Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
command injection vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-83893
Core Security Technologies Advisory - AirLive MD-3025, BU-3026, BU-2015, WL-2000CAM, and POE-200CAM are IP cameras designed for professional surveillance and security applications. The built-in IR LEDs provide high quality nighttime monitoring. These AirLive devices are vulnerabl...
9.8
CVSSv3
CVE-2014-8389
cgi-bin/mft/wireless_mft.cgi in AirLive BU-2015 with firmware 1.03.18 16.06.2014, AirLive BU-3026 with firmware 1.43 21.08.2014, AirLive MD-3025 with firmware 1.81 21.08.2014, AirLive WL-2000CAM with firmware LM.1.6.18 14.10.2011, and AirLive POE-200CAM v2 with firmware LM.1.6.17...
Airlive Bu-3026 Firmware 1.43 21.08.2014
Airlive Md-3025 Firmware 1.81 21.08.2014
Airlive Wl-2000cam Firmware Lm.1.6.18 14.10.2011
Airlive Poe-200cam V2 Firmware Lm.1.6.17.01
Airlive Bu-2015 Firmware 1.03.18 16.06.2014
7.8
CVSSv3
CVE-2022-45639
OS Command injection vulnerability in sleuthkit fls tool 4.11.1 allows malicious users to execute arbitrary commands via a crafted value to the m parameter. NOTE: third parties have disputed this because there is no analysis showing that the backtick command executes outside the ...
Sleuthkit The Sleuth Kit 4.11.1
9.8
CVSSv3
CVE-2022-25765
The package pdfkit from 0.0.0 are vulnerable to Command Injection where the URL is not properly sanitized.
Pdfkit Project Pdfkit
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
9 Github repositories
8.8
CVSSv3
CVE-2019-16663
An issue exists in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to search.crud.php because the catCommand parameter is passed to the exec function without filtering, which can lead to command execution.
Rconfig Rconfig 3.9.2
3 Github repositories
7.8
CVSSv3
CVE-2024-23749
KiTTY versions 0.76.1.13 and before is vulnerable to command injection via the filename variable, occurs due to insufficient input sanitization and validation, failure to escape special characters, and insecure system calls (at lines 2369-2390). This allows an malicious user to a...
9bis Kitty
8.8
CVSSv3
CVE-2023-0830
A vulnerability classified as critical has been found in EasyNAS 1.1.0. Affected is the function system of the file /backup.pl. The manipulation leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be us...
Easynas Easynas 1.1.0
1 Github repository
6.7
CVSSv3
CVE-2018-0477
A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local malicious user to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affected software improperly sanitizes c...
Cisco Ios Xe 16.7\\(1\\)
Cisco Ios Xe 16.7.1
Cisco Ios Xe 15.3\\(3\\)s3.16
6.7
CVSSv3
CVE-2018-0481
A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local malicious user to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affected software improperly sanitizes c...
Cisco Ios Xe 15.3\\(3\\)s3.16
Cisco Ios Xe 16.7.1
Cisco Ios Xe 16.7\\(1\\)
9.8
CVSSv3
CVE-2022-35914
/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI up to and including 10.0.2 allows PHP code injection.
Glpi-project Glpi
12 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »