Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-23 | CVE-2023-49213 | Command Injection vulnerability in Ironmansoftware Powershell Universal The API endpoints in Ironman PowerShell Universal 3.0.0 through 4.2.0 allow remote attackers to execute arbitrary commands via crafted HTTP requests if a param block is used, due to invalid sanitization of input strings. | 8.8 |
| 2023-11-23 | CVE-2023-49210 | Command Injection vulnerability in Node-Openssl Project Node-Openssl 1.0.2 The openssl (aka node-openssl) NPM package through 2.0.0 was characterized as "a nonsense wrapper with no real purpose" by its author, and accepts an opts argument that contains a verb field (used for command execution). | 9.8 |
| 2023-11-14 | CVE-2023-45625 | Command Injection vulnerability in multiple products Multiple authenticated command injection vulnerabilities exist in the command line interface. | 7.2 |
| 2023-11-14 | CVE-2023-42326 | Command Injection vulnerability in Netgate Pfsense and Pfsense Plus An issue in Netgate pfSense v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the interfaces_gif_edit.php and interfaces_gre_edit.php components. | 8.8 |
| 2023-11-06 | CVE-2023-47253 | Command Injection vulnerability in Qualitor Qalitor Qualitor through 8.20 allows remote attackers to execute arbitrary code via PHP code in the html/ad/adpesquisasql/request/processVariavel.php gridValoresPopHidden parameter. | 9.8 |
| 2023-11-01 | CVE-2023-20219 | Command Injection vulnerability in Cisco Secure Firewall Management Center Multiple vulnerabilities in the web management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. | 8.8 |
| 2023-11-01 | CVE-2023-20220 | Command Injection vulnerability in Cisco Secure Firewall Management Center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. | 8.8 |
| 2023-10-31 | CVE-2023-46484 | Command Injection vulnerability in Totolink X6000R Firmware 9.4.0Cu.852B20230719 An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setLedCfg function. | 9.8 |
| 2023-10-31 | CVE-2023-46485 | Command Injection vulnerability in Totolink X6000R Firmware 9.4.0Cu.852B20230719 An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setTracerouteCfg function of the stecgi.cgi component. | 9.8 |
| 2023-10-31 | CVE-2023-46993 | Command Injection vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024 In TOTOLINK A3300R V17.0.0cu.557_B20221024 when dealing with setLedCfg request, there is no verification for the enable parameter, which can lead to command injection. | 9.8 |