Vulnerabilities (CVE)

CWE filter

CWE-78

Filter

808 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-15715 1 Mantisbt 1 Mantisbt 2019-10-16 6.5
MantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code Execution.
CVE-2019-17508 1 Dlink 2 Dir-850l A Firmware, Dir-859 A3 Firmware 2019-10-16 10.0
On D-Link DIR-859 A3-1.06 and DIR-850 A1.13 devices, /etc/services/DEVICE.TIME.php allows command injection via the $SERVER variable.
CVE-2019-17510 1 Dlink 1 Dir-846 Firmware 2019-10-15 10.0
D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary OS commands as root by leveraging admin access and sending a /HNAP1/ request for SetWizardConfig with shell metacharacters to...
CVE-2019-17509 1 Dlink 1 Dir-846 Firmware 2019-10-15 10.0
D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary OS commands as root by leveraging admin access and sending a /HNAP1/ request for SetMasterWLanSettings with shell metacharacters to...
CVE-2019-11527 1 Softing 1 Uagate Si Firmware 2019-10-15 9.0
An issue was discovered in Softing uaGate SI 1.60.01. A CGI script is vulnerable to command injection with a maliciously crafted url parameter.
CVE-2019-13051 1 Pi-hole 1 Pi-hole 2019-10-11 6.8
Pi-Hole 4.3 allows Command Injection.
CVE-2019-16920 1 Dlink 4 Dhp-1565 Firmware, Dir-652 Firmware, Dir-655 Firmware and 1 more 2019-10-10 10.0
Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to...
CVE-2019-12811 2019-10-10 7.5
ActiveX Control in MyBuilder before 6.2.2019.814 allow an attacker to execute arbitrary command via the ShellOpen method. This can be leveraged for code execution
CVE-2019-12690 1 Cisco 1 Firepower Management Center 2019-10-10 9.0
A vulnerability in the web UI of the Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to inject arbitrary commands that are executed with the privileges of the root user of the underlying operating system. The...
CVE-2019-9193 1 Postgresql 1 Postgresql 2019-10-10 9.0
** DISPUTED ** In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_execute_server_program' group to execute arbitrary code in the context of the database's operating system user. This...
CVE-2019-5475 1 Sonatype 1 Nexus Repository Manager 2019-10-09 9.0
The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Execution when instances using CommandLineExecutor.java are supplied vulnerable data, such as the Yum Configuration Capability.
CVE-2019-5414 1 Kill-port Project 1 Kill-port 2019-10-09 9.3
If an attacker can control the port, which in itself is a very sensitive value, they can inject arbitrary OS commands due to the usage of the exec function in a third-party module kill-port < 1.3.2.
CVE-2019-3704 2019-10-09 7.2
VNX Control Station in Dell EMC VNX2 OE for File versions prior to 8.1.9.236 contains OS command injection vulnerability. Due to inadequate restriction configured in sudores, a local authenticated malicious user could potentially execute...
CVE-2019-1971 2019-10-09 10.0
A vulnerability in the web portal of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to perform a command injection attack and execute arbitrary commands with root privileges. The vulnerability...
CVE-2019-1896 1 Cisco 1 Unified Computing System 2019-10-09 9.0
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary commands and obtain root privileges. The vulnerability is due to insufficient...
CVE-2019-1885 1 Cisco 1 Unified Computing System 2019-10-09 9.0
A vulnerability in the Redfish protocol of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject and execute arbitrary commands with root privileges on an affected device. The vulnerability is due to...
CVE-2019-1883 1 Cisco 1 Unified Computing System 2019-10-09 7.2
A vulnerability in the command-line interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker with read-only credentials to inject arbitrary commands that could allow them to obtain root privileges....
CVE-2019-1879 1 Cisco 2 Integrated Management Controller, Unified Computing System 2019-10-09 7.2
A vulnerability in the CLI of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient validation of...
CVE-2019-1878 2019-10-09 8.3
A vulnerability in the Cisco Discovery Protocol (CDP) implementation for the Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software could allow an unauthenticated, adjacent attacker to inject arbitrary shell commands that are...
CVE-2019-1865 1 Cisco 1 Unified Computing System 2019-10-09 9.0
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on an affected...