Export limit exceeded: 19619 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19619 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-10060 | 1 Netgear | 2 Dgn2200b, Dgn2200b Firmware | 2026-03-23 | 7.2 High |
| An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN2200B model) firmware versions 1.0.0.36 and prior via the pppoe.cgi endpoint. A remote attacker with valid credentials can execute arbitrary commands via crafted input to the pppoe_username parameter. This flaw allows full compromise of the device and may persist across reboots unless configuration is restored. | ||||
| CVE-2013-10059 | 2 D-link, Dlink | 3 Dir-615, Dir-615h, Dir-615h Firmware | 2026-03-23 | 7.2 High |
| An authenticated OS command injection vulnerability exists in various D-Link routers (tested on DIR-615H1 running firmware version 8.04) via the tools_vct.htm endpoint. The web interface fails to sanitize input passed from the ping_ipaddr parameter to the tools_vct.htm diagnostic interface, allowing attackers to inject arbitrary shell commands using backtick encapsulation. With default credentials, an attacker can exploit this blind injection vector to execute arbitrary commands. | ||||
| CVE-2013-10053 | 1 Zpanel Project | 1 Zpanel | 2026-03-23 | N/A |
| A remote command execution vulnerability exists in ZPanel version 10.0.0.2 in its htpasswd module. When creating .htaccess files, the inHTUsername field is passed unsanitized to a system() call that invokes the system’s htpasswd binary. By injecting shell metacharacters into the username field, an authenticated attacker can execute arbitrary system commands. Exploitation requires a valid ZPanel account—such as one in the default Users, Resellers, or Administrators groups—but no elevated privileges. | ||||
| CVE-2013-10050 | 2 D-link, Dlink | 6 Dir-300, Dir-615, Dir-300 and 3 more | 2026-03-23 | 8.8 High |
| An OS command injection vulnerability exists in multiple D-Link routers—confirmed on DIR-300 rev A (v1.05) and DIR-615 rev D (v4.13)—via the authenticated tools_vct.xgi CGI endpoint. The web interface fails to properly sanitize user-supplied input in the pingIp parameter, allowing attackers with valid credentials to inject arbitrary shell commands. Exploitation enables full device compromise, including spawning a telnet daemon and establishing a root shell. The vulnerability is present in firmware versions that expose tools_vct.xgi and use the Mathopd/1.5p6 web server. No vendor patch is available, and affected models are end-of-life. | ||||
| CVE-2013-10048 | 2 D-link, Dlink | 6 Dir-300, Dir-600, Dir-300 and 3 more | 2026-03-23 | 9.8 Critical |
| An OS command injection vulnerability exists in various legacy D-Link routers—including DIR-300 rev B and DIR-600 (firmware ≤ 2.13 and ≤ 2.14b01, respectively)—due to improper input handling in the unauthenticated command.php endpoint. By sending specially crafted POST requests, a remote attacker can execute arbitrary shell commands with root privileges, allowing full takeover of the device. This includes launching services such as Telnet, exfiltrating credentials, modifying system configuration, and disrupting availability. The flaw stems from the lack of authentication and inadequate sanitation of the cmd parameter. | ||||
| CVE-2013-10037 | 2 Eppler Software, Webtester | 2 Webtester, Webtester | 2026-03-23 | N/A |
| An OS command injection vulnerability exists in WebTester version 5.x via the install2.php installation script. The parameters cpusername, cppassword, and cpdomain are passed directly to shell commands without sanitization. A remote unauthenticated attacker can exploit this flaw by sending a crafted HTTP POST request, resulting in arbitrary command execution on the underlying system with web server privileges. | ||||
| CVE-2012-10059 | 1 Dolibarr | 2 Dolibarr, Dolibarr Erp/crm | 2026-03-23 | N/A |
| Dolibarr ERP/CRM versions <= 3.1.1 and <= 3.2.0 contain a post-authenticated OS command injection vulnerability in its database backup feature. The export.php script fails to sanitize the sql_compat parameter, allowing authenticated users to inject arbitrary system commands, resulting in remote code execution on the server. | ||||
| CVE-2012-10040 | 1 Openfiler | 1 Openfiler | 2026-03-23 | N/A |
| Openfiler v2.x contains a command injection vulnerability in the system.html page. The device parameter is used to instantiate a NetworkCard object, whose constructor in network.inc calls exec() with unsanitized input. An authenticated attacker can exploit this to execute arbitrary commands as the openfiler user. Due to misconfigured sudoers, the openfiler user can escalate privileges to root via sudo /bin/bash without a password. | ||||
| CVE-2012-10028 | 1 Netwin | 1 Surgeftp | 2026-03-23 | N/A |
| Netwin SurgeFTP version 23c8 and prior contains a vulnerability in its web-based administrative console that allows authenticated users to execute arbitrary system commands via crafted POST requests to `surgeftpmgr.cgi`. This can lead to full remote code execution on the underlying system. | ||||
| CVE-2011-10026 | 1 Spreecommerce | 1 Spree | 2026-03-23 | 9.8 Critical |
| Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the search[instance_eval] parameter, which is dynamically invoked using Ruby’s send method. This flaw enables unauthenticated attackers to execute commands on the server. | ||||
| CVE-2010-10013 | 1 Ajaxplorer | 1 Ajaxplorer | 2026-03-23 | N/A |
| An unauthenticated remote command execution vulnerability exists in AjaXplorer (now known as Pydio Cells) versions prior to 2.6. The flaw resides in the checkInstall.php script within the access.ssh plugin, which fails to properly sanitize user-supplied input to the destServer GET parameter. By injecting shell metacharacters, remote attackers can execute arbitrary system commands on the server with the privileges of the web server process. | ||||
| CVE-2026-4170 | 1 Topsec | 1 Topacm | 2026-03-23 | 9.8 Critical |
| A weakness has been identified in Topsec TopACM 3.0. Affected by this vulnerability is an unknown functionality of the file /view/systemConfig/management/nmc_sync.php of the component HTTP Request Handler. Executing a manipulation of the argument template_path can lead to os command injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-14287 | 1 Mlflow | 1 Mlflow | 2026-03-23 | 7.8 High |
| A command injection vulnerability exists in mlflow/mlflow versions before v3.7.0, specifically in the `mlflow/sagemaker/__init__.py` file at lines 161-167. The vulnerability arises from the direct interpolation of user-supplied container image names into shell commands without proper sanitization, which are then executed using `os.system()`. This allows attackers to execute arbitrary commands by supplying malicious input through the `--container` parameter of the CLI. The issue affects environments where MLflow is used, including development setups, CI/CD pipelines, and cloud deployments. | ||||
| CVE-2026-4181 | 2 D-link, Dlink | 3 Dir-816, Dir-816, Dir-816 Firmware | 2026-03-23 | 9.8 Critical |
| A security flaw has been discovered in D-Link DIR-816 1.10CNB05. This affects an unknown function of the file /goform/form2RepeaterStep2.cgi of the component goahead. The manipulation of the argument key1/key2/key3/key4/pskValue results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2026-4182 | 2 D-link, Dlink | 3 Dir-816, Dir-816, Dir-816 Firmware | 2026-03-23 | 9.8 Critical |
| A weakness has been identified in D-Link DIR-816 1.10CNB05. This impacts an unknown function of the file /goform/form2Wl5RepeaterStep2.cgi of the component goahead. This manipulation of the argument key1/key2/key3/key4/pskValue causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2026-4183 | 2 D-link, Dlink | 3 Dir-816, Dir-816, Dir-816 Firmware | 2026-03-23 | 9.8 Critical |
| A security vulnerability has been detected in D-Link DIR-816 1.10CNB05. Affected is an unknown function of the file /goform/form2WlanBasicSetup.cgi of the component goahead. Such manipulation of the argument pskValue leads to stack-based buffer overflow. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2026-4184 | 2 D-link, Dlink | 3 Dir-816, Dir-816, Dir-816 Firmware | 2026-03-23 | 9.8 Critical |
| A vulnerability was detected in D-Link DIR-816 1.10CNB05. Affected by this vulnerability is an unknown functionality of the file /goform/form2Wl5BasicSetup.cgi of the component goahead. Performing a manipulation of the argument pskValue results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2026-4211 | 2 D-link, Dlink | 60 Dnr-202l, Dnr-322l, Dnr-326 and 57 more | 2026-03-23 | 8.8 High |
| A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected by this issue is the function Local_Backup_Info of the file /cgi-bin/local_backup_mgr.cgi. This manipulation of the argument f_idx causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2026-4212 | 2 D-link, Dlink | 60 Dnr-202l, Dnr-322l, Dnr-326 and 57 more | 2026-03-23 | 8.8 High |
| A security vulnerability has been detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This affects the function Downloads_Schedule_Info of the file /cgi-bin/download_mgr.cgi. Such manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-4213 | 2 D-link, Dlink | 60 Dnr-202l, Dnr-322l, Dnr-326 and 57 more | 2026-03-23 | 8.8 High |
| A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This vulnerability affects the function cgi_myfavorite_del_user/cgi_myfavorite_verify of the file /cgi-bin/gui_mgr.cgi. Performing a manipulation results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used. | ||||