Total
4530 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-11490 | 1 Zevenet | 1 Zen Load Balancer | 2024-11-21 | 7.2 High |
| Manage::Certificates in Zen Load Balancer 3.10.1 allows remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the index.cgi cert_issuer, cert_division, cert_organization, cert_locality, cert_state, cert_country, or cert_email parameter. | ||||
| CVE-2020-11084 | 1 Ipear Project | 1 Ipear | 2024-11-21 | 6.4 Medium |
| In iPear, the manual execution of the eval() function can lead to command injection. Only PCs where commands are manually executed via "For Developers" are affected. This function allows executing any PHP code within iPear which may change, damage, or steal data (files) from the PC. | ||||
| CVE-2020-11016 | 1 Intelmq Manager Project | 1 Intelmq Manager | 2024-11-21 | 9.1 Critical |
| IntelMQ Manager from version 1.1.0 and before version 2.1.1 has a vulnerability where the backend incorrectly handled messages given by user-input in the "send" functionality of the Inspect-tool of the Monitor component. An attacker with access to the IntelMQ Manager could possibly use this issue to execute arbitrary code with the privileges of the webserver. Version 2.1.1 fixes the vulnerability. | ||||
| CVE-2020-10886 | 1 Tp-link | 2 Ac1750, Ac1750 Firmware | 2024-11-21 | 9.8 Critical |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tmpServer service, which listens on TCP port 20002. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9662. | ||||
| CVE-2020-10882 | 1 Tp-link | 2 Ac1750, Ac1750 Firmware | 2024-11-21 | 8.8 High |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tdpServer service, which listens on UDP port 20002 by default. When parsing the slave_mac parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the root user. Was ZDI-CAN-9650. | ||||
| CVE-2020-10879 | 1 Rconfig | 1 Rconfig | 2024-11-21 | 9.8 Critical |
| rConfig before 3.9.5 allows command injection by sending a crafted GET request to lib/crud/search.crud.php since the nodeId parameter is passed directly to the exec function without being escaped. | ||||
| CVE-2020-10818 | 1 Articatech | 1 Artica Proxy | 2024-11-21 | 7.2 High |
| Artica Proxy 4.26 allows remote command execution for an authenticated user via shell metacharacters in the "Modify the hostname" field. | ||||
| CVE-2020-10808 | 1 Vestacp | 1 Vesta Control Panel | 2024-11-21 | 8.8 High |
| Vesta Control Panel (VestaCP) through 0.9.8-26 allows Command Injection via the schedule/backup Backup Listing Endpoint. The attacker must be able to create a crafted filename on the server, as demonstrated by an FTP session that renames .bash_logout to a .bash_logout' substring followed by shell metacharacters. | ||||
| CVE-2020-10795 | 1 Gira | 2 Tks-ip-gateway, Tks-ip-gateway Firmware | 2024-11-21 | 7.2 High |
| Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to authenticated remote code execution via the backup functionality of the web frontend. This can be combined with CVE-2020-10794 for remote root access. | ||||
| CVE-2020-10789 | 1 It-novum | 1 Openitcockpit | 2024-11-21 | 9.8 Critical |
| openITCOCKPIT before 3.7.3 has a web-based terminal that allows attackers to execute arbitrary OS commands via shell metacharacters that are mishandled on an su command line in app/Lib/SudoMessageInterface.php. | ||||
| CVE-2020-10713 | 5 Debian, Gnu, Opensuse and 2 more | 10 Debian Linux, Grub2, Leap and 7 more | 2024-11-21 | 8.2 High |
| A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||
| CVE-2020-10674 | 1 Perlspeak Project | 1 Perlspeak | 2024-11-21 | 9.8 Critical |
| PerlSpeak through 2.01 allows attackers to execute arbitrary OS commands, as demonstrated by use of system and 2-argument open. | ||||
| CVE-2020-10603 | 1 Advantech | 1 Webaccess\/nms | 2024-11-21 | 8.8 High |
| WebAccess/NMS (versions prior to 3.0.2) does not properly sanitize user input and may allow an attacker to inject system commands remotely. | ||||
| CVE-2020-10583 | 1 Invigo | 1 Automatic Device Management | 2024-11-21 | 8.8 High |
| The /admin/admapi.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote authenticated attackers to execute arbitrary OS commands on the server as the user running the application. | ||||
| CVE-2020-10511 | 1 Hgiga | 1 Oaklouds Ccm\@il | 2024-11-21 | 9.8 Critical |
| HGiga C&Cmail CCMAILQ before olln-base-6.0-418.i386.rpm and CCMAILN before olln-base-5.0-418.i386.rpm contains insecure configurations. Attackers can exploit these flaws to access unauthorized functionality via a crafted URL. | ||||
| CVE-2024-51503 | 1 Trendmicro | 1 Deep Security Agent | 2024-11-21 | 8 High |
| A security agent manual scan command injection vulnerability in the Trend Micro Deep Security 20 Agent could allow an attacker to escalate privileges and execute arbitrary code on an affected machine. In certain circumstances, attackers that have legitimate access to the domain may be able to remotely inject commands to other machines in the same domain. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability locally and must have domain user privileges to affect other machines. | ||||
| CVE-2020-10390 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 7.2 High |
| OS Command Injection in export.php (vulnerable function called from include/functions-article.php) in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by saving the code to be executed as the wkhtmltopdf path via admin/save-settings.php. | ||||
| CVE-2020-10250 | 1 Meinbwa | 2 Direx-pro, Direx-pro Firmware | 2024-11-21 | 9.8 Critical |
| BWA DiREX-Pro 1.2181 devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the PKG parameter to uninstall.php3. | ||||
| CVE-2020-10235 | 1 Froxlor | 1 Froxlor | 2024-11-21 | 8.8 High |
| An issue was discovered in Froxlor before 0.10.14. Remote attackers with access to the installation routine could have executed arbitrary code via the database configuration options that were passed unescaped to exec, because of _backupExistingDatabase in install/lib/class.FroxlorInstall.php. | ||||
| CVE-2020-10216 | 2 Dlink, Trendnet | 4 Dir-825, Dir-825 Firmware, Tew-632brp and 1 more | 2024-11-21 | 8.8 High |
| An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the date parameter in a system_time.cgi POST request. TRENDnet TEW-632BRP 1.010B32 is also affected. | ||||