Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
command injection vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2019-9194
elFinder prior to 2.1.48 has a command injection vulnerability in the PHP connector.
Std42 Elfinder
2 EDB exploits
2 Github repositories
9
CVSSv2
CVE-2010-4278
operation/agentes/networkmap.php in Pandora FMS prior to 3.1.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the layout parameter in an operation/agentes/networkmap action to index.php.
Artica Pandora Fms 3.1
Artica Pandora Fms 3.0
Artica Pandora Fms 2.0
Artica Pandora Fms 2.1.1
Artica Pandora Fms 1.3.1
Artica Pandora Fms 1.3
Artica Pandora Fms 2.1
Artica Pandora Fms 1.2
Artica Pandora Fms
1 EDB exploit
9.3
CVSSv2
CVE-2010-4566
The web authentication form in the NT4 authentication component in Citrix Access Gateway Enterprise Edition 9.2-49.8 and previous versions, and the NTLM authentication component in Access Gateway Standard and Advanced Editions before Access Gateway 5.0, allows malicious users to ...
Citrix Access Gateway 9.1-104.5
Citrix Access Gateway 8.1-69.4
Citrix Access Gateway 9.0.71.3
Citrix Access Gateway 8.0
Citrix Access Gateway
Citrix Access Gateway .8.0
Citrix Access Gateway 4.5.5
Citrix Access Gateway 4.5.6
Citrix Access Gateway 4.6.2
Citrix Access Gateway 4.6.3
Citrix Access Gateway 4.5.7
Citrix Access Gateway 4.5
Citrix Access Gateway 4.6.1
2 EDB exploits
7.5
CVSSv2
CVE-2012-5520
The send_to_sourcefire function in manage_sql.c in OpenVAS Manager 3.x prior to 3.0.4 allows remote malicious users to execute arbitrary commands via the (1) IP address or (2) port number field in an OMP request.
Openvas Openvas Manager 3.0
Openvas Openvas Manager 3.0.0
Openvas Openvas Manager 3.0.1
Openvas Openvas Manager 3.0.2
Openvas Openvas Manager 3.0.3
9
CVSSv2
CVE-2018-7567
In the Admin Package Manager in Open Ticket Request System (OTRS) 5.0.0 up to and including 5.0.24 and 6.0.0 up to and including 6.0.1, authenticated admins are able to exploit a Blind Remote Code Execution vulnerability by loading a crafted opm file with an embedded CodeInstall ...
Otrs Otrs 6.0.0
Otrs Otrs 6.0.1
Otrs Otrs
9
CVSSv2
CVE-2017-7981
Tuleap prior to 9.7 allows command injection via the PhpWiki 1.3.10 SyntaxHighlighter plugin. This occurs in the Project Wiki component because the proc_open PHP function is used within PhpWiki prior to 1.5.5 with a syntax value in its first argument, and an authenticated Tuleap ...
Enalean Tuleap
Phpwiki Project Phpwiki 1.3.10
1 EDB exploit
NA
CVE-2022-20655
A vulnerability in the implementation of the CLI on a device that is running ConfD could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient validation of a process argument on an affected device. An attacker coul...
9.3
CVSSv2
CVE-2017-15049
The ZoomLauncher binary in the Zoom client for Linux prior to 2.0.115900.1201 does not properly sanitize user input when constructing a shell command, which allows remote malicious users to execute arbitrary code by leveraging the zoommtg:// scheme handler.
Zoom Zoom
1 EDB exploit
10
CVSSv2
CVE-2016-10108
Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/google_analytics.php URL via a modified arg parameter in the POST data.
Western Digital Mycloud Nas 2.11.142
1 Metasploit module
7.8
CVSSv2
CVE-2021-31605
furlongm openvpn-monitor up to and including 1.1.3 allows %0a command injection via the OpenVPN management interface socket. This can shut down the server via signal%20SIGTERM.
Openvpn-monitor Project Openvpn-monitor
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »