Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
command injection vulnerabilities and exploits
(subscribe to this query)
9
CVSSv2
CVE-2017-6884
A command injection vulnerability exists on the Zyxel EMG2926 home router with firmware V1.00(AAQT.4)b8. The vulnerability is located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute arbitrary commands on the ro...
Zyxel Emg2926 Firmware V1.00\\(aaqt.4\\)b8
1 EDB exploit
6.5
CVSSv2
CVE-2015-4117
Vesta Control Panel prior to 0.9.8-14 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the backup parameter to list/backup/index.php.
Vestacp Control Panel
1 EDB exploit
9.3
CVSSv2
CVE-2018-20219
An issue exists on Teracue ENC-400 devices with firmware 2.56 and below. After successful authentication, the device sends an authentication cookie to the end user such that they can access the devices web administration panel. This token is hard-coded to a string in the source c...
Teracue Enc-400 Hdmi Firmware
Teracue Enc-400 Hdmi2 Firmware
Teracue Enc-400 Hdsdi Firmware
1 EDB exploit
10
CVSSv2
CVE-2022-30525
A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 up to and including 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 up to and including 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 up to and including 5.21 Patch 1, US...
Zyxel Usg Flex 100w Firmware
Zyxel Usg Flex 200 Firmware
Zyxel Usg Flex 500 Firmware
Zyxel Usg Flex 700 Firmware
Zyxel Vpn100 Firmware
Zyxel Vpn1000 Firmware
Zyxel Vpn300 Firmware
Zyxel Vpn50 Firmware
Zyxel Atp100 Firmware
Zyxel Atp100w Firmware
Zyxel Atp200 Firmware
Zyxel Atp500 Firmware
Zyxel Atp700 Firmware
Zyxel Atp800 Firmware
Zyxel Usg Flex 50w Firmware
Zyxel Usg20w-vpn Firmware
1 Metasploit module
17 Github repositories
9
CVSSv2
CVE-2016-7435
The (1) SCTC_REFRESH_EXPORT_TAB_COMP, (2) SCTC_REFRESH_CHECK_ENV, and (3) SCTC_TMS_MAINTAIN_ALOG functions in the SCTC subpackage in SAP Netweaver 7.40 SP 12 allow remote authenticated users with certain permissions to execute arbitrary commands via vectors involving a CALL '...
Sap Netweaver 7.40
NA
CVE-2023-41109
SmartNode SN200 (aka SN200) 3.21.2-23021 allows unauthenticated OS Command Injection.
Patton Smartnode Sn200 Firmware
NA
CVE-2022-35914
/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI up to and including 10.0.2 allows PHP code injection.
Glpi-project Glpi
10 Github repositories
NA
CVE-2023-23333
There is a command injection vulnerability in SolarView Compact up to and including 6.00, attackers can execute commands by bypassing internal restrictions through downloader.php.
Contec Solarview Compact Firmware
4 Github repositories
7.2
CVSSv2
CVE-2018-0477
A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local malicious user to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affected software improperly sanitizes c...
Cisco Ios Xe 16.7\\(1\\)
Cisco Ios Xe 16.7.1
Cisco Ios Xe 15.3\\(3\\)s3.16
7.2
CVSSv2
CVE-2018-0481
A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local malicious user to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affected software improperly sanitizes c...
Cisco Ios Xe 15.3\\(3\\)s3.16
Cisco Ios Xe 16.7.1
Cisco Ios Xe 16.7\\(1\\)
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
XXE
CVE-2024-34490
SQL injection
CVE-2024-34488
CVE-2024-4507
CVE-2023-7028
CVE-2024-23187
TCP
CVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »