CVE-2010-0332

SQL injection vulnerability in the TV21 Talkshow tv21talkshow extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2012-1603

Multiple SQL injection vulnerabilities in ajaxserver.php in NextBBS 0.6 allow remote attackers to execute arbitrary SQL commands via the 1 curstr parameter in the findUsers function, 2 id parameter in the isIdAvailable function, or 3 username parameter in the getGreetings function...

CVE-2012-2325

SQL injection vulnerability in the User Inline Moderation feature in the Admin Control Panel ACP in MyBB aka MyBulletinBoard before 1.6.7 allows remote administrators to execute arbitrary SQL commands via unspecified vectors...

CVE-2012-4011

The Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site...

CVE-2016-20010

EWWW Image Optimizer before 2.8.5 allows remote command execution because it relies on a protection mechanism involving boolval, which is unavailable before PHP 5.5...

CVE-2013-3506

cgi-bin/performance/perfchart.cgi in the Performance component in GroundWork Monitor Enterprise 6.7.0 does not properly restrict XML content, which allows remote attackers to execute arbitrary commands by creating a .shtml file and leveraging Server Side Includes SSI functionality...

CVE-2013-5694

SQL injection vulnerability in status/service/acknowledge in Opsview before 4.4.1 allows remote attackers to execute arbitrary SQL commands via the serviceselection parameter...

CVE-2013-6830

admin/confnetworking.html in PineApp Mail-SeCure 3.70 and earlier on 5099SK and earlier platforms allows remote attackers to execute arbitrary commands via shell metacharacters in the nsserver parameter during an nslookup operation...

CVE-2013-2097

ZPanel through 10.1.0 has Remote Command Execution...

CVE-2019-3986

Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the encryption parameter...

CVE-2019-15954

An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the widgets privilege can gain achieve Remote Command Execution RCE on the remote server by creating a malicious widget with a special tag containing JavaScript code that will be evaluated server side. In the process of...

CVE-2019-6579

A vulnerability has been identified in Spectrum Power 4 with Web Office Portal. An attacker with network access to the web server on port 80/TCP or 443/TCP could execute system commands with administrative privileges. The security vulnerability could be exploited by an unauthenticated attacker wi...

CVE-2019-13561

D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to execute arbitrary commands via shell metacharacters in the onlinefirmwarecheck.cgi checkfwurl parameter...

CVE-2019-17364

The processCommandUploadLog function of libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user...

CVE-2019-17642

An issue was discovered in Centreon before 18.10.8, 19.10.1, and 19.04.2. It allows CSRF with resultant remote command execution via shell metacharacters in a POST to centreon-autodiscovery-server/views/scan/ajax/call.php in the Autodiscovery plugin...

CVE-2011-3626

Double free vulnerability in the prepareexec function in src/exec.c in Logsurfer 1.5b and earlier, and Logsurfer+ 1.7 and earlier, allows remote attackers to execute arbitrary commands via crafted strings in a log file...

CVE-2011-5274

The drawAdminToolsPackageInstaller function in shared/inc/forms/packager.php in Domain Technologie Control DTC before 0.32.11 allows remote attackers to execute arbitrary commands via shell metacharacters in the dtcpkgdirectory parameter in a doinstall action to dtc/...

CVE-2011-5102

The Investigative Reports web interface in the TRITON management console in Websense Web Security 7.1 before Hotfix 109, 7.1.1 before Hotfix 06, 7.5 before Hotfix 78, 7.5.1 before Hotfix 12, 7.6 before Hotfix 24, and 7.6.2 before Hotfix 12; Web Filter; Web Security Gateway; and Web Security Gatew...

CVE-2019-9945

SoftNAS Cloud 4.2.0 and 4.2.1 allows remote command execution. The NGINX default configuration file has a check to verify the status of a user cookie. If not set, a user is redirected to the login page. An arbitrary value can be provided for this cookie to access the web interface without valid...

CVE-2019-8387

MASTER IPCAMERA01 3.3.4.2103 devices allow Remote Command Execution, related to the thttpd component...