| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The get_main_source_dir function in scripts/uscan.pl in devscripts before 2.13.8, when using USCAN_EXCLUSION, allows remote attackers to execute arbitrary commands via shell metacharacters in a directory name. |
| ack 2.00 through 2.11_02 allows remote attackers to execute arbitrary code via a (1) --pager, (2) --regex, or (3) --output option in a .ackrc file in a directory to be searched. |
| The message function in lib/webbynode/notify.rb in the Webbynode gem 1.0.5.3 and earlier for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a growlnotify message. |
| The System Status Collection Daemon (SSCD) in Cisco TelePresence System 500-37, 1000, 1300-65, and 3xxx before 1.10.2(42), and 500-32, 1300-47, TX1310 65, and TX9xxx before 6.0.4(11), allows remote attackers to execute arbitrary commands or cause a denial of service (stack memory corruption) via a crafted XML-RPC message, aka Bug ID CSCui32796. |
| The WSDL/WADL import functionality in SoapUI before 4.6.4 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file. |
| The Microsoft Bing application before 4.2.1 for Android allows remote attackers to install arbitrary APK files via vectors involving a crafted DNS response. |
| Possible Command injection Vulnerability
in iManager has been discovered in
OpenTextâ„¢ iManager 3.2.4.0000. |
| There is an HTML injection vulnerability in Esri Portal for ArcGIS 11.0 and below that may allow a remote, unauthenticated attacker to craft a URL which, when clicked, could potentially generate a message that may entice an unsuspecting victim to visit an arbitrary website. This could simplify phishing attacks. |
| Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos prior to 0.9.1. |
| In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doGRETunnel function. |
| There is a code injection vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below that may allow a remote, unauthenticated attacker to pass strings which could potentially cause arbitrary code execution. |
| Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through License (/admin/CDPUsers). Exploitation of this vulnerability could allow a remote user to execute arbitrary code. |
| Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through Device NAS shared section (/admin/DeviceNAS). Exploitation of this vulnerability could allow a remote user to execute arbitrary code. |
| Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through Device Synchronizations (/admin/DeviceReplication). Exploitation of this vulnerability could allow a remote user to execute arbitrary code. |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Canto Inc. Canto allows Code Injection.This issue affects Canto: from n/a through 3.0.7.
|
| Versions of the package window-control before 1.4.5 are vulnerable to Command Injection via the sendKeys function, due to improper input sanitization.
|
| Gogs through 0.13.0 allows argument injection during the previewing of changes. |
| There is a RCE vulnerability in Tenda AC6 15.03.05.16_multi. In the formexeCommand function, the parameter cmdinput will cause remote command execution. |
| A vulnerability was found in MRCMS 3.1.2. It has been declared as problematic. Affected by this vulnerability is the function upload of the file /admin/file/upload.do of the component org.marker.mushroom.controller.FileController. The manipulation of the argument path leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. |
| A vulnerability was found in MRCMS 3.1.2 and classified as problematic. This issue affects the function list of the file /admin/file/list.do of the component org.marker.mushroom.controller.FileController. The manipulation of the argument path leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. |
