Total
5584 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-6682 | 1 Cisco | 1 Elastic Services Controller | 2025-04-20 | N/A |
| A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to run arbitrary commands as the Linux tomcat user on an affected system. More Information: CSCvc76620. Known Affected Releases: 2.2(9.76). | ||||
| CVE-2017-6796 | 1 Cisco | 1 Ios Xe | 2025-04-20 | N/A |
| A vulnerability in the USB-modem code of Cisco IOS XE Software running on Cisco ASR 920 Series Aggregation Services Routers could allow an authenticated, local attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the platform usb modem command in the CLI of the affected software. An attacker could exploit this vulnerability by modifying the platform usb modem command in the CLI of an affected device. A successful exploit could allow the attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. Cisco Bug IDs: CSCve48949. | ||||
| CVE-2017-12305 | 1 Cisco | 1 Ip Phone 8800 Series Firmware | 2025-04-20 | N/A |
| A vulnerability in the debug interface of Cisco IP Phone 8800 series could allow an authenticated, local attacker to execute arbitrary commands, aka Debug Shell Command Injection. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting additional command input to the affected parameter in the debug shell. Cisco Bug IDs: CSCvf80034. | ||||
| CVE-2017-9483 | 1 Cisco | 2 Dpc3939, Dpc3939 Firmware | 2025-04-20 | N/A |
| The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows Network Processor (NP) Linux users to obtain root access to the Application Processor (AP) Linux system via shell metacharacters in commands. | ||||
| CVE-2017-11566 | 1 Appsec-labs | 1 Appuse | 2025-04-20 | 7.8 High |
| AppUse 4.0 allows shell command injection via a proxy field. | ||||
| CVE-2017-16667 | 1 Backintime Project | 1 Backintime | 2025-04-20 | N/A |
| backintime (aka Back in Time) before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft an unreadable file with a specific name to run arbitrary shell commands. | ||||
| CVE-2017-11381 | 1 Trendmicro | 1 Deep Discovery Director | 2025-04-20 | N/A |
| A command injection vulnerability exists in Trend Micro Deep Discovery Director 1.1 that allows an attacker to restore accounts that can access the pre-configuration console. | ||||
| CVE-2017-11322 | 1 Ucopia | 1 Ucopia Wireless Appliance | 2025-04-20 | N/A |
| The chroothole_client executable in UCOPIA Wireless Appliance before 5.1.8 allows remote attackers to gain root privileges via a dollar sign ($) metacharacter in the argument to chroothole_client. | ||||
| CVE-2017-11318 | 1 Cobiansoft | 1 Cobian Backup | 2025-04-20 | N/A |
| Cobian Backup 11 client allows man-in-the-middle attackers to add and execute new backup tasks when the master server is spoofed. In addition, the attacker can execute system commands remotely by abusing pre-backup events. | ||||
| CVE-2015-5958 | 1 Phpfilemanager Project | 1 Phpfilemanager | 2025-04-20 | 8.8 High |
| phpFileManager 0.9.8 allows remote attackers to execute arbitrary commands via a crafted URL. | ||||
| CVE-2017-11150 | 1 Synology | 1 Office | 2025-04-20 | N/A |
| Command injection vulnerability in Document.php in Synology Office 2.2.0-1502 and 2.2.1-1506 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the crafted file name of RTF documents. | ||||
| CVE-2017-10904 | 1 Qt | 1 Qt | 2025-04-20 | N/A |
| Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | ||||
| CVE-2017-10832 | 1 Nippon-antenna | 2 Scr02hd, Scr02hd Firmware | 2025-04-20 | N/A |
| "Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. | ||||
| CVE-2017-2824 | 1 Zabbix | 1 Zabbix | 2025-04-20 | N/A |
| An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 2.4.X. A specially crafted set of packets can cause a command injection resulting in remote code execution. An attacker can make requests from an active Zabbix Proxy to trigger this vulnerability. | ||||
| CVE-2017-10811 | 1 Buffalo | 2 Wcr-1166ds, Wcr-1166ds Firmware | 2025-04-20 | N/A |
| Buffalo WCR-1166DS devices with firmware 1.30 and earlier allow an attacker to execute arbitrary OS commands via unspecified vectors. | ||||
| CVE-2017-9328 | 1 Terra-master | 1 Terramaster Operating System | 2025-04-20 | N/A |
| Shell metacharacter injection vulnerability in /usr/www/include/ajax/GetTest.php in TerraMaster TOS before 3.0.34 leads to remote code execution as root. | ||||
| CVE-2017-2275 | 1 Sony | 2 Wg-c10, Wg-c10 Firmware | 2025-04-20 | N/A |
| WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. | ||||
| CVE-2017-1000219 | 1 Windows-cpu Project | 1 Windows-cpu | 2025-04-20 | N/A |
| npm/KyleRoss windows-cpu all versions vulnerable to command injection resulting in code execution as Node.js user | ||||
| CVE-2017-8116 | 1 Teltonika | 8 Rut900, Rut900 Firmware, Rut905 and 5 more | 2025-04-20 | N/A |
| The management interface for the Teltonika RUT9XX routers (aka LuCI) with firmware 00.03.265 and earlier allows remote attackers to execute arbitrary commands with root privileges via shell metacharacters in the username parameter in a login request. | ||||
| CVE-2017-1000214 | 1 Gitphp Project | 1 Gitphp | 2025-04-20 | N/A |
| GitPHP by xiphux is vulnerable to OS Command Injections | ||||