Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
command injection vulnerabilities and exploits
(subscribe to this query)
8.3
CVSSv2
CVE-2018-15380
A vulnerability in the cluster service manager of Cisco HyperFlex Software could allow an unauthenticated, adjacent malicious user to execute commands as the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by conn...
Cisco Hyperflex Hx Data Platform 3.5\\(1a\\)
Cisco Hyperflex Hx Data Platform 3.0\\(1a\\)
NA
CVE-2023-20231
A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote malicious user to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sendin...
Cisco Ios Xe 16.12.4
Cisco Ios Xe 16.12.4a
Cisco Ios Xe 16.12.5
Cisco Ios Xe 16.12.5a
Cisco Ios Xe 16.12.5b
Cisco Ios Xe 16.12.6
Cisco Ios Xe 16.12.6a
Cisco Ios Xe 16.12.7
Cisco Ios Xe 16.12.8
Cisco Ios Xe 16.12.9
Cisco Ios Xe 17.2.2
Cisco Ios Xe 17.2.3
Cisco Ios Xe 17.3.1
Cisco Ios Xe 17.3.1a
Cisco Ios Xe 17.3.1w
Cisco Ios Xe 17.3.1x
Cisco Ios Xe 17.3.1z
Cisco Ios Xe 17.3.2
Cisco Ios Xe 17.3.3
Cisco Ios Xe 17.3.4
Cisco Ios Xe 17.3.4a
Cisco Ios Xe 17.3.4b
7.5
CVSSv2
CVE-2020-35476
A remote code execution vulnerability occurs in OpenTSDB up to and including 2.4.0 via command injection in the yrange parameter. The yrange value is written to a gnuplot file in the /tmp directory. This file is then executed via the mygnuplot.sh shell script. (tsd/GraphHandler.j...
Opentsdb Opentsdb
1 Metasploit module
2 Github repositories
8.5
CVSSv2
CVE-2013-1668
The uploadFile function in upload/index.php in CosCMS prior to 1.822 allows remote administrators to execute arbitrary commands via shell metacharacters in the name of an uploaded file.
Coscms Coscms
Coscms Coscms 1.41
Coscms Coscms 1.3
1 EDB exploit
9
CVSSv2
CVE-2020-3219
A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote malicious user to inject and execute arbitrary commands with administrative privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient va...
Cisco Ios Xe 16.1.1
Cisco Ios Xe 16.1.2
Cisco Ios Xe 16.1.3
Cisco Ios Xe 16.2.1
Cisco Ios Xe 16.2.2
Cisco Ios Xe 16.3.1
Cisco Ios Xe 16.3.1a
Cisco Ios Xe 16.3.2
Cisco Ios Xe 16.3.3
Cisco Ios Xe 16.3.4
Cisco Ios Xe 16.3.5
Cisco Ios Xe 16.3.5b
Cisco Ios Xe 16.3.6
Cisco Ios Xe 16.3.7
Cisco Ios Xe 16.3.8
Cisco Ios Xe 16.3.9
Cisco Ios Xe 16.3.10
Cisco Ios Xe 16.4.1
Cisco Ios Xe 16.4.2
Cisco Ios Xe 16.4.3
Cisco Ios Xe 16.5.1
Cisco Ios Xe 16.5.1a
10
CVSSv2
CVE-2014-3828
Multiple SQL injection vulnerabilities in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allow remote malicious users to execute arbitrary SQL commands via (1) the index_id parameter to views/graphs/common/makeXML_ListMetrics.php, (2) the sid para...
Merethis Centreon 2.5.1
Merethis Centreon Enterprise Server 2.2
2 EDB exploits
5.5
CVSSv2
CVE-2021-1530
A vulnerability in the web-based management interface of Cisco BroadWorks Messaging Server Software could allow an authenticated, remote malicious user to access sensitive information or cause a partial denial of service (DoS) condition on an affected system. This vulnerability i...
Cisco Broadworks Messaging Server 22.0
9
CVSSv2
CVE-2015-2280
snwrite.cgi in AirLink101 SkyIPCam1620W Wireless N MPEG4 3GPP network camera with firmware FW_AIC1620W_1.1.0-12_20120709_r1192.pck allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the mac parameter.
Airlink101 Skyipcam1620w Wireless N Mpeg4 3gpp Firmware 1.1.0-12 20120709
1 EDB exploit
5.5
CVSSv2
CVE-2016-3116
CRLF injection vulnerability in Dropbear SSH prior to 2016.72 allows remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data.
Dropbear Ssh Project Dropbear Ssh
1 EDB exploit
NA
CVE-2023-25826
Due to insufficient validation of parameters passed to the legacy HTTP query API, it is possible to inject crafted OS commands into multiple parameters and execute malicious code on the OpenTSDB host system. This exploit exists due to an incomplete fix that was made when this vu...
Opentsdb Opentsdb
1 Metasploit module
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040
privilege escalation
CVE-2024-4112
CVE-2024-32872
man-in-the-middle
CVE-2024-32788
bypass
CVE-2024-3400
CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »