Total
4259 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-11588 | 1 Cisco | 2 Residential Gateway, Residential Gateway Firmware | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is remote command execution via shell metacharacters in the pingAddr parameter to the waitPingqry.cgi URI. The command output is visible at /PingMsg.cmd. | |||||
| CVE-2017-4053 | 1 Mcafee | 1 Advanced Threat Defense | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Command Injection vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to execute a command of their choice via a crafted HTTP request parameter. | |||||
| CVE-2017-17055 | 1 Articatech | 1 Artica Proxy | 2025-04-20 | 8.5 HIGH | 9.0 CRITICAL |
| Artica Web Proxy before 3.06.112911 allows remote attackers to execute arbitrary code as root by conducting a cross-site scripting (XSS) attack involving the username-form-id parameter to freeradius.users.php. | |||||
| CVE-2017-11395 | 1 Trendmicro | 1 Smart Protection Server | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| Command injection vulnerability in Trend Micro Smart Protection Server (Standalone) 3.1 and 3.2 server administration UI allows attackers with authenticated access to execute arbitrary code on vulnerable installations. | |||||
| CVE-2016-10320 | 1 Textract Project | 1 Textract | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| textract before 1.5.0 allows OS Command Injection attacks via a filename in a call to the process function. This may be a remote attack if a web application accepts names of arbitrary uploaded files. | |||||
| CVE-2017-2128 | 1 Information-technology Promotion Agency | 1 Introduction To Safe Website Operation | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Security guide for website operators allows remote attackers to execute arbitrary OS commands via specially crafted saved data. | |||||
| CVE-2017-2152 | 1 Buffalo Inc | 2 Wnc01wh, Wnc01wh Firmware | 2025-04-20 | 5.2 MEDIUM | 6.8 MEDIUM |
| WNC01WH firmware 1.0.0.9 and earlier allows authenticated attackers to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2017-11366 | 1 Codiad | 1 Codiad | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| components/filemanager/class.filemanager.php in Codiad before 2.8.4 is vulnerable to remote command execution because shell commands can be embedded in parameter values, as demonstrated by search_file_type. | |||||
| CVE-2017-6334 | 1 Netgear | 5 Dgn2200 Series Firmware, Dgn2200v1, Dgn2200v2 and 2 more | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
| dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the host_name field of an HTTP POST request, a different vulnerability than CVE-2017-6077. | |||||
| CVE-2017-3506 | 1 Oracle | 1 Weblogic Server | 2025-04-20 | 5.8 MEDIUM | 7.4 HIGH |
| Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data as well as unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N). | |||||
| CVE-2016-7806 | 1 Iodata | 2 Wfs-sr01, Wfs-sr01 Firmware | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2017-14405 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
| The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote command execution via shell metacharacters in a hosts_cacti array parameter to module/admin_device/index.php. | |||||
| CVE-2017-1000235 | 1 I-librarian | 1 I Librarian | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| I, Librarian version <=4.6 & 4.7 is vulnerable to OS Command Injection in batchimport.php resulting the web server being fully compromised. | |||||
| CVE-2017-2841 | 1 Foscam | 2 C1 Indoor Hd Camera, C1 Indoor Hd Camera Firmware | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability. | |||||
| CVE-2017-13713 | 1 Twsz | 2 Wifi Repeater, Wifi Repeater Firmware | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| T&W WIFI Repeater BE126 allows remote authenticated users to execute arbitrary code via shell metacharacters in the user parameter to cgi-bin/webupg. | |||||
| CVE-2017-6360 | 1 Qnap | 1 Qts | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and obtain sensitive information via unspecified vectors. | |||||
| CVE-2017-14135 | 1 Dreambox | 1 Opendreambox | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py in the webadmin plugin for opendreambox 2.0.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the command parameter to the /script URI. | |||||
| CVE-2017-10904 | 1 Qt | 1 Qt | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2017-6320 | 1 Barracuda | 1 Load Balancer Adc | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
| A remote command injection vulnerability exists in the Barracuda Load Balancer product line (confirmed on v5.4.0.004 (2015-11-26) and v6.0.1.006 (2016-08-19); fixed in 6.1.0.003 (2017-01-17)) in which an authenticated user can execute arbitrary shell commands and gain root privileges. The vulnerability stems from unsanitized data being processed in a system call when the delete_assessment command is issued. | |||||
| CVE-2016-5313 | 1 Symantec | 1 Web Gateway | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
| Symantec Web Gateway (SWG) before 5.2.5 allows remote authenticated users to execute arbitrary OS commands. | |||||