command injection vulnerabilities and exploits

(subscribe to this query)

8.8

CVSSv3

FusionCompute 8.0.0 have a command injection vulnerability. The software does not sufficiently validate certain parameters post from user, successful exploit could allow an authenticated attacker to launch a command injection attack....

Huawei Fusioncompute 8.0.0

7.8

CVSSv3

An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parameter is not sanitized. It could allow for command injection if untrusted input can reach it, because popen is used....

Mgetty Project Mgetty

8.8

CVSSv3

Trendnet AC2600 TEW-827DRU version 2.08B01 is vulnerable to command injection. The system log functionality of the firmware allows for command injection as root by supplying a malformed parameter....

Trendnet Tew-827dru Firmware 2.08b01

6.1

CVSSv3

CRLF injection vulnerability in the CLI command documentation in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors....

Jenkins Jenkins Redhat Openshift 3.1

7.2

CVSSv3

VCM5010 with software versions earlier before V100R002C50SPC100 has a command injection vulnerability. This is due to insufficient validation of user's input. An authenticated attacker could launch a command injection attack....

Huawei Vcm5010 Firmware

8.8

CVSSv3

An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication). The command injection exists in the key ip_addr....

Trendnet Tew-827dru Firmware

7

CVSSv3

The allow_execmod plugin for setroubleshoot before 3.2.23 allows local users to execute arbitrary commands by triggering an execmod SELinux denial with a crafted binary filename, related to the commands.getstatusoutput function....

Setroubleshoot Project Setroubleshoot Redhat Enterprise Linux Workstation 7.0 Redhat Enterprise Linux Desktop 7.0 Redhat Enterprise Linux Server 7.0 Redhat Enterprise Linux Hpc Node 7.0

NA

wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via a crafted frame....

W1.fi Hostapd 0.7.2 W1.fi Hostapd 1.0 W1.fi Hostapd 1.1 W1.fi Wpa Supplicant 2.0 W1.fi Wpa Supplicant 2.1 Canonical Ubuntu Linux 10.04 Canonical Ubuntu Linux 12.04 W1.fi Hostapd 2.2 W1.fi Wpa Supplicant 0.72 W1.fi Hostapd 2.0 W1.fi Hostapd 2.1 W1.fi Wpa Supplicant 2.2 Canonical Ubuntu Linux 14.04 Debian Debian Linux 6.0 W1.fi Wpa Supplicant 1.0 W1.fi Wpa Supplicant 1.1

8.8

CVSSv3

Ruckus Wireless H500 web management interface authenticated command injection...

Ruckus Wireless H500 -

8.8

CVSSv3

A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root...

Sssd Sssd 2.6.0 Redhat Virtualization 4.0 Redhat Virtualization Host 4.0 Redhat Enterprise Linux 6.0 Redhat Enterprise Linux 7.0 Redhat Enterprise Linux 8.0 Redhat Enterprise Linux Eus 8.1 Redhat Enterprise Linux Eus 8.2 Redhat Enterprise Linux Server Aus 8.2 Redhat Enterprise Linux Server Aus 8.4 Redhat Enterprise Linux Server Tus 8.2 Redhat Enterprise Linux Server Tus 8.4 Fedoraproject Fedora 34

Get Started

« PREV 1 2 3 4 5 6 7 8 9 10 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook