Total
3506 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-20036 | 2024-11-18 | N/A | 9.9 CRITICAL | ||
| A vulnerability in the web UI of Cisco IND could allow an authenticated, remote attacker to execute arbitrary commands with administrative privileges on the underlying operating system of an affected device. This vulnerability is due to improper input validation when uploading a Device Pack. An attacker could exploit this vulnerability by altering the request that is sent when uploading a Device Pack. A successful exploit could allow the attacker to execute arbitrary commands as NT AUTHORITY\SYSTEM on the underlying operating system of an affected device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | |||||
| CVE-2024-11007 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2024-11-18 | N/A | 7.2 HIGH |
| Command injection in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2024-50809 | 2024-11-18 | N/A | 8.8 HIGH | ||
| The theme.php file in SDCMS 2.8 has a command execution vulnerability that allows for the execution of system commands | |||||
| CVE-2024-11066 | 1 Dlink | 2 Dsl6740c, Dsl6740c Firmware | 2024-11-15 | N/A | 7.2 HIGH |
| The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through the specific web page. | |||||
| CVE-2024-11065 | 1 Dlink | 2 Dsl6740c, Dsl6740c Firmware | 2024-11-15 | N/A | 7.2 HIGH |
| The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet. | |||||
| CVE-2024-11064 | 1 Dlink | 2 Dsl6740c, Dsl6740c Firmware | 2024-11-15 | N/A | 7.2 HIGH |
| The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet. | |||||
| CVE-2024-11063 | 1 Dlink | 2 Dsl6740c, Dsl6740c Firmware | 2024-11-15 | N/A | 7.2 HIGH |
| The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet. | |||||
| CVE-2024-11062 | 1 Dlink | 2 Dsl6740c, Dsl6740c Firmware | 2024-11-15 | N/A | 7.2 HIGH |
| The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet. | |||||
| CVE-2024-11120 | 2024-11-15 | N/A | 9.8 CRITICAL | ||
| Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received related reports. | |||||
| CVE-2024-9463 | 1 Paloaltonetworks | 1 Expedition | 2024-11-15 | N/A | 7.5 HIGH |
| An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls. | |||||
| CVE-2005-10003 | 1 Mikexstudios | 1 Xcomic | 2024-11-14 | 5.1 MEDIUM | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in mikexstudios Xcomic up to 0.8.2. This affects an unknown part. The manipulation of the argument cmd leads to os command injection. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 0.8.3 is able to address this issue. The patch is named 6ed8e3cc336e29f09c7e791863d0559939da98bf. It is recommended to upgrade the affected component. | |||||
| CVE-2024-8881 | 1 Zyxel | 20 Gs1900-10hp, Gs1900-10hp Firmware, Gs1900-16 and 17 more | 2024-11-14 | N/A | 6.8 MEDIUM |
| A post-authentication command injection vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to execute some operating system (OS) commands on an affected device by sending a crafted HTTP request. | |||||
| CVE-2024-46890 | 1 Siemens | 1 Sinec Ins | 2024-11-13 | N/A | 9.1 CRITICAL |
| A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly validate input sent to specific endpoints of its web API. This could allow an authenticated remote attacker with high privileges on the application to execute arbitrary code on the underlying OS. | |||||
| CVE-2024-11046 | 1 Dlink | 2 Di-8003, Di-8003 Firmware | 2024-11-13 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in D-Link DI-8003 16.07.16A1. It has been classified as critical. Affected is the function upgrade_filter_asp of the file /upgrade_filter.asp. The manipulation of the argument path leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-45765 | 1 Dell | 1 Enterprise Sonic Distribution | 2024-11-13 | N/A | 7.2 HIGH |
| Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. This is a critical severity vulnerability as it allows high privilege OS commands to be executed with a less privileged role; so Dell recommends customers to upgrade at the earliest opportunity. | |||||
| CVE-2024-11005 | 2024-11-13 | N/A | 9.1 CRITICAL | ||
| Command injection in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2024-11006 | 2024-11-13 | N/A | 9.1 CRITICAL | ||
| Command injection in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2024-52010 | 2024-11-13 | N/A | N/A | ||
| Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. A command injection vulnerability in the Web SSH feature allows an authenticated attacker to execute arbitrary commands as root on the host. Zoraxy has a Web SSH terminal feature that allows authenticated users to connect to SSH servers from their browsers. In HandleCreateProxySession the request to create an SSH session is handled. An attacker can exploit the username variable to escape from the bash command and inject arbitrary commands into sshCommand. This is possible, because, unlike hostname and port, the username is not validated or sanitized. | |||||
| CVE-2024-32118 | 2024-11-13 | N/A | 6.7 MEDIUM | ||
| Multiple improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities [CWE-78] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, Fortinet FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and Fortinet FortiAnalyzer-BigData before 7.4.0 allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests. | |||||
| CVE-2024-45763 | 1 Dell | 1 Enterprise Sonic Distribution | 2024-11-13 | N/A | 7.2 HIGH |
| Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. This is a critical severity vulnerability so Dell recommends customers to upgrade at the earliest opportunity. | |||||