CVE-2022-37778

Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers V3.0.1.17 were discovered to contain a remote command execution RCE vulnerability via the currenttime parameter of the time function...

CVE-2022-37882

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to comple...

CVE-2022-26265

Contao Managed Edition v1.5.0 was discovered to contain a remote command execution RCE vulnerability via the component phpcli parameter...

CVE-2022-26258

D-Link DIR-820L 1.05B03 was discovered to contain remote command execution RCE vulnerability via HTTP POST to get set ccp...

CVE-2022-35733

Missing authentication for critical function vulnerability in UNIMO Technology digital video recorders UDR-JA1004/JA1008/JA1016 firmware versions v1.0.20.13 and earlier, and UDR-JA1016 firmware versions v2.0.20.13 and earlier allows a remote unauthenticated attacker to execute an arbitrary OS...

CVE-2022-35201

Tenda-AC18 V15.03.05.05 was discovered to contain a remote command execution RCE vulnerability...

CVE-2019-18655

File Sharing Wizard version 1.5.0 build 2008 is affected by a Structured Exception Handler based buffer overflow vulnerability. An unauthenticated attacker is able to perform remote command execution and obtain a command shell by sending a HTTP GET request including the malicious payload in the...

CVE-2019-18894

In Avast Premium Security 19.8.2393, attackers can send a specially crafted request to the local web server run by Avast Antivirus on port 27275 to support Bank Mode functionality. A flaw in the processing of a command allows execution of arbitrary OS commands with the privileges of the currently...

CVE-2019-18184

Crestron DMC-STRO 1.0 devices allow remote command execution as root via shell metacharacters to the ping function...

CVE-2019-11535

Unsanitized user input in the web interface for Linksys WiFi extender products RE6400 and RE6300 through 1.2.04.022 allows for remote command execution. An attacker can access system OS configurations and commands that are not intended for use beyond the web UI...

CVE-2019-11646

Remote unauthorized command execution and unauthorized disclosure of information in Micro Focus Service Manager, versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61. This vulnerability could allow Remote unauthorized command execution and unauthorized disclosure ...

CVE-2019-20215

D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via a urn: to the M-SEARCH method in ssdpcgi in /htdocs/cgibin, because HTTPST is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an attacker t...

CVE-2020-7116

The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote execution. When the attacker is already authenticated to the administrative interface, they could then exploit the system, leading to remote command execution in the underlying operating system...

CVE-2020-7594

MultiTech Conduit MTCDT-LVW2-24XX 1.4.17-ocea-13592 devices allow remote authenticated administrators to execute arbitrary OS commands by navigating to the Debug Options page and entering shell metacharacters in the interface JSON field of the ping function...

CVE-2020-7115

The ClearPass Policy Manager web interface is affected by a vulnerability that leads to authentication bypass. Upon successful bypass an attacker could then execute an exploit that would allow to remote command execution in the underlying operating system. Resolution: Fixed in 6.7.13-HF, 6.8.5-HF...

CVE-2020-7980

Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI. NOTE: a valid sid cookie for a login to the intellian default account might be needed...

CVE-2020-10374

A webserver component in Paessler PRTG Network Monitor 19.2.50 to PRTG 20.1.56 allows unauthenticated remote command execution via a crafted POST request or the what parameter of the screenshot function in the Contact Support form...

CVE-2020-10987

The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter...

CVE-2020-10216

An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the date parameter in a systemtime.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected...

CVE-2020-10818

Artica Proxy 4.26 allows remote command execution for an authenticated user via shell metacharacters in the "Modify the hostname" field...