Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
command injection vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-25826
Due to insufficient validation of parameters passed to the legacy HTTP query API, it is possible to inject crafted OS commands into multiple parameters and execute malicious code on the OpenTSDB host system. This exploit exists due to an incomplete fix that was made when this vu...
Opentsdb Opentsdb
1 Metasploit module
1 Github repository
9.8
CVSSv3
CVE-2015-2279
cgi_test.cgi in AirLive BU-2015 with firmware 1.03.18, BU-3026 with firmware 1.43, and MD-3025 with firmware 1.81 allows remote malicious users to execute arbitrary OS commands via shell metacharacters after an "&" (ampersand) in the write_mac write_pid, write_msn, ...
Airlive Bu-2015 Firmware 1.03.18
Airlive Bu-3026 Firmware 1.43
Airlive Md-3025 Firmware 1.81
1 EDB exploit
NA
CVE-2013-1177
SQL injection vulnerability in Cisco Network Admission Control (NAC) Manager prior to 4.8.3.1 and 4.9.x prior to 4.9.2 allows remote malicious users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCub23095.
Cisco Network Admission Control Manager And Server System Software 4.8.1
Cisco Network Admission Control Manager And Server System Software 4.9.1
Cisco Network Admission Control Manager And Server System Software 4.9.0
Cisco Network Admission Control Manager And Server System Software
Cisco Network Admission Control Manager And Server System Software 4.8.2
Cisco Network Admission Control Manager And Server System Software 4.8.0
7.8
CVSSv3
CVE-2021-1448
A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local malicious user to execute arbitrary commands with root privileges on the underlying operating system of an affected device that is running in multi-instance mode. This ...
Cisco Firepower Threat Defense
NA
CVE-2015-6298
The admin web interface in Cisco AsyncOS 8.x prior to 8.0.8-113, 8.1.x and 8.5.x prior to 8.5.3-051, 8.6.x and 8.7.x prior to 8.7.0-171-LD, and 8.8.x prior to 8.8.0-085 on Web Security Appliance (WSA) devices allows remote authenticated users to obtain root privileges via crafted...
Cisco Web Security Appliance 8.5.0-497
10
CVSSv3
CVE-2016-10043
An issue exists in Radisys MRF Web Panel (SWMS) 9.0.1. The MSM_MACRO_NAME POST parameter in /swms/ms.cgi exists to be vulnerable to OS command injection attacks. It is possible to use the pipe character (|) to inject arbitrary OS commands and retrieve the output in the applicatio...
Mrf Web Panel 9.0.1
1 EDB exploit
9.8
CVSSv3
CVE-2023-34960
A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows malicious users to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name.
Chamilo Chamilo
1 Metasploit module
8 Github repositories
9.8
CVSSv3
CVE-2021-46422
Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote malicious user to execute OS commands without any authentication.
Telesquare Sdt-cs3b1 Firmware 1.1.0
14 Github repositories
NA
CVE-2014-4688
pfSense prior to 2.1.4 allows remote authenticated users to execute arbitrary commands via (1) the hostname value to diag_dns.php in a Create Alias action, (2) the smartmonemail value to diag_smart.php, or (3) the database value to status_rrd_graph_img.php.
Netgate Pfsense
1 EDB exploit
1 Github repository
NA
CVE-2014-3418
config/userAdmin/login.tdf in Infoblox NetMRI prior to 6.8.5 allows remote malicious users to execute arbitrary commands via shell metacharacters in the skipjackUsername parameter.
Infoblox Netmri 6.1.2
Infoblox Netmri 6.0.2.42
Infoblox Netmri 6.8.2.11
Infoblox Netmri
Infoblox Netmri 6.2.1.48
Infoblox Netmri 6.2.1
1 EDB exploit
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »