4305 matches found
D-Link NAS nas_sharing.cgi command injection
Added: 04/24/2024 CVE: CVE-2024-3273 Background D-Link Network Attached Storage NAS devices allow different clients to connect to a centralized disk on a Local Area Network LAN. Problem A backdoor and a command injection vulnerability in the nassharing.cgi script allow a remote attacker to execut...
JetBrains TeamCity authentication bypass
Added: 10/03/2023 Background JetBrains TeamCity is a continuous integration tool for DevOps teams. Problem An authentication bypass vulnerability in JetBrains TeamCity could allow remote attackers to execute arbitrary commands. Resolution Upgrade to TeamCity 2023.05.4 or higher. References...
Windows SMBv1 Transaction race condition
Added: 03/15/2018 CVE: CVE-2017-0146 BID: 96707 Background Server Message Block SMB is the protocol used by Microsoft Windows computers to communicate over a network. SMBv1 was the first version of this protocol and is still supported by modern Windows versions. Problem A race condition when...
FileCatalyst Workflow ftpservlet file upload
Added: 04/08/2024 Background FileCatalyst Workflow is a managed file transfer product. Problem The ftpservlet component in the FileCatalyst Workflow web portal is affected by a directory traversal vulnerability which could allow an anonymous user to upload files to arbitrary locations. This leads...
Netgear R7000 Router remote command execution
Added: 07/01/2020 Background Netgear R7000 is a line of wireless routers. Problem A vulnerability in the web interface could allow unauthenticated attackers to execute arbitrary commands on the device. Resolution Disable access to the web interface from the public network. References...
Microsoft Word and WordPad RTF HTA handler command execution
Added: 04/20/2017 CVE: CVE-2017-0199 BID: 97498 Background Rich Text Format RTF is a text file format supported by various Microsoft products and word processors. RTF supports text styling, images, and embedded objects. Problem A vulnerability in Microsoft Word and WordPad could allow command...
Oracle WebLogic Server IIS Connector JSESSIONID buffer overflow
Added: 04/10/2009 CVE: CVE-2008-5457 BID: 33177 Background Oracle WebLogic Server formerly BEA WebLogic Server is a Java web application platform. Problem A buffer overflow vulnerability in the WebLogic IIS connector allows remote attackers to execute arbitrary commands by sending a long, special...
Ruby on Rails local names command execution
Added: 07/29/2020 CVE: CVE-2020-8163 Background Ruby on Rails is a web application framework written in Ruby. Problem Rails applications that allow users to control the names of local variable are affected by a vulnerability that could allow a remote attacker to execute arbitrary commands...
SAP Crystal Reports PrintControl.dll ServerResourceVersion buffer overflow
Added: 12/22/2010 CVE: CVE-2010-2590 BID: 45387 OSVDB: 69917 Background SAP Crystal Reports allows developers to design interactive reports from virtually any data source. Problem A buffer overflow vulnerability in the PrintControl.dll ActiveX control allows command execution when a user loads a...
Apache Struts forced OGNL evaluation incomplete fix
Added: 04/26/2022 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Struts uses Object-Graph Navigation Language OGNL to...
phpMyAdmin preg_replace from_prefix sanitization vulnerability
Added: 05/20/2013 CVE: CVE-2013-3238 BID: 59460 OSVDB: 92793 Background phpMyAdmin is a free software tool, written in PHP, designed to handle the administration of MySQL over the Web. Problem phpMyAdmin before 3.5.8.1 is vulnerable to code injection as a result of failure to sanitize input passe...
React Native Community CLI remote command execution
Added: 02/04/2026 Background React Native is a framework for building mobile JavaScript applications. React Native Community CLI is a collection of command line tools that help developers build React Native mobile applications. Problem A vulnerability in React Native Community CLI when running wi...
MediaTek wappd buffer overflow
Added: 09/30/2024 Background MediaTek Wi-Fi chipsets and SoftAP driver bundles include wappd , a network daemon responsible for configuring and managing wireless interfaces and access points. Problem A buffer overflow in wappd could allow remote code execution on a large variety of devices...
pfSense pfBlockerNG Host header command injection
Added: 12/23/2022 Background pfSense is an open-source network firewall based on the FreeBSD operating system. pfSense is the software which powers Netgate Security Gateway Appliances. pfBlockerNG is a pfSense package which allows creation of firewall rules on the appliance. Problem A vulnerabili...
VMware vCenter Server local privilege elevation
Added: 12/12/2022 Background VMware vCenter Server is server management software for controlling VMware vSphere environments. Problem Improper permissions on the java-wrapper-vmon file allow authenticated, unprivileged attackers to gain root privileges. Resolution Upgrade to vCenter Server 7.0 U2...
HP Data Protector Manager MMD Service Stack Buffer Overflow
Added: 12/10/2010 BID: 45128 Background HP Data Protector is a backup solution for enterprise and distributed environments. The Data Protector environment consists of a Cell Manager, backup agents, and backup device servers. The Cell Manager is the central point from which backup agents and devic...
Citadel SMTP server RCPT TO buffer overflow
Added: 05/12/2008 CVE: CVE-2008-0394 BID: 27376 OSVDB: 40516 Background Citadel is an open-source e-mail and collaboration server. Problem A buffer overflow vulnerability in the makeuserkey function allows remote attackers to execute arbitrary commands by sending a long, specially crafted RCPT TO...
Windows Shell LNK file CONTROL item command execution
Added: 07/22/2010 CVE: CVE-2010-2568 BID: 41732 OSVDB: 66387 Background Microsoft Windows supports LNK files, also known as shortcuts, which are references to other files. Shortcuts can be placed in a location which is convenient for users such as the Desktop or Start menu, from which they can be...
Apache mod_rewrite LDAP URL buffer overflow
Added: 06/22/2007 CVE: CVE-2006-3747 BID: 19204 OSVDB: 27588 Background modrewrite is an Apache module which allows rule-based modification of URL requests. Problem An off-by-one buffer overflow vulnerability in modrewrite allows command execution when the escapeabsoluteuri function attempts to...
Atlassian Confluence Data Center and Server broken access control
Added: 11/02/2023 Background Atlassian Confluence is a collaboration and knowledge management application. Problem Broken access control in Atlassian Confluence Data Center and Server could allow a remote attacker to create an administrator account, leading to remote command execution. Resolution...
ShellShock DHCP Server
Added: 11/20/2014 CVE: CVE-2014-6271 BID: 70103 OSVDB: 112004 Background Bash is vulnerable to command injection using environment variables. When an application takes user input and uses setenv a malicious actor is able to execute commands on the target in the security context of the running...
Schneider Electric StruxureWare Building Operation Automation Server msh bypass
Added: 03/14/2016 CVE: CVE-2016-2278 Background The Schneider Electric StruxureWare Building Operation software suite provides integrated monitoring, control, and management of energy, HVAC, lighting and fire safety. The Automation Server is a building automation system for small and medium-sized...
vBulletin remote command execution via the widgetConfig[code] parameter
Added: 09/27/2019 Background vBulletin is a commercial web bulletin board application written in PHP using MySQL. Problem vBulletin allows remote command execution via the widgetConfigcode parameter in an ajax/render/widgetphp routestring request. Resolution Upgrade vBulletin to version higher th...
F5 BIG-IP iControl REST vulnerability
Added: 05/13/2022 CVE: CVE-2022-1388 Background F5 BIG-IP is a suite of network security products. Problem An authentication bypass vulnerability in the iControl REST service allows remote attackers to execute arbitrary commands. Resolution Upgrade to one of the fixed versions referenced in...
Bash environment variable command injection in Cisco UCS Manager
Added: 03/24/2016 CVE: CVE-2014-6278 BID: 70166 Background GNU Bash Bourne Again SHell is a command shell commonly used on Linux and Unix systems. Cisco UCS Manager is a product for management of Cisco UCS and Cisco HyperFlex infrastructure. Problem The Bash shell executes commands injected after...
IIS Unicode Directory Traversal
Added: 07/03/2006 CVE: CVE-2000-0884 BID: 1806 OSVDB: 436 Background Microsoft IIS is a web server for Windows platforms. Problem Microsoft IIS 4.0 and 5.0 allow path validation checks to be bypassed by encoding invalid characters in Unicode. For example, a slash character is represented as %c0%a...
FortiWLM progressfile command injection
Added: 03/18/2024 Background Fortinet Wireless Manager FortiWLM allows you to manage wireless networks on FortiGates. Problem A command injection vulnerability allows unauthenticated attackers to execute arbitrary commands by calling the deleteprogressfile function with a specially crafted...
Zyxel Firewall SetWanPortSt command injection
Added: 05/20/2022 Background Zyxel Firewalls are a business solution providing protection from malware and unauthorized access. Problem Zyxel USG FLEX, ATP series, and VPN series firewalls are affected by a vulnerability in the SetWanPortSt command which could allow an attacker to inject arbitrar...
Joomla Object Injection
Added: 10/24/2019 Background Joomla is a content management system written in PHP. Problem An object injection vulnerability in Joomla could allow a remote, unauthenticated attacker to execute arbitrary commands on the server. This vulnerability has been nicknamed "Rusty Joomla". Resolution Upgra...
Red Hat DHCP client NetworkManager integration script command injection
Added: 05/18/2018 CVE: CVE-2018-1111 BID: 104195 Background The DHCP client on Red Hat Enterprise Linux includes a script which provides integration with the NetworkManager subsystem. Problem A command injection vulnerability in the NetworkManager integration script could allow arbitrary command...
Edimax IP Camera NTP_serverName command injection
Added: 03/21/2025 CVE: CVE-2025-1316 Background Edimax IP Cameras are a product line of security cameras which send video footage over an IP network. Problem A command injection vulnerability in the NTPserverName POST parameter of an update request allows remote attackers to execute arbitrary...
Rejetto HTTP File Server template injection
Added: 07/10/2024 Background Rejetto HTTP File Server is a web-based file system application. Problem A template injection vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted GET request. Resolution Upgrade to a version higher than HTTP File Server H...
Unraid webGui remote code execution
Added: 04/30/2020 CVE: CVE-2020-5847 Background Unraid is a network-attached storage operating system. It runs a web-based graphical user interface webGui written in PHP. Problem The Unraid webGui uses the PHP extract function to load all GET parameters into the application as variables, allowing...
Swift Mailer PwnScriptum Command Injection
Added: 01/17/2017 BID: 95140 Background Swift Mailer is a component-based library used for sending email from PHP. It is used by many PHP programming frameworks, e.g., Yii2, Laraval, and Symfony. Problem Swift Mailer library mail transport SwiftTransportMailTransport is vulnerable to command...
MITRE Caldera dynamic compilation command injection
Added: 02/28/2025 Background MITRE Caldera is a security platform for emulating adversaries. Problem The dynamic compilation functionality in the Manx and Sandcat agents is affected by an injection vulnerability which could allow remote command execution. Resolution Upgrade to Caldera 5.1.0 or...
Apache HTTP Server path traversal
Added: 10/21/2021 Background Apache HTTP Server is an HTTP server implementation for Linux and Windows. Problem A path traversal vulnerability allows remote attackers to execute arbitrary commands in certain configurations if CGI scripts are enabled. Resolution Upgrade to Apache HTTP Server 2.4.5...
Zimbra Collaboration Suite ProxyServlet Server Side Request Forgery
Added: 06/06/2019 CVE: CVE-2019-9621 Background Zimbra Collaboration Suite is an email, calendar, and collaboration solution for enterprises. Problem The ProxyServlet component allows a remote attacker to upload arbitrary files, which can then be executed, using XML External Entity injection and...
Oracle WebLogic Apache Commons library deserialization vulnerability
Added: 11/20/2015 CVE: CVE-2015-4852 BID: 77539 Background Oracle WebLogic Server formerly BEA WebLogic Server is a Java web application platform. Apache Commons is a widely used Java library which is included in WebLogic Server. Problem A vulnerability in the Apache Commons library used by Oracl...
Ivanti Cloud Services Appliance exec cookie command injection
Added: 03/26/2024 Background Ivanti Cloud Services Appliance CSA is an appliance that connects the console and managed devices over the Internet. Problem Cloud Services Appliance 4.5 and 4.6 are affected by a vulnerability which could allow a remote unauthenticated attacker to inject arbitrary...
Ivanti EPMM remote code execution
Added: 02/02/2026 CVE: CVE-2026-1281 Background Ivanti Endpoint Manager Mobile, formerly MobileIron Core, is a security and Unified Endpoint Management UEM tool. Problem A command injection vulnerability in Ivanti EPMM could allow an unauthenticated attacker to execute arbitrary commands by sendi...
Atlassian Confluence Server OGNL Remote Code Execution
Added: 09/20/2021 Background Atlassian Confluence is a collaboration and knowledge management application. Problem Atlassian Confluence has an OGNL injection vulnerability that would allow an unauthenticated user to execute arbitrary code on a Confluence Server. Resolution Upgrade to Confluence...
ShellShock DHCP Server
Added: 11/20/2014 CVE: CVE-2014-6271 BID: 70103 OSVDB: 112004 Background Bash is vulnerable to command injection using environment variables. When an application takes user input and uses setenv a malicious actor is able to execute commands on the target in the security context of the running...
Splunk Search Jobs Remote Code Execution
Added: 01/13/2012 CVE: CVE-2011-4642 BID: 51061 OSVDB: 77695 Background Splunk collects, indexes and harnesses the massive volumes of valuable machine data generated by your complex IT infrastructure, whether physical, virtual or in the cloud. Problem Splunk allows users to perform search actions...
op5 Monitor Nacoma command execution
Added: 07/01/2016 Background op5 Monitor is an open-source monitoring solution written in PHP. Problem The commandtest.php script in the Nacoma component of op5 Monitor can be used to execute arbitrary operating system commands. Resolution Upgrade to op5 Monitor 7.2.0 or higher. References...
Samsung iPOLiS Device Manager ReadConfigValue vulnerability
Added: 04/27/2015 CVE: CVE-2015-0555 OSVDB: 118668 Background Samsung iPOLiS Device Manager is software for managing network devices. It comes with an ActiveX control called XnsSdkDeviceIpInstaller.ocx. Problem A buffer overflow vulnerability in the ReadConfigValue and WriteConfigValue methods in...
FortiNAC keyUpload.jsp command execution
Added: 02/24/2023 Background FortiNAC is a network access control solution. Problem A vulnerability in the keyUpload.jsp resource allows remote attackers to write arbitrary files by uploading a specially crafted zip file, leading to command execution. Resolution Upgrade to FortiNAC 7.2.0, 9.1.8,...
Ruby on Rails local names command execution
Added: 07/29/2020 CVE: CVE-2020-8163 Background Ruby on Rails is a web application framework written in Ruby. Problem Rails applications that allow users to control the names of local variable are affected by a vulnerability that could allow a remote attacker to execute arbitrary commands...
Windows SMB PsImpersonateClient null token vulnerability
Added: 07/13/2017 CVE: CVE-2017-0144 BID: 96704 Background Server Message Block SMB is the protocol used by Microsoft Windows computers to communicate over a network. Problem A remote attacker can execute arbitrary commands with SYSTEM privileges by overwriting the token to a null value and forci...
Netop Remote Control DWS File Stack Buffer Overflow
Added: 05/11/2012 BID: 47631 OSVDB: 72291 Background NetOp Remote Control provides secure remote control and support for workstations, servers, embedded systems, and mobile devices. Problem NetOp Remote Control is vulnerable to stack buffer overflow as a result of failing to properly sanitize...
Microsoft Office ClickOnce Unsafe Execution
Added: 01/16/2012 CVE: CVE-2012-0013 BID: 51284 OSVDB: 78207 Background ClickOnce is a deployment technology that allows developers to create self-updating Windows-based applications that can be installed and run with minimal user interaction. A ClickOnce application is any Windows Presentation...