Total
4430 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-11409 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 8.8 High |
| app/operator_panel/exec.php in the Operator Panel module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation that allows authenticated non-administrative attackers to execute commands on the host. This can further lead to remote code execution when combined with an XSS vulnerability also present in the FusionPBX Operator Panel module. | ||||
| CVE-2019-11399 | 1 Trendnet | 6 Tew-651br, Tew-651br Firmware, Tew-652brp and 3 more | 2024-11-21 | 9.8 Critical |
| An issue was discovered on TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices. OS command injection occurs through the get_set.ccp lanHostCfg_HostName_1.1.1.0.0 parameter. | ||||
| CVE-2019-11364 | 1 Prophecyinternational | 1 Snare Central | 2024-11-21 | N/A |
| An OS Command Injection vulnerability in Snare Central before 7.4.5 allows remote authenticated attackers to inject arbitrary OS commands via the ServerConf/DataManagement/DiskManager.php FORMNAS_share parameter. | ||||
| CVE-2019-11355 | 1 Polycom | 1 Hdx System Software | 2024-11-21 | 7.2 High |
| An issue was discovered in Poly (formerly Polycom) HDX 3.1.13. A feature exists that allows the creation of a server / client certificate, or the upload of the user certificate, on the administrator's page. The value received from the user is the factor value of a shell script on the equipment. By entering a special character (such as a single quote) in a CN or other CSR field, one can insert a command into a factor value. A system command can be executed as root. | ||||
| CVE-2019-11353 | 1 Engeniustech | 2 Ews660ap, Ews660ap Firmware | 2024-11-21 | N/A |
| The EnGenius EWS660AP router with firmware 2.0.284 allows an attacker to execute arbitrary commands using the built-in ping and traceroute utilities by using different payloads and injecting multiple parameters. This vulnerability is fixed in a later firmware version. | ||||
| CVE-2019-11322 | 1 Motorola | 4 Cx2, Cx2 Firmware, M2 and 1 more | 2024-11-21 | N/A |
| An issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a command injection in the function startRmtAssist in hnap, which leads to remote code execution via shell metacharacters in a JSON value. | ||||
| CVE-2019-11319 | 1 Motorola | 4 Cx2, Cx2 Firmware, M2 and 1 more | 2024-11-21 | N/A |
| An issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a command injection in the function downloadFirmware in hnap, which leads to remote code execution via shell metacharacters in a JSON value. | ||||
| CVE-2019-11224 | 1 Harman | 2 Amx Mvp5150, Amx Mvp5150 Firmware | 2024-11-21 | N/A |
| HARMAN AMX MVP5150 v2.87.13 devices allow remote OS Command Injection. | ||||
| CVE-2019-11062 | 1 Sun.net | 1 Wmpro | 2024-11-21 | 9.8 Critical |
| The SUNNET WMPro v5.0 and v5.1 for eLearning system has OS Command Injection via "/teach/course/doajaxfileupload.php". The target server can be exploited without authentication. | ||||
| CVE-2019-10958 | 1 Geutebrueck | 22 G-cam Ebc-2110, G-cam Ebc-2110 Firmware, G-cam Ebc-2111 and 19 more | 2024-11-21 | 7.2 High |
| Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to network configuration to supply system commands to the server, leading to remote code execution as root. | ||||
| CVE-2019-10956 | 1 Geutebrueck | 22 G-cam Ebc-2110, G-cam Ebc-2110 Firmware, G-cam Ebc-2111 and 19 more | 2024-11-21 | 7.2 High |
| Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated user, using a specially crafted URL command, to execute commands as root. | ||||
| CVE-2019-10883 | 1 Citrix | 2 Citrix Sd-wan Center, Netscaler Sd-wan Center | 2024-11-21 | N/A |
| Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow Command Injection. | ||||
| CVE-2019-10880 | 1 Xerox | 10 Colorqube 8700, Colorqube 8700 Firmware, Colorqube 8900 and 7 more | 2024-11-21 | N/A |
| Within multiple XEROX products a vulnerability allows remote command execution on the Linux system, as the "nobody" user through a crafted "HTTP" request (OS Command Injection vulnerability in the HTTP interface). Depending upon configuration authentication may not be necessary. | ||||
| CVE-2019-10807 | 1 Blamer Project | 1 Blamer | 2024-11-21 | 9.8 Critical |
| Blamer versions prior to 1.0.1 allows execution of arbitrary commands. It is possible to inject arbitrary commands as part of the arguments provided to blamer. | ||||
| CVE-2019-10804 | 1 Serial-number Project | 1 Serial-number | 2024-11-21 | 9.8 Critical |
| serial-number through 1.3.0 allows execution of arbritary commands. The "cmdPrefix" argument in serialNumber function is used by the "exec" function without any validation. | ||||
| CVE-2019-10803 | 1 Push-dir Project | 1 Push-dir | 2024-11-21 | 9.8 Critical |
| push-dir through 0.4.1 allows execution of arbritary commands. Arguments provided as part of the variable "opt.branch" is not validated before being provided to the "git" command within "index.js#L139". This could be abused by an attacker to inject arbitrary commands. | ||||
| CVE-2019-10802 | 1 Mangoraft | 1 Giting | 2024-11-21 | 9.8 Critical |
| giting version prior to 0.0.8 allows execution of arbritary commands. The first argument "repo" of function "pull()" is executed by the package without any validation. | ||||
| CVE-2019-10801 | 1 Enpeem Project | 1 Enpeem | 2024-11-21 | 9.8 Critical |
| enpeem through 2.2.0 allows execution of arbitrary commands. The "options.dir" argument is provided to the "exec" function without any sanitization. | ||||
| CVE-2019-10799 | 1 Compile-sass Project | 1 Compile-sass | 2024-11-21 | 8.2 High |
| compile-sass prior to 1.0.5 allows execution of arbritary commands. The function "setupCleanupOnExit(cssPath)" within "dist/index.js" is executed as part of the "rm" command without any sanitization. | ||||
| CVE-2019-10796 | 1 Rpi Project | 1 Rpi | 2024-11-21 | 9.8 Critical |
| rpi through 0.0.3 allows execution of arbritary commands. The variable pinNumbver in function GPIO within src/lib/gpio.js is used as part of the arguement of exec function without any sanitization. | ||||