Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
command injection vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2016-10108
Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/google_analytics.php URL via a modified arg parameter in the POST data.
Western Digital Mycloud Nas 2.11.142
1 Metasploit module
8.5
CVSSv2
CVE-2020-14293
conf_datetime in Secudos DOMOS 5.8 allows remote malicious users to execute arbitrary commands as root via shell metacharacters in the zone field (obtained from the web interface).
Secudos Domos
1 Github repository
9
CVSSv2
CVE-2017-7981
Tuleap prior to 9.7 allows command injection via the PhpWiki 1.3.10 SyntaxHighlighter plugin. This occurs in the Project Wiki component because the proc_open PHP function is used within PhpWiki prior to 1.5.5 with a syntax value in its first argument, and an authenticated Tuleap ...
Enalean Tuleap
Phpwiki Project Phpwiki 1.3.10
1 EDB exploit
9
CVSSv2
CVE-2018-7567
In the Admin Package Manager in Open Ticket Request System (OTRS) 5.0.0 up to and including 5.0.24 and 6.0.0 up to and including 6.0.1, authenticated admins are able to exploit a Blind Remote Code Execution vulnerability by loading a crafted opm file with an embedded CodeInstall ...
Otrs Otrs 6.0.0
Otrs Otrs 6.0.1
Otrs Otrs
7.5
CVSSv2
CVE-2012-5520
The send_to_sourcefire function in manage_sql.c in OpenVAS Manager 3.x prior to 3.0.4 allows remote malicious users to execute arbitrary commands via the (1) IP address or (2) port number field in an OMP request.
Openvas Openvas Manager 3.0
Openvas Openvas Manager 3.0.0
Openvas Openvas Manager 3.0.1
Openvas Openvas Manager 3.0.2
Openvas Openvas Manager 3.0.3
10
CVSSv2
CVE-2014-3829
displayServiceStatus.php in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allows remote malicious users to execute arbitrary commands via shell metacharacters in the (1) session_id or (2) template_id parameter, related to the command_line variabl...
Merethis Centreon 2.5.1
Merethis Centreon Enterprise Server 2.2
1 EDB exploit
NA
CVE-2020-249161
Yaws versions 1.81 through 2.0.7 suffer from remote OS command injection and XML external entity injection vulnerabilities.
9
CVSSv2
CVE-2018-19908
An issue exists in MISP 2.4.9x prior to 2.4.99. In app/Model/Event.php (the STIX 1 import code), an unescaped filename string is used to construct a shell command. This vulnerability can be abused by a malicious authenticated user to execute arbitrary commands by tweaking the ori...
Misp Misp
9.3
CVSSv2
CVE-2009-2261
PeaZIP 2.6.1, 2.5.1, and previous versions on Windows allows user-assisted remote malicious users to execute arbitrary commands via a .zip archive with a .txt file whose name contains | (pipe) characters and a command.
Giorgio Tani Peazip
Giorgio Tani Peazip 2.4.1
Giorgio Tani Peazip 1.10
Giorgio Tani Peazip 1.9.3
Giorgio Tani Peazip 1.6
Giorgio Tani Peazip 1.5
Giorgio Tani Peazip 2.2
Giorgio Tani Peazip 2.1
Giorgio Tani Peazip 1.8.2
Giorgio Tani Peazip 1.8.1
Giorgio Tani Peazip 1.2
Giorgio Tani Peazip 1.1
Giorgio Tani Peazip 2.4
Giorgio Tani Peazip 2.3a
Giorgio Tani Peazip 1.9.2
Giorgio Tani Peazip 1.9.1
Giorgio Tani Peazip 1.9
Giorgio Tani Peazip 1.4
Giorgio Tani Peazip 1.3
Giorgio Tani Peazip 2.6.1
Giorgio Tani Peazip 2.0
Giorgio Tani Peazip 1.11
2 EDB exploits
10
CVSSv2
CVE-2017-6316
Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote malicious users to execute arbitrary shell commands as root via a CGISESSID cookie. On CloudBridge (the former name of NetScaler SD-WAN) devices, the cookie name was CAKEPHP rather than CGISESSID.
Citrix Netscaler Sd-wan
2 EDB exploits
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »