Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
command injection vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2022-33891
The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter can...
Apache Spark
1 Metasploit module
18 Github repositories
NA
CVE-2015-6298
The admin web interface in Cisco AsyncOS 8.x prior to 8.0.8-113, 8.1.x and 8.5.x prior to 8.5.3-051, 8.6.x and 8.7.x prior to 8.7.0-171-LD, and 8.8.x prior to 8.8.0-085 on Web Security Appliance (WSA) devices allows remote authenticated users to obtain root privileges via crafted...
Cisco Web Security Appliance 8.5.0-497
NA
CVE-2010-4278
operation/agentes/networkmap.php in Pandora FMS prior to 3.1.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the layout parameter in an operation/agentes/networkmap action to index.php.
Artica Pandora Fms 3.1
Artica Pandora Fms 3.0
Artica Pandora Fms 2.0
Artica Pandora Fms 2.1.1
Artica Pandora Fms 1.3.1
Artica Pandora Fms 1.3
Artica Pandora Fms 2.1
Artica Pandora Fms 1.2
Artica Pandora Fms
1 EDB exploit
NA
CVE-2010-4566
The web authentication form in the NT4 authentication component in Citrix Access Gateway Enterprise Edition 9.2-49.8 and previous versions, and the NTLM authentication component in Access Gateway Standard and Advanced Editions before Access Gateway 5.0, allows malicious users to ...
Citrix Access Gateway 9.1-104.5
Citrix Access Gateway 8.1-69.4
Citrix Access Gateway 9.0.71.3
Citrix Access Gateway 8.0
Citrix Access Gateway
Citrix Access Gateway .8.0
Citrix Access Gateway 4.5.5
Citrix Access Gateway 4.5.6
Citrix Access Gateway 4.6.2
Citrix Access Gateway 4.6.3
Citrix Access Gateway 4.5.7
Citrix Access Gateway 4.5
Citrix Access Gateway 4.6.1
2 EDB exploits
NA
CVE-2015-1497
radexecd.exe in Persistent Systems Radia Client Automation (RCA) 7.9, 8.1, 9.0, and 9.1 allows remote malicious users to execute arbitrary commands via a crafted request to TCP port 3465.
Persistent Systems Radia Client Automation 7.9
Persistent Systems Radia Client Automation 8.1
Persistent Systems Radia Client Automation 9.0
Persistent Systems Radia Client Automation 9.1
3 EDB exploits
NA
CVE-2015-5082
Endian Firewall prior to 3.0 allows remote malicious users to execute arbitrary commands via shell metacharacters in the (1) NEW_PASSWORD_1 or (2) NEW_PASSWORD_2 parameter to cgi-bin/chpasswd.cgi.
Endian Firewall Endian Firewall
3 EDB exploits
NA
CVE-2010-4297
The VMware Tools update functionality in VMware Workstation 6.5.x prior to 6.5.5 build 328052 and 7.x prior to 7.1.2 build 301548; VMware Player 2.5.x prior to 2.5.5 build 328052 and 3.1.x prior to 3.1.2 build 301548; VMware Server 2.0.2; VMware Fusion 2.x prior to 2.0.8 build 32...
Vmware Workstation 6.5.0
Vmware Workstation 7.1.2
Vmware Workstation 6.5.5
Vmware Workstation 7.1
Vmware Workstation 7.0.1
Vmware Workstation 6.5.3
Vmware Workstation 6.5.2
Vmware Workstation 6.5.1
Vmware Workstation 7.0
Vmware Workstation 7.1.1
Vmware Player 3.1
Vmware Player 2.5.5
Vmware Player 2.5.3
Vmware Player 2.5
Vmware Player 2.5.4
Vmware Player 3.1.1
Vmware Player 3.1.2
Vmware Player 2.5.1
Vmware Player 2.5.2
Vmware Fusion 2.0.6
Vmware Fusion 2.0
Vmware Fusion 2.0.1
1 EDB exploit
NA
CVE-2022-20655
A vulnerability in the implementation of the CLI on a device that is running ConfD could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient validation of a process argument on an affected device. An attacker coul...
8.8
CVSSv3
CVE-2017-15049
The ZoomLauncher binary in the Zoom client for Linux prior to 2.0.115900.1201 does not properly sanitize user input when constructing a shell command, which allows remote malicious users to execute arbitrary code by leveraging the zoommtg:// scheme handler.
Zoom Zoom
1 EDB exploit
8.8
CVSSv3
CVE-2017-7981
Tuleap prior to 9.7 allows command injection via the PhpWiki 1.3.10 SyntaxHighlighter plugin. This occurs in the Project Wiki component because the proc_open PHP function is used within PhpWiki prior to 1.5.5 with a syntax value in its first argument, and an authenticated Tuleap ...
Enalean Tuleap
Phpwiki Project Phpwiki 1.3.10
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »