Vulmon Recent Vulnerabilities Trends Blog About Contact

command injection vulnerabilities and exploits

(subscribe to this query)

10
CVSSv2
CVE-2017-6622
A vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authentication and perform command injection with root privileges. The vulnerability is due to missing security constraints in certain HTTP...
10
CVSSv2
CVE-2019-12929
** DISPUTED ** The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS command injection, which allows the attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been...
6.8
CVSSv2
CVE-2017-5078
Insufficient validation of untrusted input in Blink's mailto: handling in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac allowed a remote attacker to perform command injection via a crafted HTML page, a similar issue to CVE-2004-0121. For example,...
7.2
CVSSv2
CVE-2018-0453
A vulnerability in the Sourcefire tunnel control channel protocol in Cisco Firepower System Software running on Cisco Firepower Threat Defense (FTD) sensors could allow an authenticated, local attacker to execute specific CLI commands with root privileges on the Cisco Firepower...
7.5
CVSSv2
CVE-2017-1000487
Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings....
6.5
CVSSv2
CVE-2019-19487
Command Injection in minPlayCommand.php in Centreon (19.04.4 and below) allows an attacker to achieve command injection via a plugin test....
9
CVSSv2
CVE-2017-6746
A vulnerability in the web interface of the Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid administrator credentials. Affected Products: Cisco...
7.2
CVSSv2
CVE-2018-16741
An issue was discovered in mgetty before 1.2.1. In fax/faxq-helper.c, the function do_activate() does not properly sanitize shell metacharacters to prevent command injection. It is possible to use the ||, &&, or > characters within a file created by the...
10
CVSSv2
CVE-2019-12928
** DISPUTED ** The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection, which allows the remote attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server....
10
CVSSv2
CVE-2020-24916
CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection....
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
remote code executionenviragalleryCVE-2020-27368CVE-2021-23926injectionenvira galleryCVE-2020-6207CVE-2021-21242unspecifiedCVE-2021-24122CVE-2021-0212