Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-01 | CVE-2023-43455 | Command Injection vulnerability in Totolink X6000R Firmware 9.4.0Cu.652B20230116/9.4.0Cu.852B20230719 An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the command parameter of the setting/setTracerouteCfg component. | 9.8 |
| 2023-11-30 | CVE-2023-6071 | Command Injection vulnerability in Trellix Enterprise Security Manager 11.6.8 An Improper Neutralization of Special Elements used in a command vulnerability in ESM prior to version 11.6.9 allows a remote administrator to execute arbitrary code as root on the ESM. | 7.2 |
| 2023-11-27 | CVE-2023-49040 | Command Injection vulnerability in Tenda Ax1803 Firmware 1.0.0.1 An issue in Tneda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the adslPwd parameter in the form_fast_setting_internet_set function. | 9.8 |
| 2023-11-23 | CVE-2023-49213 | Command Injection vulnerability in Ironmansoftware Powershell Universal The API endpoints in Ironman PowerShell Universal 3.0.0 through 4.2.0 allow remote attackers to execute arbitrary commands via crafted HTTP requests if a param block is used, due to invalid sanitization of input strings. | 8.8 |
| 2023-11-23 | CVE-2023-49210 | Command Injection vulnerability in Node-Openssl Project Node-Openssl 1.0.2 The openssl (aka node-openssl) NPM package through 2.0.0 was characterized as "a nonsense wrapper with no real purpose" by its author, and accepts an opts argument that contains a verb field (used for command execution). | 9.8 |
| 2023-11-14 | CVE-2023-45625 | Command Injection vulnerability in multiple products Multiple authenticated command injection vulnerabilities exist in the command line interface. | 7.2 |
| 2023-11-14 | CVE-2023-42326 | Command Injection vulnerability in Netgate Pfsense and Pfsense Plus An issue in Netgate pfSense v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the interfaces_gif_edit.php and interfaces_gre_edit.php components. | 8.8 |
| 2023-11-06 | CVE-2023-47253 | Command Injection vulnerability in Qualitor Qalitor Qualitor through 8.20 allows remote attackers to execute arbitrary code via PHP code in the html/ad/adpesquisasql/request/processVariavel.php gridValoresPopHidden parameter. | 9.8 |
| 2023-11-01 | CVE-2023-20219 | Command Injection vulnerability in Cisco Firepower Management Center Multiple vulnerabilities in the web management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. | 8.8 |
| 2023-11-01 | CVE-2023-20220 | Command Injection vulnerability in Cisco Firepower Management Center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. | 8.8 |