High
CVSS: 8.8
A code injection vulnerability exists in the Ambari Alert Definition
feature, allowing authenticated users to inject and execute arbitrary
shell commands. The vulnerability arises when defining alert scripts,
where the script filename fi…
High
CVSS: 8.2
Linksys E8450 v1.2.00.360516 was discovered to contain a command injection vulnerability via userEmail.
High
CVSS: 8.0
Linksys E8450 v1.2.00.360516 was discovered to contain a command injection vulnerability via wizard_status.
Critical
CVSS: 9.1
The script input feature of SpagoBI 3.5.1 allows arbitrary code execution.
High
CVSS: 8.1
TOTOLINK A810R V4.1.2cu.5032_B20200407 was found to contain a command insertion vulnerability in downloadFile.cgi main function. This vulnerability allows an attacker to execute arbitrary commands by sending HTTP request.
Critical
CVSS: 9.1
IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.1.0.0, and 6.2.0.0 could allow a privileged user to inject commands into the underlying operating system due to improper validation of a specified type of input.
Low
CVSS: 2.0
Multiple bash files were present in the application's private directory.
Bash files can be used on their own, by an attacker that has already
full access to the mobile platform to compromise the translations for
the application.
High
CVSS: 8.7
A JNDI injection issue was discovered in Cloudera JDBC Connector for Hive before 2.6.26 and JDBC Connector for Impala before 2.6.35. Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the process w…
Critical
CVSS: 9.8
Tenda AC18 V15.03.05.19 was discovered to contain a command injection vulnerability via the usbName parameter in the formSetSambaConf function.
Critical
CVSS: 9.8
RE11S v1.11 was discovered to contain a command injection vulnerability via the component /goform/formAccept.
High
CVSS: 7.2
Authenticated command injection vulnerability in the command line interface of a network management service. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands as a privileged user on the und…
Critical
CVSS: 9.1
Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can make an authenticat…
Critical
CVSS: 9.1
Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can make an authenticat…
Critical
CVSS: 9.1
Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can make an authenticat…
Critical
CVSS: 9.1
Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an…
Critical
CVSS: 9.1
Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an…
Critical
CVSS: 9.1
Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an…
Critical
CVSS: 9.1
Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an…
Critical
CVSS: 10.0
Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an unauthent…
Critical
CVSS: 10.0
Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an unauthent…