Loading...
Loading...
3,740 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a web user interface that allows a user to manage the device. As a part of the functionality the device firmware file contains a file known a…
An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a web user interface that allows a user to manage the device. As a part of the functionality the device firmware file contains a file known a…
An unauthenticated network-based attacker able to send a maliciously crafted LLDP packet to the local segment, through a local segment broadcast, may be able to cause a Junos device to enter an improper boundary check condition allowing a …
A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to perform a command injection attack on an affected system. The vulnerabil…
A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected operating…
A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, high-privileged, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validati…
A vulnerability in the web-based UI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware before 11.2(1) could allow an authenticated, remote attacker to perform a command injection and execute commands with the privile…
A vulnerability in the vManage dashboard for the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an af…
A vulnerability in the Zero Touch Provisioning (ZTP) subsystem of the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insuf…
A vulnerability in the CLI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attack…
A vulnerability in the VPN subsystem configuration in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient inp…
A vulnerability in the command-line tcpdump utility in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient inp…
A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an authenticated, remote attacker to ex…
A vulnerability in the CronJob scheduler API of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to incorrect input validation of …
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject and execute arbitrary commands with root privileges on an affected devic…
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject and execute arbitrary commands with root privileges on an affected devic…
A vulnerability in the command-line interface (CLI) in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient inp…
A vulnerability in the web-based management interface of Cisco Cloud Services Platform 2100 could allow an authenticated, remote attacker to perform command injection. The vulnerability is due to insufficient input validation of command in…
A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affec…
A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affec…
Command injection vulnerability in LDAP Server in QNAP QTS 4.2.6 build 20171208, QTS 4.3.3 build 20180402, QTS 4.3.4 build 20180413 and their earlier versions could allow remote attackers to run arbitrary commands or install malware on the…
Command injection vulnerability in Helpdesk versions 1.1.21 and earlier in QNAP QTS 4.2.6 build 20180531, QTS 4.3.3 build 20180528, QTS 4.3.4 build 20180528 and their earlier versions could allow remote attackers to run arbitrary commands …
Command injection vulnerability in Music Station 5.1.2 and earlier versions in QNAP QTS 4.3.3 and 4.3.4 could allow remote attackers to run arbitrary commands in the compromised application.
This command injection vulnerability in Music Station allows attackers to execute commands on the affected device. To fix the vulnerability, QNAP recommend updating Music Station to their latest versions.
This command injection vulnerability in File Station allows attackers to execute commands on the affected device. To fix the vulnerability, QNAP recommend updating QTS to their latest versions.
Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial…
NETGEAR has released fixes for a pre-authentication command injection in request_handler.php security vulnerability on the following product models: WC7500, running firmware versions prior to 6.5.3.5; WC7520, running firmware versions prio…
DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local…
The web-based diagnostics console in Dell EMC iDRAC6 (Monolithic versions prior to 2.91 and Modular all versions) contains a command injection vulnerability. A remote authenticated malicious iDRAC user with access to the diagnostics consol…
Dell EMC iDRAC7/iDRAC8, versions prior to 2.60.60.60, and iDRAC9 versions prior to 3.21.21.21 contain a command injection vulnerability in the SNMP agent. A remote authenticated malicious iDRAC user with configuration privileges could pote…
An OS command injection vulnerability in the web administration component of Micro Focus Secure Messaging Gateway (SMG) allows a remote attacker authenticated as a privileged user to execute arbitrary OS commands on the SMG server. This ca…
Green Packet WiMax DV-360 2.10.14-g1.0.6.1 devices allow Command Injection, with unauthenticated remote command execution, via a crafted payload to the HTTPS port, because lighttpd listens on all network interfaces (including the external …
It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode. This is done by setting debug=True in file /usr/bin/rbd-target-api provided by ceph-isci-cli package. This all…
Command Injection vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to run arbitrary commands on the NAS.
A system command injection vulnerability in zyshclient in ZyXEL NSA325 V2 version 4.81 allows attackers to execute system commands via the web application API.
An authenticated attacker can execute arbitrary code using command ejection in Eltex ESP-200 firmware version 1.2.0.
Aruba Instant 4.x prior to 6.4.4.8-4.2.4.12, 6.5.x prior to 6.5.4.11, 8.3.x prior to 8.3.0.6, and 8.4.x prior to 8.4.0.1 allows Command injection.
A command Injection in ps package versions <1.0.0 for Node.js allowed arbitrary commands to be executed when attacker controls the PID.
A command injection vulnerability in libnmapp package for versions <0.4.16 allows arbitrary commands to be executed via arguments to the range options.
A command injection vulnerability in the apex-publish-static-files npm module version <2.0.1 which allows arbitrary shell command execution through a maliciously crafted argument.
The web application on Xerox AltaLink B80xx before 100.008.028.05200, C8030/C8035 before 100.001.028.05200, C8045/C8055 before 100.002.028.05200, and C8070 before 100.003.028.05200 allows unauthenticated command injection.
A Command Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.
An attacker could inject commands to delete files and/or delete the contents of a file on CX-Supervisor (Versions 3.42 and prior) through a specially crafted project file.
An attacker could inject commands to launch programs and create, write, and read files on CX-Supervisor (Versions 3.42 and prior) through a specially crafted project file. An attacker could exploit this to execute code under the privileges…
A command injection vulnerability exists when the authorized user passes crafted parameter to background process in the router. This affects 360 router series products (360 Safe Router P0,P1,P2,P3,P4), the affected version is V2.0.61.58897.
Foxit PDF ActiveX before 5.5.1 allows remote code execution via command injection because of the lack of a security permission control.
A command injection can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031 when the JavaScript API app.launchURL is used. An attacker can leverage this to gain remote code execution.
A command injection can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) 5.4.0.1031 when parsing a launch action. An attacker can leverage this to gain remote code execution.
A command injection can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031 when using the Open File action on a Field. An attacker can leverage this to gain remote code execution.
FreeSWITCH through 1.8.2, when mod_xml_rpc is enabled, allows remote attackers to execute arbitrary commands via the api/system or txtapi/system (or api/bg_system or txtapi/bg_system) query string on TCP port 8080, as demonstrated by an ap…
EchelonGraph correlates every CVE — across CWE-77 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →