Total
4383 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-10697 | 1 Moxa | 2 Awk-3121, Awk-3121 Firmware | 2024-11-21 | 8.8 High |
| An issue was discovered on Moxa AWK-3121 1.14 devices. The Moxa AWK 3121 provides ping functionality so that an administrator can execute ICMP calls to check if the network is working correctly. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "srvName" is susceptible to this injection. By crafting a packet that contains shell metacharacters, it is possible for an attacker to execute the attack. | ||||
| CVE-2018-10660 | 1 Axis | 780 A1001, A1001 Firmware, A8004-v and 777 more | 2024-11-21 | N/A |
| An issue was discovered in multiple models of Axis IP Cameras. There is Shell Command Injection. | ||||
| CVE-2018-10587 | 1 Netgain-systems | 1 Enterprise Manager | 2024-11-21 | N/A |
| NetGain Enterprise Manager (EM) is affected by OS Command Injection vulnerabilities in versions before 10.0.57. These vulnerabilities could allow remote authenticated attackers to inject arbitrary code, resulting in remote code execution. | ||||
| CVE-2018-10431 | 2 D-link, Dlink | 2 Dir-615 Firmware, Dir-615 | 2024-11-21 | N/A |
| D-Link DIR-615 2.5.17 devices allow Remote Code Execution via shell metacharacters in the Host field of the System / Traceroute screen. | ||||
| CVE-2018-10354 | 1 Trendmicro | 1 Email Encryption Gateway | 2024-11-21 | N/A |
| A command injection remote command execution vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw in the LauncherServer. Authentication is required to exploit this vulnerability. | ||||
| CVE-2018-1002101 | 1 Kubernetes | 1 Kubernetes | 2024-11-21 | N/A |
| In Kubernetes versions 1.9.0-1.9.9, 1.10.0-1.10.5, and 1.11.0-1.11.1, user input was handled insecurely while setting up volume mounts on Windows nodes, which could lead to command line argument injection. | ||||
| CVE-2018-1000885 | 1 Phkp Project | 1 Phkp | 2024-11-21 | N/A |
| PHKP version including commit 88fd9cfdf14ea4b6ac3e3967feea7bcaabb6f03b contains a Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in function pgp_exec() phkp.php:98 that can result in It is possible to manipulate gpg-keys or execute commands remotely. This attack appear to be exploitable via HKP-Api: /pks/lookup?search. | ||||
| CVE-2018-1000666 | 2 Gig, Openvcloud Project | 2 Jumpscale, Openvcloud | 2024-11-21 | N/A |
| GIG Technology NV JumpScale Portal 7 version before commit 15443122ed2b1cbfd7bdefc048bf106f075becdb contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in method: notifySpaceModification; that can result in Improper validation of parameters results in command execution. This attack appear to be exploitable via Network connectivity, required minimal auth privileges (everyone can register an account). This vulnerability appears to have been fixed in After commit 15443122ed2b1cbfd7bdefc048bf106f075becdb. | ||||
| CVE-2018-1000118 | 1 Electronjs | 1 Electron | 2024-11-21 | N/A |
| Github Electron version Electron 1.8.2-beta.4 and earlier contains a Command Injection vulnerability in Protocol Handler that can result in command execute. This attack appear to be exploitable via the victim opening an electron protocol handler in their browser. This vulnerability appears to have been fixed in Electron 1.8.2-beta.5. This issue is due to an incomplete fix for CVE-2018-1000006, specifically the black list used was not case insensitive allowing an attacker to potentially bypass it. | ||||
| CVE-2018-1000043 | 1 Securityonion | 1 Squert | 2024-11-21 | N/A |
| Security Onion Solutions Squert version 1.0.1 through 1.6.7 contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) vulnerability in .inc/callback.php that can result in execution of OS Commands. This attack appear to be exploitable via Web request to .inc/callback.php with the payload in the txdata parameter, used in tx()/transcript(), or the catdata parameter, used in cat(). This vulnerability appears to have been fixed in 1.7.0. | ||||
| CVE-2018-1000042 | 1 Securityonion | 1 Squert | 2024-11-21 | N/A |
| Security Onion Solutions Squert version 1.3.0 through 1.6.7 contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) vulnerability in .inc/callback.php that can result in execution of OS Commands. This attack appear to be exploitable via Web request to .inc/callback.php with the payload in the data or obj parameters, used in autocat(). This vulnerability appears to have been fixed in 1.7.0. | ||||
| CVE-2018-1000021 | 1 Git-scm | 1 Git | 2024-11-21 | 5.0 Medium |
| GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack). | ||||
| CVE-2018-1000019 | 1 Open-emr | 1 Openemr | 2024-11-21 | N/A |
| OpenEMR version 5.0.0 contains a OS Command Injection vulnerability in fax_dispatch.php that can result in OS command injection by an authenticated attacker with any role. This vulnerability appears to have been fixed in 5.0.0 Patch 2 or higher. | ||||
| CVE-2018-1000006 | 2 Atom, Microsoft | 4 Electron, Windows 10, Windows 7 and 1 more | 2024-11-21 | N/A |
| GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and earlier, 1.6.15 and earlier has a vulnerability in the protocol handler, specifically Electron apps running on Windows 10, 7 or 2008 that register custom protocol handlers can be tricked in arbitrary command execution if the user clicks on a specially crafted URL. This has been fixed in versions 1.8.2-beta.4, 1.7.11, and 1.6.16. | ||||
| CVE-2018-0710 | 1 Qnap | 1 Q\'center | 2024-11-21 | N/A |
| Command injection vulnerability in SSH of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands. | ||||
| CVE-2018-0709 | 1 Qnap | 1 Q\'center | 2024-11-21 | N/A |
| Command injection vulnerability in date of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands. | ||||
| CVE-2018-0708 | 1 Qnap | 1 Q\'center | 2024-11-21 | N/A |
| Command injection vulnerability in networking of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands. | ||||
| CVE-2018-0707 | 1 Qnap | 1 Q\'center | 2024-11-21 | N/A |
| Command injection vulnerability in change password of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands. | ||||
| CVE-2018-0694 | 1 Soliton | 1 Filezen | 2024-11-21 | N/A |
| FileZen V3.0.0 to V4.2.1 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | ||||
| CVE-2018-0677 | 1 Panasonic | 2 Bn-sdwbp3, Bn-sdwbp3 Firmware | 2024-11-21 | N/A |
| BN-SDWBP3 firmware version 1.0.9 and earlier allows attacker with administrator rights on the same network segment to execute arbitrary OS commands via unspecified vectors. | ||||