15277 matches found
CVE-2019-3989
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when retrieving internal network configuration data...
CVE-2017-15376
The TELNET service in Mobatek MobaXterm 10.4 does not require authentication, which allows remote attackers to execute arbitrary commands via TCP port 23...
CVE-2017-17733
Maccms 8.x allows remote command execution via the wd parameter in an index.php?m=vod-search request...
CVE-2018-20674
D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A before v1.21B08Beta, DIR-850L B before v2.22B03Beta, and DIR-880L A before v1.20B02Beta devices allow authenticated remote command execution...
CVE-2019-17621
The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network...
CVE-2019-3988
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the bssid parameter...
CVE-2015-1450
SQL injection vulnerability in Restaurant Biller allows remote attackers to execute arbitrary SQL commands via the cid parameter in a category action to index.php...
CVE-2014-8661
The SAP CRM Internet Sales module allows remote attackers to execute arbitrary commands via unspecified vectors...
CVE-2017-14705
DenyAll WAF before 6.4.1 allows unauthenticated remote command execution via TCP port 3001 because shell metacharacters can be inserted into the type parameter to the tailDateFile function in /webservices/stream/tail.php. An iToken authentication parameter is required but can be obtained by...
CVE-2013-7392
Gitlist allows remote attackers to execute arbitrary commands via shell metacharacters in a file name to Source/...
CVE-2013-2512
The ftpd gem 0.2.1 for Ruby allows remote attackers to execute arbitrary OS commands via shell metacharacters in a LIST or NLST command argument within FTP protocol traffic...
CVE-2012-5973
CA XCOM Data Transport r11.0 and r11.5 on UNIX and Linux allows remote attackers to execute arbitrary commands via a crafted request...
CVE-2013-4096
ServerAdmin/TestTelnetConnection.jsp in DS3 Authentication Server allows remote authenticated users to execute arbitrary commands via shell metacharacters in the HOSTNAME field...
CVE-2014-5092
Status2k allows Remote Command Execution in admin/options/editpl.php...
CVE-2012-4981
Toshiba ConfigFree 8.0.38 has a CF7 File Remote Command Execution Vulnerability...
CVE-2010-2446
Rbot Reaction plugin allows command execution...
CVE-2019-17059
A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS before 10.6.6 MR-6 allows remote attackers to execute arbitrary commands via the Web Admin and SSL VPN consoles...
CVE-2013-5697
SQL injection vulnerability in modaccounting.c in the modaccounting module 0.5 and earlier for Apache allows remote attackers to execute arbitrary SQL commands via a Host header...
CVE-2013-1111
The Cisco ATA 187 Analog Telephone Adaptor with firmware 9.2.1.0 and 9.2.3.1 before ES build 4 does not properly implement access control, which allows remote attackers to execute operating-system commands via vectors involving a session on TCP port 7870, aka Bug ID CSCtz67038...
CVE-2011-4047
The Dell KACE K2000 System Deployment Appliance allows remote attackers to execute arbitrary commands by leveraging database write access...