Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated
A post-authentication command injection vulnerability in the "ZyEE" function of the Zyxel EX5601-T1 firmware version V5.70(ACDZ.3.6)C0 and earlier could allow an authenticated attacker with administra
A vulnerability in Cisco NX-OS Software could allow an authenticated, local attacker with privileges to access the Bash shell to execute arbitrary code as root on an affected device.
This vuln
A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN Gateways Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successfu
A command injection vulnerability has been identified in the Telnet command-line interface (CLI) of TP-Link TL-MR6400 v5.3. This issue is caused by insufficient sanitization of data processed during
A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with administrative privileges to execute arbitrary commands as root on the underlying operating system
A vulnerability in the web interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass authentication and execute script files on an a
An authenticated command injection vulnerability exists in the Polycom HDX Series command shell interface accessible over Telnet. The lan traceroute command in the devcmds console accepts unsanitized
OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the action_wireless in file /usr/lib/lua/luci/control/admin
An authenticated OS command injection vulnerability exists in various Linksys router models (tested on WRT160Nv2) running firmware version v2.0.03 via the apply.cgi endpoint. The web interface fails t
An OS Command Injection vulnerability exists within myPRO Manager. A parameter within a command can be exploited by an unauthenticated remote attacker to inject arbitrary operating system commands.
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3)
A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Explorer-TachyonCore-FindFileBySizeAndHash instruction prior V21.1. Improper input valida
An authenticated multi-stage remote code execution vulnerability exists in Riverbed SteelCentral NetProfiler and NetExpress 10.8.7 virtual appliances. A SQL injection vulnerability in the '/api/common
An low privileged remote attacker can execute OS commands with root privileges due to improper neutralization of special elements in user data.
OS Command Injection vulnerability in Ruijie M18 EW_3.0(1)B11P226_M18_10223116 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_
A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbi
A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbi
A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbi
A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbi