• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-78

CVE-2018-20727

February 26, 2023 by

Multiple command injection vulnerabilities in NeDi before 1.7Cp3 allow authenticated users to execute code on the server side via the flt parameter to Nodes-Traffic.php, the dv parameter to Devices-Graph.php, or the tit parameter to drawmap.php.

CVE-2018-20434

February 26, 2023 by

LibreNMS 1.46 allows remote attackers to execute arbitrary OS commands by using the $_POST[‘community’] parameter to html/pages/addhost.inc.php during creation of a new device, and then making a /ajax_output.php?id=capture&format=text&type=snmpwalk&hostname=localhost request that triggers html/includes/output/capture.inc.php command mishandling.

CVE-2018-20323

February 26, 2023 by

www/soap/application/MCSoap/Logs.php in MailCleaner Community Edition 2018.08 allows remote attackers to execute arbitrary OS commands.

CVE-2018-20334

February 26, 2023 by

An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is a command injection issue via shell metacharacters in the fb_email parameter. By using this issue, an attacker can control the router and get shell.

CVE-2018-20218

February 26, 2023 by

An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. The login form passes user input directly to a shell command without any kind of escaping or validation in /usr/share/www/check.lp file. An attacker is able to perform command injection using the “password” parameter in the login form.

CVE-2018-20122

February 26, 2023 by

The web interface on FASTGate Fastweb devices with firmware through 0.00.47_FW_200_Askey 2017-05-17 (software through 1.0.1b) exposed a CGI binary that is vulnerable to a command injection vulnerability that can be exploited to achieve remote code execution with root privileges. No authentication is required in order to trigger the vulnerability.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 16
  • Go to page 17
  • Go to page 18
  • Go to page 19
  • Go to page 20
  • Interim pages omitted …
  • Go to page 342
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE