Total
5172 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-48121 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2025-04-03 | N/A | 9.8 CRITICAL |
| TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the rsabits parameter in the setting/delStaticDhcpRules function. | |||||
| CVE-2024-41314 | 1 Totolink | 2 A6000r, A6000r Firmware | 2025-04-03 | N/A | 6.8 MEDIUM |
| TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function. | |||||
| CVE-2024-41315 | 1 Totolink | 2 A6000r, A6000r Firmware | 2025-04-03 | N/A | 6.8 MEDIUM |
| TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function. | |||||
| CVE-2024-41317 | 1 Totolink | 2 A6000r, A6000r Firmware | 2025-04-03 | N/A | 8.0 HIGH |
| TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function. | |||||
| CVE-2024-37626 | 1 Totolink | 2 A6000r, A6000r Firmware | 2025-04-03 | N/A | 8.8 HIGH |
| A command injection issue in TOTOLINK A6000R V1.0.1-B20201211.2000 firmware allows a remote attacker to execute arbitrary code via the iface parameter in the vif_enable function. | |||||
| CVE-2025-1829 | 1 Totolink | 2 X18, X18 Firmware | 2025-04-03 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in TOTOLINK X18 9.1.0cu.2024_B20220329. It has been declared as critical. This vulnerability affects the function setMtknatCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument mtkhnatEnable leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-2094 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2025-04-03 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. It has been rated as critical. Affected by this issue is the function setWiFiExtenderConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument apcliKey/key leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-2095 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2025-04-03 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical has been found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This affects the function setDmzCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-2096 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2025-04-03 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This vulnerability affects the function setRebootScheCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument mode/week/minute/recHour leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2023-23596 | 1 Jc21 | 1 Nginx Proxy Manager | 2025-04-03 | N/A | 8.8 HIGH |
| jc21 NGINX Proxy Manager through 2.9.19 allows OS command injection. When creating an access list, the backend builds an htpasswd file with crafted username and/or password input that is concatenated without any validation, and is directly passed to the exec command, potentially allowing an authenticated attacker to execute arbitrary commands on the system. NOTE: this is not part of any NGINX software shipped by F5. | |||||
| CVE-2024-25851 | 1 Netis-systems | 2 Wf2780, Wf2780 Firmware | 2025-04-03 | N/A | 8.0 HIGH |
| Netis WF2780 v2.1.40144 was discovered to contain a command injection vulnerability via the config_sequence parameter in other_para of cgitest.cgi. | |||||
| CVE-2002-1660 | 1 Jelsoft | 1 Vbulletin | 2025-04-03 | 7.5 HIGH | N/A |
| calendar.php in vBulletin before 2.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the command parameter. | |||||
| CVE-2004-2732 | 1 Netbilling | 1 Netbilling | 2025-04-03 | 4.3 MEDIUM | N/A |
| nbmember.cgi in Netbilling 2.0 allows remote attackers to obtain sensitive information via the cmd=test option, which can be leveraged to determine the access key. | |||||
| CVE-1999-0067 | 2 Apache, Ncsa | 2 Http Server, Ncsa Httpd | 2025-04-03 | 10.0 HIGH | N/A |
| phf CGI program allows remote command execution through shell metacharacters. | |||||
| CVE-2002-1898 | 1 Apple | 2 Mac Os X, Terminal | 2025-04-03 | 7.2 HIGH | N/A |
| Terminal 1.3 in Apple Mac OS X 10.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a telnet:// link, which is executed by Terminal.app window. | |||||
| CVE-2003-0041 | 3 Mandrakesoft, Mit, Redhat | 4 Mandrake Linux, Mandrake Multi Network Firewall, Kerberos Ftp Client and 1 more | 2025-04-03 | 10.0 HIGH | N/A |
| Kerberos FTP client allows remote FTP sites to execute arbitrary code via a pipe (|) character in a filename that is retrieved by the client. | |||||
| CVE-2002-0061 | 1 Apache | 1 Http Server | 2025-04-03 | 7.5 HIGH | N/A |
| Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe. | |||||
| CVE-1999-0043 | 6 Bsdi, Caldera, Isc and 3 more | 7 Bsd Os, Openlinux, Inn and 4 more | 2025-04-03 | 10.0 HIGH | 9.8 CRITICAL |
| Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others. | |||||
| CVE-2005-2368 | 1 Vim Development Group | 1 Vim | 2025-04-03 | 9.3 HIGH | N/A |
| vim 6.3 before 6.3.082, with modelines enabled, allows external user-assisted attackers to execute arbitrary commands via shell metacharacters in the (1) glob or (2) expand commands of a foldexpr expression for calculating fold levels. | |||||
| CVE-2006-0325 | 1 Etomite | 1 Etomite | 2025-04-03 | 7.5 HIGH | N/A |
| Etomite Content Management System 0.6, and possibly earlier versions, when downloaded from the web site in January 2006 after January 10, contains a back door in manager/includes/todo.inc.php, which allows remote attackers to execute arbitrary commands via the "cij" parameter. | |||||