CVE-2020-5179

Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to execute arbitrary OS commands by navigating to the Diagnostics Ping page and entering shell metacharacters in the Target IP address field. In some cases, authentication can be achieved with the comtech password fo...

CVE-2020-5739

Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker adds an OpenVPN up script to the phone's VPN settings via the "Additional Settings" field in the web interface. When the VPN's connection is established, the user defin...

CVE-2020-11698

An issue was discovered in Titan SpamTitan 7.07. Improper input sanitization of the parameter community on the page snmp-x.php would allow a remote attacker to inject commands into the file snmpd.conf that would allow executing commands on the target server...

CVE-2020-8087

SMC Networks D3G0804W D3GNV5M-3.5.1.6.10GA devices allow remote command execution by leveraging access to the Network Diagnostic Tools screen, as demonstrated by an admin login. The attacker must use a Parameter Pollution approach against goform/formSetDiagnosticToolsFmPing by providing the...

CVE-2020-8947

functionsnetflow.php in Artica Pandora FMS 7.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the index.php?operation/netflow/nfliveview ipdst, dstport, or srcport parameter, a different vulnerability than CVE-2019-20224...

CVE-2020-27600

HNAP1/control/SetMasterWLanSettings.php in D-Link D-Link Router DIR-846 DIR-846 A1100.26 allows remote attackers to execute arbitrary commands via shell metacharacters in the ssid0 or ssid1 parameter...

CVE-2020-9377

D-Link DIR-610 devices allow Remote Command Execution via the cmd parameter to command.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2020-20951

In Pluck-4.7.10-dev2 admin background, a remote command execution vulnerability exists when uploading files...

CVE-2020-22425

Centreon 19.10-3.el7 is affected by a SQL injection vulnerability, where an authorized user is able to inject additional SQL queries to perform remote command execution...

CVE-2020-8010

CA Unified Infrastructure Management Nimsoft/UIM 20.1, 20.3.x, and 9.20 and below contains an improper ACL handling vulnerability in the robot controller component. A remote attacker can execute commands, read from, or write to the target system...

CVE-2020-5738

Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker uploads a specially crafted tar file to the HTTP /cgi-bin/uploadvpntar interface...

CVE-2020-5561

Keijiban Tsumiki v1.15 allows remote attackers to execute arbitrary OS commands via unspecified vectors...

CVE-2020-5556

Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to execute arbitrary OS commands via unspecified vectors...

CVE-2020-29311

Ubilling v1.0.9 allows Remote Command Execution as Root user by executing a malicious command that is injected inside the config file and being triggered by another part of the software...

CVE-2020-26582

D-Link DAP-1360U before 3.0.1 devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the IP JSON value for ping aka resconfigaction=3configid=18...

CVE-2020-5624

SQL injection vulnerability in the XooNIps 3.48 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2020-14425

Foxit Reader before 10.0 allows Remote Command Execution via the app.opencPDFWebPage JavsScript API. An attacker can execute local files and bypass the security dialog...

CVE-2020-13887

documentsadd.php in Kordil EDMS through 2.2.60rc3 allows Remote Command Execution because .php files can be uploaded to the documents folder...

CVE-2020-23691

YFCMF v2.3.1 has a Remote Command Execution RCE vulnerability in the index.php...

CVE-2020-11490

Manage::Certificates in Zen Load Balancer 3.10.1 allows remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the index.cgi certissuer, certdivision, certorganization, certlocality, certstate, certcountry, or certemail parameter...