Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
command injection vulnerabilities and exploits
(subscribe to this query)
9.1
CVSSv3
CVE-2016-7435
The (1) SCTC_REFRESH_EXPORT_TAB_COMP, (2) SCTC_REFRESH_CHECK_ENV, and (3) SCTC_TMS_MAINTAIN_ALOG functions in the SCTC subpackage in SAP Netweaver 7.40 SP 12 allow remote authenticated users with certain permissions to execute arbitrary commands via vectors involving a CALL '...
Sap Netweaver 7.40
4.3
CVSSv3
CVE-2019-10963
Moxa EDR 810, all versions 5.1 and prior, allows an unauthenticated malicious user to be able to retrieve some log files from the device, which may allow sensitive information disclosure. Log files must have previously been exported by a legitimate user.
Moxa Edr-810 Firmware
1 EDB exploit
7.2
CVSSv3
CVE-2019-10969
Moxa EDR 810, all versions 5.1 and prior, allows an authenticated malicious user to abuse the ping feature to execute unauthorized commands on the router, which may allow an malicious user to perform remote code execution.
Moxa Edr-810 Firmware
1 EDB exploit
6.7
CVSSv3
CVE-2018-1185
An issue exists in EMC RecoverPoint for Virtual Machines versions before 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions before 5.0.1.3. Command injection vulnerability in Admin CLI may allow a malicious user with admin privileges to escape from the restric...
Dell Emc Recoverpoint
Dell Emc Recoverpoint For Virtual Machines
Dell Emc Recoverpoint 5.1.0.0
1 EDB exploit
1 Github repository
8.8
CVSSv3
CVE-2017-6884
A command injection vulnerability exists on the Zyxel EMG2926 home router with firmware V1.00(AAQT.4)b8. The vulnerability is located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute arbitrary commands on the ro...
Zyxel Emg2926 Firmware V1.00\\(aaqt.4\\)b8
1 EDB exploit
8.8
CVSSv3
CVE-2015-4117
Vesta Control Panel prior to 0.9.8-14 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the backup parameter to list/backup/index.php.
Vestacp Control Panel
1 EDB exploit
8.8
CVSSv3
CVE-2021-20039
Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allows a remote authenticated malicious user to inject arbitrary commands as a 'nobody' user. This vulnerability affected SMA 200, 210, 400, 410...
Sonicwall Sma 200 Firmware 9.0.0.11-31sv
Sonicwall Sma 200 Firmware 10.2.0.8-37sv
Sonicwall Sma 200 Firmware 10.2.1.1-19sv
Sonicwall Sma 210 Firmware 9.0.0.11-31sv
Sonicwall Sma 210 Firmware 10.2.0.8-37sv
Sonicwall Sma 210 Firmware 10.2.1.1-19sv
Sonicwall Sma 410 Firmware 9.0.0.11-31sv
Sonicwall Sma 410 Firmware 10.2.0.8-37sv
Sonicwall Sma 410 Firmware 10.2.1.1-19sv
Sonicwall Sma 400 Firmware 9.0.0.11-31sv
Sonicwall Sma 400 Firmware 10.2.0.8-37sv
Sonicwall Sma 400 Firmware 10.2.1.1-19sv
Sonicwall Sma 500v Firmware 9.0.0.11-31sv
Sonicwall Sma 500v Firmware 10.2.0.8-37sv
Sonicwall Sma 500v Firmware 10.2.1.1-19sv
1 Metasploit module
1 Github repository
6.7
CVSSv3
CVE-2021-34721
Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local malicious user to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. For more information about these vulnerabilities,...
Cisco Ios Xr
6.7
CVSSv3
CVE-2021-34722
Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local malicious user to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. For more information about these vulnerabilities,...
Cisco Ios Xr
7.8
CVSSv3
CVE-2022-45639
OS Command injection vulnerability in sleuthkit fls tool 4.11.1 allows malicious users to execute arbitrary commands via a crafted value to the m parameter. NOTE: third parties have disputed this because there is no analysis showing that the backtick command executes outside the ...
Sleuthkit The Sleuth Kit 4.11.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »