Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
command injection vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-36812
OpenTSDB is a open source, distributed, scalable Time Series Database (TSDB). OpenTSDB is vulnerable to Remote Code Execution vulnerability by writing user-controlled input to Gnuplot configuration file and running Gnuplot with the generated configuration. This issue has been pat...
Opentsdb Opentsdb
1 Metasploit module
1 Github repository
10
CVSSv2
CVE-2015-2279
cgi_test.cgi in AirLive BU-2015 with firmware 1.03.18, BU-3026 with firmware 1.43, and MD-3025 with firmware 1.81 allows remote malicious users to execute arbitrary OS commands via shell metacharacters after an "&" (ampersand) in the write_mac write_pid, write_msn, ...
Airlive Bu-2015 Firmware 1.03.18
Airlive Bu-3026 Firmware 1.43
Airlive Md-3025 Firmware 1.81
1 EDB exploit
7.5
CVSSv2
CVE-2013-1177
SQL injection vulnerability in Cisco Network Admission Control (NAC) Manager prior to 4.8.3.1 and 4.9.x prior to 4.9.2 allows remote malicious users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCub23095.
Cisco Network Admission Control Manager And Server System Software 4.8.1
Cisco Network Admission Control Manager And Server System Software 4.9.1
Cisco Network Admission Control Manager And Server System Software 4.9.0
Cisco Network Admission Control Manager And Server System Software
Cisco Network Admission Control Manager And Server System Software 4.8.2
Cisco Network Admission Control Manager And Server System Software 4.8.0
7.2
CVSSv2
CVE-2021-1448
A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local malicious user to execute arbitrary commands with root privileges on the underlying operating system of an affected device that is running in multi-instance mode. This ...
Cisco Firepower Threat Defense
7.5
CVSSv2
CVE-2019-9194
elFinder prior to 2.1.48 has a command injection vulnerability in the PHP connector.
Std42 Elfinder
2 EDB exploits
2 Github repositories
10
CVSSv2
CVE-2021-46422
Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote malicious user to execute OS commands without any authentication.
Telesquare Sdt-cs3b1 Firmware 1.1.0
14 Github repositories
10
CVSSv2
CVE-2014-3418
config/userAdmin/login.tdf in Infoblox NetMRI prior to 6.8.5 allows remote malicious users to execute arbitrary commands via shell metacharacters in the skipjackUsername parameter.
Infoblox Netmri 6.1.2
Infoblox Netmri 6.0.2.42
Infoblox Netmri 6.8.2.11
Infoblox Netmri
Infoblox Netmri 6.2.1.48
Infoblox Netmri 6.2.1
1 EDB exploit
1 Github repository
NA
CVE-2023-34960
A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows malicious users to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name.
Chamilo Chamilo
1 Metasploit module
8 Github repositories
6.5
CVSSv2
CVE-2014-4688
pfSense prior to 2.1.4 allows remote authenticated users to execute arbitrary commands via (1) the hostname value to diag_dns.php in a Create Alias action, (2) the smartmonemail value to diag_smart.php, or (3) the database value to status_rrd_graph_img.php.
Netgate Pfsense
1 EDB exploit
1 Github repository
10
CVSSv2
CVE-2016-10043
An issue exists in Radisys MRF Web Panel (SWMS) 9.0.1. The MSM_MACRO_NAME POST parameter in /swms/ms.cgi exists to be vulnerable to OS command injection attacks. It is possible to use the pipe character (|) to inject arbitrary OS commands and retrieve the output in the applicatio...
Mrf Web Panel 9.0.1
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040
privilege escalation
CVE-2024-4112
CVE-2024-32872
man-in-the-middle
CVE-2024-32788
bypass
CVE-2024-3400
CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »