Lucene search
K

1225 matches found

NVD
NVD
added 2020/01/06 8:15 p.m.13 views

CVE-2019-19509

An issue was discovered in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a GET request to ajaxArchiveFiles.php because the path parameter is passed to the exec function without filtering, which can lead to command execution...

9CVSS8.8AI score0.71635EPSS
Exploits13References6
Vulnrichment
Vulnrichment
added 2019/12/30 4:9 p.m.7 views

CVE-2019-17621

The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network...

9.5AI score0.89624EPSS
Exploits8References7
NVD
NVD
added 2019/12/23 6:15 p.m.20 views

CVE-2019-6685

On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, users with access to edit iRules are able to create iRules which can lead to an elevation of privilege, configuration modification, and arbitrary system command execution...

7.8CVSS7.8AI score0.00364EPSS
Exploits0References1
Prion
Prion
added 2019/12/13 9:15 p.m.12 views

Design/Logic Flaw

The processCommandUploadLog function of libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user...

10CVSS9.7AI score0.03645EPSS
Exploits1References1Affected Software2
Prion
Prion
added 2019/12/13 9:15 p.m.14 views

Design/Logic Flaw

The processCommandSetMac function of libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user...

10CVSS9.7AI score0.03645EPSS
Exploits1References1Affected Software2
CVE
CVE
added 2019/12/12 10:11 p.m.359 views

CVE-2018-11805

In Apache SpamAssassin, multiple CVEs (notably CVE-2018-11805 and CVE-2020-1930) describe a command-execution flaw in which crafted configuration files (.cf) can run system commands with same privileges as the spamd process. The root cause is untrusted or crafted rule/config files enabling local ...

7.2CVSS7.1AI score0.00871EPSS
Exploits0References29Affected Software1
CNVD
CNVD
added 2019/12/12 12:0 a.m.5 views

Amazon Blink XT2 Sync Module OS Command Injection Vulnerability (CNVD-2020-09704)

Blink XT2 Sync Module is a camera synchronization device. Amazon Blink XT2 Sync Module suffers from an operating system command injection vulnerability. The vulnerability arises from a network system or product not properly filtering special characters, commands, etc. from external input data...

8.8CVSS7.7AI score0.01664EPSS
Exploits1References1
Metasploit
Metasploit
added 2019/11/01 11:38 p.m.26 views

FusionPBX Command exec.php Command Execution

This module uses administrative functionality available in FusionPBX to gain a shell. The Command section of the application permits users with execview permissions, or superadmin permissions, to execute arbitrary system commands, or arbitrary PHP code, as the web server user. This module has bee...

1AI score
Exploits0
CVE
CVE
added 2019/10/28 11:53 a.m.121 views

CVE-2019-16663

CVE-2019-16663 affects rConfig 3.9.2. An attacker can directly execute system commands by issuing a GET to search.crud.php, where the category command parameter (catCommand) is passed to exec without proper filtering, enabling command execution. The description specifies remote code execution via...

9CVSS9.3AI score0.84696EPSS
Exploits5References5Affected Software1
OSV
OSV
added 2019/10/24 3:15 p.m.3 views

CVE-2019-13652

TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow serviceName OS Command Injection issue 4 of 5...

9.8CVSS7.3AI score0.02812EPSS
Exploits1References1
Prion
Prion
added 2019/10/18 5:15 p.m.18 views

Code injection

DISPUTED An issue was discovered in SageMath Sage Cell Server through 2019-10-05. Python Code Injection can occur in the context of an internet facing web application. Malicious actors can execute arbitrary commands on the underlying operating system, as demonstrated by an...

10CVSS9.9AI score0.02999EPSS
Exploits1References3
CVE
CVE
added 2019/10/17 1:28 p.m.55 views

CVE-2019-14423

CVE-2019-14423 affects the CUx-Daemon addon (version 1.11a) used by eQ-3 Homematic CCU-Firmware, impacting firmware 2.35.16 up to 2.45.6. The issue enables remote authenticated attackers to execute system commands as root over a simple HTTP request due to the described RCE vulnerability. Source d...

9CVSS8.7AI score0.19899EPSS
Exploits1References2Affected Software1
Exploit DB
Exploit DB
added 2019/10/03 12:0 a.m.277 views

PHP 7.0 < 7.3 (Unix) - 'gc' disable_functions Bypass

= 0; $j-- $address = 8; return $out; function write&$str, $p, $v, $n = 8 $i = 0; for$i = 0; $i = 8; function leak$addr, $p = 0, $s = 8 global $abc, $helper; write$abc, 0x68, $addr + $p - 0x10; $leak = strlen$helper-a; if$s != 8 $leak %= 2 $s 8 - 1; return $leak; function parseelf$base $etype =...

7.4AI score
Exploits0
CVE
CVE
added 2019/09/05 8:46 p.m.144 views

CVE-2019-15029

CVE-2019-15029 affects FusionPBX 4.4.8. An attacker can execute arbitrary system commands by submitting a malicious command to the service_edit.php file (command stored in the database). Trigger relies on calling services.php via a GET request with the service id and a=start to execute the stored...

9CVSS8.9AI score0.12318EPSS
Exploits2References3Affected Software1
OSV
OSV
added 2019/08/21 7:15 p.m.4 views

CVE-2019-1984

A vulnerability in Cisco Enterprise Network Functions Virtualization Infrastructure Software NFVIS could allow an authenticated, remote attacker with administrator privileges to overwrite files on the underlying operating system OS of an affected device. The vulnerability is due to improper input...

6.5CVSS6.8AI score0.0157EPSS
Exploits0References1
CVE
CVE
added 2019/08/21 6:30 p.m.42 views

CVE-2019-1984

Cisco NFVIS contains an input validation error in the NFVIS file-system command that, when exploited by an authenticated administrator, can overwrite arbitrary files on the underlying OS. The vulnerability affects Cisco NFVIS versions prior to 3.12.1 (as reported by CNVD) and is addressed by soft...

6.5CVSS6.5AI score0.0157EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/07/04 10:9 p.m.22 views

CVE-2019-13294

AROX School-ERP Pro has a command execution vulnerability. importstud.php and uploadfille.php do not have session control. Therefore an unauthenticated user can execute a command on the system...

9.8AI score0.18753EPSS
Exploits1References2
0day.today
0day.today
added 2019/07/02 12:0 a.m.150 views

Linux Mint 18.3-19.1 - yelp Command Injection Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Exploit from github repro: https://github.com/b1ack0wl/linuxmintpoc class MetasploitModule "Linux Mint 'yelp' URI handler command injection vulnerability", 'Description'...

0.1AI score
Exploits0
OSV
OSV
added 2019/07/01 7:15 p.m.3 views

CVE-2019-7670

Prima Systems FlexAir, Versions 2.3.38 and prior. The application incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component, which could allow attackers to execute commands directly on the operating system...

7.2CVSS7.2AI score0.18306EPSS
Exploits5References4
CNVD
CNVD
added 2019/06/10 12:0 a.m.5 views

Extract add-on for Nextcloud OS Command Injection Vulnerability

Extract add-on for Nextcloud is a set of component applications for Netcloud. An input validation vulnerability exists in Extract add-on for Nextcloud lib/Controller/ExtractionController.php, which allows remote attackers to submit a special request that can be used to execute arbitrary OS comman...

9CVSS7.7AI score0.02555EPSS
Exploits1References1
Rows per page
Query Builder