Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
command injection vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-46169
Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users. In affected versions a command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a...
Cacti Cacti
1 Metasploit module
42 Github repositories
8.1
CVSSv3
CVE-2016-4338
The mysql user parameter configuration script (userparameter_mysql.conf) in the agent in Zabbix prior to 2.0.18, 2.2.x prior to 2.2.13, and 3.0.x prior to 3.0.3, when used with a shell other than bash, allows context-dependent malicious users to execute arbitrary code or SQL comm...
Zabbix Zabbix 2.0.14
Zabbix Zabbix 2.0.13
Zabbix Zabbix 2.0.6
Zabbix Zabbix 2.0.5
Zabbix Zabbix 2.2.10
Zabbix Zabbix 2.2.9
Zabbix Zabbix 2.0.12
Zabbix Zabbix 2.0.11
Zabbix Zabbix 2.0.4
Zabbix Zabbix 2.0.3
Zabbix Zabbix 2.0.2
Zabbix Zabbix 2.2.8
Zabbix Zabbix 2.2.7
Zabbix Zabbix 2.2.0
Zabbix Zabbix 3.0.2
Zabbix Zabbix 2.2.2
Zabbix Zabbix 2.2.1
Zabbix Zabbix 2.0.17
Zabbix Zabbix 2.0.10
Zabbix Zabbix 2.0.9
Zabbix Zabbix 2.0.1
Zabbix Zabbix 2.0.0
1 EDB exploit
7.2
CVSSv3
CVE-2020-3454
A vulnerability in the Call Home feature of Cisco NX-OS Software could allow an authenticated, remote malicious user to inject arbitrary commands that could be executed with root privileges on the underlying operating system (OS). The vulnerability is due to insufficient input va...
Cisco Nx-os -
6.7
CVSSv3
CVE-2017-6794
A vulnerability in the CLI command-parsing code of Cisco Meeting Server could allow an authenticated, local malicious user to perform command injection and escalate their privileges to root. The attacker must first authenticate to the application with valid administrator credenti...
Cisco Meeting Server 2.0.16
Cisco Meeting Server 2.0.15
Cisco Meeting Server 2.0.14
Cisco Meeting Server 2.0.13
Cisco Meeting Server 2.0.12
Cisco Meeting Server 2.1.11
Cisco Meeting Server 2.0.0
Cisco Meeting Server 2.0.1
Cisco Meeting Server 2.0.3
Cisco Meeting Server 2.0.10
Cisco Meeting Server 2.1.2
Cisco Meeting Server 2.1.7
Cisco Meeting Server 2.1.9
Cisco Meeting Server 2.0.5
Cisco Meeting Server 2.0.7
Cisco Meeting Server 2.1.3
Cisco Meeting Server 2.1.4
Cisco Meeting Server 2.1.5
Cisco Meeting Server 2.1.6
Cisco Meeting Server 2.0.9
Cisco Meeting Server 2.1.0
Cisco Meeting Server 2.1.1
8.2
CVSSv3
CVE-2017-6707
A vulnerability in the CLI command-parsing code of the Cisco StarOS operating system for Cisco ASR 5000 Series 11.0 up to and including 21.0, 5500 Series, and 5700 Series devices and Cisco Virtualized Packet Core (VPC) Software could allow an authenticated, local malicious user t...
Cisco Staros 11.0 Base
Cisco Staros 12.2\\(300\\)
Cisco Staros 14.0.0
Cisco Staros 16.0\\(900\\)
Cisco Staros 16.1.0
Cisco Staros 18.1.0.59776
Cisco Staros 18.1.0.59780
Cisco Staros 18.0.0
Cisco Staros 19.0.m0.61045
Cisco Staros 19.0.1
Cisco Staros 18.4.0
Cisco Staros 19.3.0
Cisco Staros 20.0.1.0
Cisco Staros 20.0.1.a0
Cisco Staros 21.0 Base
Cisco Staros 21.0.0
Cisco Staros 12.1 Base
Cisco Staros 12.2 Base
Cisco Staros 15.0\\(938\\)
Cisco Staros 16.0.0
Cisco Staros 18.1 Base
Cisco Staros 18.1.0
9.1
CVSSv3
CVE-2016-7435
The (1) SCTC_REFRESH_EXPORT_TAB_COMP, (2) SCTC_REFRESH_CHECK_ENV, and (3) SCTC_TMS_MAINTAIN_ALOG functions in the SCTC subpackage in SAP Netweaver 7.40 SP 12 allow remote authenticated users with certain permissions to execute arbitrary commands via vectors involving a CALL '...
Sap Netweaver 7.40
8.8
CVSSv3
CVE-2020-12109
Certain TP-Link devices allow Command Injection. This affects NC200 2.1.9 build 200225, NC210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304.
Tp-link Nc200 Firmware 2.1.6
Tp-link Nc200 Firmware 2.1.9
Tp-link Nc210 Firmware 1.0.3
Tp-link Nc210 Firmware 1.0.4
Tp-link Nc210 Firmware 1.0.9
Tp-link Nc220 Firmware 1.2.0
Tp-link Nc220 Firmware 1.3.0
Tp-link Nc230 Firmware 1.0.3
Tp-link Nc230 Firmware 1.2.1
Tp-link Nc230 Firmware 1.3.0
Tp-link Nc250 Firmware 1.0.8
Tp-link Nc250 Firmware 1.0.10
Tp-link Nc250 Firmware 1.2.1
Tp-link Nc250 Firmware 1.3.0
Tp-link Nc260 Firmware 1.0.5
Tp-link Nc260 Firmware 1.0.6
Tp-link Nc260 Firmware 1.4.1
Tp-link Nc260 Firmware 1.5.0
Tp-link Nc260 Firmware 1.5.2
Tp-link Nc450 Firmware 1.0.15
Tp-link Nc450 Firmware 1.1.2
Tp-link Nc450 Firmware 1.3.4
9.8
CVSSv3
CVE-2022-30525
A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 up to and including 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 up to and including 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 up to and including 5.21 Patch 1, US...
Zyxel Usg Flex 100w Firmware
Zyxel Usg Flex 200 Firmware
Zyxel Usg Flex 500 Firmware
Zyxel Usg Flex 700 Firmware
Zyxel Vpn100 Firmware
Zyxel Vpn1000 Firmware
Zyxel Vpn300 Firmware
Zyxel Vpn50 Firmware
Zyxel Atp100 Firmware
Zyxel Atp100w Firmware
Zyxel Atp200 Firmware
Zyxel Atp500 Firmware
Zyxel Atp700 Firmware
Zyxel Atp800 Firmware
Zyxel Usg Flex 50w Firmware
Zyxel Usg20w-vpn Firmware
1 Metasploit module
17 Github repositories
9.8
CVSSv3
CVE-2023-41109
SmartNode SN200 (aka SN200) 3.21.2-23021 allows unauthenticated OS Command Injection.
Patton Smartnode Sn200 Firmware
7.2
CVSSv3
CVE-2019-10969
Moxa EDR 810, all versions 5.1 and prior, allows an authenticated malicious user to abuse the ping feature to execute unauthorized commands on the router, which may allow an malicious user to perform remote code execution.
Moxa Edr-810 Firmware
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-20065
open redirect
CVE-2024-1086
path traversal
CVE-2024-29825
XXE
CVE-2024-29822
CVE-2024-20696
CVE-2024-3564
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »