Total
4781 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-47675 | 1 Cubecart | 1 Cubecart | 2024-11-21 | 7.2 High |
| CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command. | ||||
| CVE-2023-47617 | 1 Tp-link | 2 Er7206, Er7206 Firmware | 2024-11-21 | 7.2 High |
| A post authentication command injection vulnerability exists when configuring the web group member of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2023-47567 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2024-11-21 | 4.7 Medium |
| An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later | ||||
| CVE-2023-47254 | 1 Draytek | 2 Vigor167, Vigor167 Firmware | 2024-11-21 | 9.8 Critical |
| An OS Command Injection in the CLI interface on DrayTek Vigor167 version 5.2.2, allows remote attackers to execute arbitrary system commands and escalate privileges via any account created within the web interface. | ||||
| CVE-2023-47220 | 1 Qnap | 1 Media Streaming Add-on | 2024-11-21 | 6.6 Medium |
| An OS command injection vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following version: Media Streaming add-on 500.1.1.5 ( 2024/01/22 ) and later | ||||
| CVE-2023-47167 | 1 Tp-link | 2 Er7206, Er7206 Firmware | 2024-11-21 | 7.2 High |
| A post authentication command injection vulnerability exists in the GRE policy functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2023-47104 | 2 Linux, Vareille | 2 Linux Kernel, Tiny File Dialogs | 2024-11-21 | 9.8 Critical |
| tinyfiledialogs (aka tiny file dialogs) before 3.15.0 allows shell metacharacters (such as a backquote or a dollar sign) in titles, messages, and other input data. NOTE: this issue exists because of an incomplete fix for CVE-2020-36767, which only considered single and double quote characters. | ||||
| CVE-2023-46683 | 1 Tp-link | 2 Er7206, Er7206 Firmware | 2024-11-21 | 7.2 High |
| A post authentication command injection vulnerability exists when configuring the wireguard VPN functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection . An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2023-46510 | 1 Zioncom | 2 A7000r, A7000r Firmware | 2024-11-21 | 9.8 Critical |
| An issue in ZIONCOM (Hong Kong) Technology Limited A7000R v.4.1cu.4154 allows an attacker to execute arbitrary code via the cig-bin/cstecgi.cgi to the settings/setPasswordCfg function. | ||||
| CVE-2023-46454 | 1 Gl-inet | 2 Gl-ar300m, Gl-ar300m Firmware | 2024-11-21 | 9.8 Critical |
| In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality. | ||||
| CVE-2023-46359 | 1 Hardy-barth | 2 Cph2 Echarge, Cph2 Echarge Firmware | 2024-11-21 | 9.8 Critical |
| An OS command injection vulnerability in Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier, may allow an unauthenticated remote attacker to execute arbitrary commands on the system via a specifically crafted arguments passed to the connectivity check feature. | ||||
| CVE-2023-46306 | 1 Netmodule | 9 Nb1601, Nb1800, Nb1810 and 6 more | 2024-11-21 | 8.4 High |
| The web administration interface in NetModule Router Software (NRSW) 4.6 before 4.6.0.106 and 4.8 before 4.8.0.101 executes an OS command constructed with unsanitized user input: shell metacharacters in the /admin/gnssAutoAlign.php device_id parameter. This occurs because another thread can be started before the trap that triggers the cleanup function. A successful exploit could allow an authenticated user to execute arbitrary commands with elevated privileges. NOTE: this is different from CVE-2023-0861 and CVE-2023-0862, which were fixed in version 4.6.0.105. | ||||
| CVE-2023-46117 | 1 Six2dez | 1 Reconftw | 2024-11-21 | 8.8 High |
| reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities. A vulnerability has been identified in reconftw where inadequate validation of retrieved subdomains may lead to a Remote Code Execution (RCE) attack. An attacker can exploit this vulnerability by crafting a malicious CSP entry on it's own domain. Successful exploitation can lead to the execution of arbitrary code within the context of the application, potentially compromising the system. This issue has been addressed in version 2.7.1.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-45741 | 1 Buffalo | 2 Vr-s1000, Vr-s1000 Firmware | 2024-11-21 | 6.8 Medium |
| VR-S1000 firmware Ver. 2.37 and earlier allows an attacker with access to the product's web management page to execute arbitrary OS commands. | ||||
| CVE-2023-45467 | 1 Netis-systems | 2 N3m, N3m Firmware | 2024-11-21 | 9.8 Critical |
| Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the ntpServIP parameter in the Time Settings. | ||||
| CVE-2023-45158 | 1 Web2py | 1 Web2py | 2024-11-21 | 9.8 Critical |
| An OS command injection vulnerability exists in web2py 2.24.1 and earlier. When the product is configured to use notifySendHandler for logging (not the default configuration), a crafted web request may execute an arbitrary OS command on the web server using the product. | ||||
| CVE-2023-44291 | 1 Dell | 2 Powerprotect Data Manager Dm5500, Powerprotect Data Manager Dm5500 Firmware | 2024-11-21 | 7.2 High |
| Dell DM5500 5.14.0.0 contains an OS command injection vulnerability in the appliance. A remote attacker with high privileges could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker. | ||||
| CVE-2023-44279 | 1 Dell | 12 Apex Protection Storage, Dd3300, Dd6400 and 9 more | 2024-11-21 | 6.7 Medium |
| Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in administrator CLI. A local high privileged attacker could potentially exploit this vulnerability, to bypass security restrictions. Exploitation may lead to a system take over by an attacker | ||||
| CVE-2023-44277 | 1 Dell | 12 Apex Protection Storage, Dd3300, Dd6400 and 9 more | 2024-11-21 | 7.8 High |
| Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in the CLI. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker. | ||||
| CVE-2023-44080 | 1 Pgyer | 1 Codefever | 2024-11-21 | 9.8 Critical |
| An issue in PGYER codefever v.2023.8.14-2ce4006 allows a remote attacker to execute arbitrary code via a crafted request to the branchList component. | ||||