Total
4499 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-46510 | 1 Zioncom | 2 A7000r, A7000r Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue in ZIONCOM (Hong Kong) Technology Limited A7000R v.4.1cu.4154 allows an attacker to execute arbitrary code via the cig-bin/cstecgi.cgi to the settings/setPasswordCfg function. | |||||
| CVE-2023-46454 | 1 Gl-inet | 2 Gl-ar300m, Gl-ar300m Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality. | |||||
| CVE-2023-46359 | 1 Hardy-barth | 2 Cph2 Echarge, Cph2 Echarge Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| An OS command injection vulnerability in Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier, may allow an unauthenticated remote attacker to execute arbitrary commands on the system via a specifically crafted arguments passed to the connectivity check feature. | |||||
| CVE-2023-46306 | 1 Netmodule | 9 Nb1601, Nb1800, Nb1810 and 6 more | 2024-11-21 | N/A | 8.4 HIGH |
| The web administration interface in NetModule Router Software (NRSW) 4.6 before 4.6.0.106 and 4.8 before 4.8.0.101 executes an OS command constructed with unsanitized user input: shell metacharacters in the /admin/gnssAutoAlign.php device_id parameter. This occurs because another thread can be started before the trap that triggers the cleanup function. A successful exploit could allow an authenticated user to execute arbitrary commands with elevated privileges. NOTE: this is different from CVE-2023-0861 and CVE-2023-0862, which were fixed in version 4.6.0.105. | |||||
| CVE-2023-46157 | 1 Mgt-commerce | 1 Cloudpanel | 2024-11-21 | N/A | 8.8 HIGH |
| File-Manager in MGT CloudPanel 2.0.0 through 2.3.2 allows the lowest privilege user to achieve OS command injection by changing file ownership and changing file permissions to 4755. | |||||
| CVE-2023-46117 | 1 Six2dez | 1 Reconftw | 2024-11-21 | N/A | 8.8 HIGH |
| reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities. A vulnerability has been identified in reconftw where inadequate validation of retrieved subdomains may lead to a Remote Code Execution (RCE) attack. An attacker can exploit this vulnerability by crafting a malicious CSP entry on it's own domain. Successful exploitation can lead to the execution of arbitrary code within the context of the application, potentially compromising the system. This issue has been addressed in version 2.7.1.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-45741 | 1 Buffalo | 2 Vr-s1000, Vr-s1000 Firmware | 2024-11-21 | N/A | 6.8 MEDIUM |
| VR-S1000 firmware Ver. 2.37 and earlier allows an attacker with access to the product's web management page to execute arbitrary OS commands. | |||||
| CVE-2023-45467 | 1 Netis-systems | 2 N3m, N3m Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the ntpServIP parameter in the Time Settings. | |||||
| CVE-2023-45158 | 1 Web2py | 1 Web2py | 2024-11-21 | N/A | 9.8 CRITICAL |
| An OS command injection vulnerability exists in web2py 2.24.1 and earlier. When the product is configured to use notifySendHandler for logging (not the default configuration), a crafted web request may execute an arbitrary OS command on the web server using the product. | |||||
| CVE-2023-45025 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2024-11-21 | N/A | 9.0 CRITICAL |
| An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later | |||||
| CVE-2023-44304 | 1 Dell | 2 Dm5500, Dm5500 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| Dell DM5500 contains a privilege escalation vulnerability in the appliance. A remote attacker with low privileges could potentially exploit this vulnerability to escape the restricted shell and gain root access to the appliance. | |||||
| CVE-2023-44291 | 1 Dell | 2 Powerprotect Data Manager Dm5500, Powerprotect Data Manager Dm5500 Firmware | 2024-11-21 | N/A | 7.2 HIGH |
| Dell DM5500 5.14.0.0 contains an OS command injection vulnerability in the appliance. A remote attacker with high privileges could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker. | |||||
| CVE-2023-44279 | 1 Dell | 12 Apex Protection Storage, Dd3300, Dd6400 and 9 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in administrator CLI. A local high privileged attacker could potentially exploit this vulnerability, to bypass security restrictions. Exploitation may lead to a system take over by an attacker | |||||
| CVE-2023-44277 | 1 Dell | 12 Apex Protection Storage, Dd3300, Dd6400 and 9 more | 2024-11-21 | N/A | 7.8 HIGH |
| Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in the CLI. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker. | |||||
| CVE-2023-44080 | 1 Pgyer | 1 Codefever | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue in PGYER codefever v.2023.8.14-2ce4006 allows a remote attacker to execute arbitrary code via a crafted request to the branchList component. | |||||
| CVE-2023-43959 | 1 Yealink | 2 Sip-t19p-e2, Sip-t19p-e2 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| An issue in YeaLinkSIP-T19P-E2 v.53.84.0.15 allows a remote privileged attacker to execute arbitrary code via a crafted request the ping function of the diagnostic component. | |||||
| CVE-2023-43893 | 1 Netis-systems | 2 N3m, N3m Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the wakeup_mac parameter in the Wake-On-LAN (WoL) function. This vulnerability is exploited via a crafted payload. | |||||
| CVE-2023-43890 | 1 Netis-systems | 2 N3m, N3m Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the diagnostic tools page. This vulnerability is exploited via a crafted HTTP request. | |||||
| CVE-2023-43752 | 1 Elecom | 6 Wrc-x3000gs2-b, Wrc-x3000gs2-b Firmware, Wrc-x3000gs2-w and 3 more | 2024-11-21 | N/A | 8.0 HIGH |
| OS command injection vulnerability in WRC-X3000GS2-W v1.05 and earlier, WRC-X3000GS2-B v1.05 and earlier, and WRC-X3000GS2A-B v1.05 and earlier allows a network-adjacent authenticated user to execute an arbitrary OS command by sending a specially crafted request. | |||||
| CVE-2023-43744 | 1 Zultys | 12 Mx-e, Mx-e Firmware, Mx-se and 9 more | 2024-11-21 | N/A | 7.2 HIGH |
| An OS command injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an administrator to execute arbitrary OS commands via a file name parameter in a patch application function. The Zultys MX Administrator client has a "Patch Manager" section that allows administrators to apply patches to the device. The user supplied filename for the patch file is passed to a shell script without validation. Including bash command substitution characters in a patch file name results in execution of the provided command. | |||||