Total
4244 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-11364 | 1 Prophecyinternational | 1 Snare Central | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| An OS Command Injection vulnerability in Snare Central before 7.4.5 allows remote authenticated attackers to inject arbitrary OS commands via the ServerConf/DataManagement/DiskManager.php FORMNAS_share parameter. | |||||
| CVE-2019-11355 | 1 Polycom | 1 Hdx System Software | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| An issue was discovered in Poly (formerly Polycom) HDX 3.1.13. A feature exists that allows the creation of a server / client certificate, or the upload of the user certificate, on the administrator's page. The value received from the user is the factor value of a shell script on the equipment. By entering a special character (such as a single quote) in a CN or other CSR field, one can insert a command into a factor value. A system command can be executed as root. | |||||
| CVE-2019-11353 | 1 Engeniustech | 2 Ews660ap, Ews660ap Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The EnGenius EWS660AP router with firmware 2.0.284 allows an attacker to execute arbitrary commands using the built-in ping and traceroute utilities by using different payloads and injecting multiple parameters. This vulnerability is fixed in a later firmware version. | |||||
| CVE-2019-11322 | 1 Motorola | 4 Cx2, Cx2 Firmware, M2 and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a command injection in the function startRmtAssist in hnap, which leads to remote code execution via shell metacharacters in a JSON value. | |||||
| CVE-2019-11319 | 1 Motorola | 4 Cx2, Cx2 Firmware, M2 and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a command injection in the function downloadFirmware in hnap, which leads to remote code execution via shell metacharacters in a JSON value. | |||||
| CVE-2019-11224 | 1 Harman | 2 Amx Mvp5150, Amx Mvp5150 Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| HARMAN AMX MVP5150 v2.87.13 devices allow remote OS Command Injection. | |||||
| CVE-2019-11062 | 1 Sun.net | 1 Wmpro | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The SUNNET WMPro v5.0 and v5.1 for eLearning system has OS Command Injection via "/teach/course/doajaxfileupload.php". The target server can be exploited without authentication. | |||||
| CVE-2019-10958 | 1 Geutebrueck | 22 G-cam Ebc-2110, G-cam Ebc-2110 Firmware, G-cam Ebc-2111 and 19 more | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to network configuration to supply system commands to the server, leading to remote code execution as root. | |||||
| CVE-2019-10956 | 1 Geutebrueck | 22 G-cam Ebc-2110, G-cam Ebc-2110 Firmware, G-cam Ebc-2111 and 19 more | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated user, using a specially crafted URL command, to execute commands as root. | |||||
| CVE-2019-10883 | 1 Citrix | 2 Citrix Sd-wan Center, Netscaler Sd-wan Center | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow Command Injection. | |||||
| CVE-2019-10880 | 1 Xerox | 10 Colorqube 8700, Colorqube 8700 Firmware, Colorqube 8900 and 7 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Within multiple XEROX products a vulnerability allows remote command execution on the Linux system, as the "nobody" user through a crafted "HTTP" request (OS Command Injection vulnerability in the HTTP interface). Depending upon configuration authentication may not be necessary. | |||||
| CVE-2019-10807 | 1 Blamer Project | 1 Blamer | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Blamer versions prior to 1.0.1 allows execution of arbitrary commands. It is possible to inject arbitrary commands as part of the arguments provided to blamer. | |||||
| CVE-2019-10804 | 1 Serial-number Project | 1 Serial-number | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| serial-number through 1.3.0 allows execution of arbritary commands. The "cmdPrefix" argument in serialNumber function is used by the "exec" function without any validation. | |||||
| CVE-2019-10803 | 1 Push-dir Project | 1 Push-dir | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| push-dir through 0.4.1 allows execution of arbritary commands. Arguments provided as part of the variable "opt.branch" is not validated before being provided to the "git" command within "index.js#L139". This could be abused by an attacker to inject arbitrary commands. | |||||
| CVE-2019-10802 | 1 Mangoraft | 1 Giting | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| giting version prior to 0.0.8 allows execution of arbritary commands. The first argument "repo" of function "pull()" is executed by the package without any validation. | |||||
| CVE-2019-10801 | 1 Enpeem Project | 1 Enpeem | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| enpeem through 2.2.0 allows execution of arbitrary commands. The "options.dir" argument is provided to the "exec" function without any sanitization. | |||||
| CVE-2019-10799 | 1 Compile-sass Project | 1 Compile-sass | 2024-11-21 | 8.5 HIGH | 8.2 HIGH |
| compile-sass prior to 1.0.5 allows execution of arbritary commands. The function "setupCleanupOnExit(cssPath)" within "dist/index.js" is executed as part of the "rm" command without any sanitization. | |||||
| CVE-2019-10796 | 1 Rpi Project | 1 Rpi | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
| rpi through 0.0.3 allows execution of arbritary commands. The variable pinNumbver in function GPIO within src/lib/gpio.js is used as part of the arguement of exec function without any sanitization. | |||||
| CVE-2019-10791 | 1 Promise-probe Project | 1 Promise-probe | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| promise-probe before 0.10.0 allows remote attackers to perform a command injection attack. The file, outputFile and options functions can be controlled by users without any sanitization. | |||||
| CVE-2019-10789 | 1 Curling Project | 1 Curling | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| All versions of curling.js are vulnerable to Command Injection via the run function. The command argument can be controlled by users without any sanitization. | |||||