to contain a command injection vulnerability in the Tunnel 6in4 function via the remote6in4 parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2022-25627

An authenticated administrator who has physical access to the environment can carry out Remote Command Execution on Management Console in Symantec Identity Manager 14.4...

CVE-2022-24262

The config restore function of Voipmonitor GUI before v24.96 does not properly check files sent as restore archives, allowing remote attackers to execute arbitrary commands via a crafted file in the web root...

CVE-2022-30078

NETGEAR R6200V2 firmware versions through R6200v2-V1.0.3.1210.1.11 and R6300V2 firmware versions through R6300v2-V1.0.4.5210.0.93 allow remote authenticated attackers to execute arbitrary command via shell metacharacters in the ipv6fix.cgi ipv6wanipaddr, ipv6lanipaddr, ipv6wanlength, or...

CVE-2022-22425

"IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 223598."...

CVE-2022-1703

Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inject OS Commands which potentially leads to remote command execution vulnerability or denial of service DoS attack...

CVE-2022-23992

XCOM Data Transport for Windows, Linux, and UNIX 11.6 releases contain a vulnerability due to insufficient input validation that could potentially allow remote attackers to execute arbitrary commands with elevated privileges...

CVE-2022-26019

Improper access control vulnerability in pfSense CE and pfSense Plus pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01 allows a remote attacker with the privilege to change NTP GPS settings to rewrite existing files on the file system, which may result ...

CVE-2022-44877

login/index.php in CWP aka Control Web Panel or CentOS Web Panel 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter...

CVE-2022-44149

The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 and 80.103.2.5045 devices allows remote OS command execution by placing in the JSON host field to the ping feature of the goform/sysTools component. Authentication is required...

CVE-2022-44019

In Total.js 4 before 0e5ace7, /api/common/ping can achieve remote command execution via shell metacharacters in the host parameter...

CVE-2022-27373

Shanghai Feixun Data Communication Technology Co., Ltd router fir302b A2 was discovered to contain a remote command execution RCE vulnerability via the Ping function...

CVE-2021-25299

Nagios XI version xi-5.7.5 is affected by cross-site scripting XSS. The vulnerability exists in the file /usr/local/nagiosxi/html/admin/sshterm.php due to improper sanitization of user-controlled input. A maliciously crafted URL, when clicked by an admin user, can be used to steal his/her session...