CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Related To CWE-77

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2023-22884 77 Sql 2023-01-21 2023-01-23
0.0
None ??? ??? ??? ??? ??? ???
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0.
2 CVE-2023-22671 77 2023-01-06 2023-01-12
0.0
None ??? ??? ??? ??? ??? ???
Ghidra/RuntimeScripts/Linux/support/launch.sh in NSA Ghidra through 10.2.2 passes user-provided input into eval, leading to command injection when calling analyzeHeadless with untrusted input.
3 CVE-2023-22496 77 Exec Code 2023-01-14 2023-01-24
0.0
None ??? ??? ??? ??? ??? ???
Netdata is an open source option for real-time infrastructure monitoring and troubleshooting. An attacker with the ability to establish a streaming connection can execute arbitrary commands on the targeted Netdata agent. When an alert is triggered, the function `health_alarm_execute` is called. This function performs different checks and then enqueues a command by calling `spawn_enq_cmd`. This command is populated with several arguments that are not sanitized. One of them is the `registry_hostname` of the node for which the alert is raised. By providing a specially crafted `registry_hostname` as part of the health data that is streamed to a Netdata (parent) agent, an attacker can execute arbitrary commands at the remote host as a side-effect of the raised alert. Note that the commands are executed as the user running the Netdata Agent. This user is usually named `netdata`. The ability to run arbitrary commands may allow an attacker to escalate privileges by escalating other vulnerabilities in the system, as that user. The problem has been fixed in: Netdata agent v1.37 (stable) and Netdata agent v1.36.0-409 (nightly). As a workaround, streaming is not enabled by default. If you have previously enabled this, it can be disabled. Limiting access to the port on the recipient Agent to trusted child connections may mitigate the impact of this vulnerability.
4 CVE-2023-0315 77 2023-01-16 2023-01-24
0.0
None ??? ??? ??? ??? ??? ???
Command Injection in GitHub repository froxlor/froxlor prior to 2.0.8.
5 CVE-2023-0039 77 Exec Code Bypass 2023-01-03 2023-01-10
0.0
None ??? ??? ??? ??? ??? ???
The User Post Gallery - UPG plugin for WordPress is vulnerable to authorization bypass which leads to remote command execution due to the use of a nopriv AJAX action and user supplied function calls and parameters in versions up to, and including 2.19. This makes it possible for unauthenticated attackers to call arbitrary PHP functions and perform actions like adding new files that can be webshells and updating the site's options to allow anyone to register as an administrator.
6 CVE-2022-48126 77 2023-01-20 2023-01-26
0.0
None ??? ??? ??? ??? ??? ???
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the username parameter in the setting/setOpenVpnCertGenerationCfg function.
7 CVE-2022-48125 77 2023-01-20 2023-01-26
0.0
None ??? ??? ??? ??? ??? ???
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the password parameter in the setting/setOpenVpnCertGenerationCfg function.
8 CVE-2022-48124 77 2023-01-20 2023-01-26
0.0
None ??? ??? ??? ??? ??? ???
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the FileName parameter in the setting/setOpenVpnCertGenerationCfg function.
9 CVE-2022-48123 77 2023-01-20 2023-01-26
0.0
None ??? ??? ??? ??? ??? ???
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the servername parameter in the setting/delStaticDhcpRules function.
10 CVE-2022-48122 77 2023-01-20 2023-01-26
0.0
None ??? ??? ??? ??? ??? ???
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the dayvalid parameter in the setting/delStaticDhcpRules function.
11 CVE-2022-48121 77 2023-01-20 2023-01-26
0.0
None ??? ??? ??? ??? ??? ???
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the rsabits parameter in the setting/delStaticDhcpRules function.
12 CVE-2022-47853 77 2023-01-17 2023-01-25
0.0
None ??? ??? ??? ??? ??? ???
TOTOlink A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection Vulnerability in the httpd service. An attacker can obtain a stable root shell through a specially constructed payload.
13 CVE-2022-47210 77 Exec Code 2022-12-16 2022-12-29
0.0
None ??? ??? ??? ??? ??? ???
The default console presented to users over telnet (when enabled) is restricted to a subset of commands. Commands issued at this console, however, appear to be fed directly into a system call or other similar function. This allows any authenticated user to execute arbitrary commands on the device.
14 CVE-2022-46642 77 2022-12-23 2022-12-30
0.0
None ??? ??? ??? ??? ??? ???
D-Link DIR-846 A1_FW100A43 was discovered to contain a command injection vulnerability via the auto_upgrade_hour parameter in the SetAutoUpgradeInfo function.
15 CVE-2022-46641 77 2022-12-23 2022-12-30
0.0
None ??? ??? ??? ??? ??? ???
D-Link DIR-846 A1_FW100A43 was discovered to contain a command injection vulnerability via the lan(0)_dhcps_staticlist parameter in the SetIpMacBindSettings function.
16 CVE-2022-46634 77 2022-12-15 2022-12-21
0.0
None ??? ??? ??? ??? ??? ???
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiWpsCfg function.
17 CVE-2022-46631 77 2022-12-15 2022-12-21
0.0
None ??? ??? ??? ??? ??? ???
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiSignalCfg function.
18 CVE-2022-46538 77 2022-12-20 2022-12-24
0.0
None ??? ??? ??? ??? ??? ???
Tenda F1203 V2.0.1.6 was discovered to contain a command injection vulnerability via the mac parameter at /goform/WriteFacMac.
19 CVE-2022-46476 77 2023-01-19 2023-01-26
0.0
None ??? ??? ??? ??? ??? ???
D-Link DIR-859 A1 1.05 was discovered to contain a command injection vulnerability via the service= variable in the soapcgi_main function.
20 CVE-2022-46421 77 2022-12-20 2022-12-30
0.0
None ??? ??? ??? ??? ??? ???
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider: before 5.0.0.
21 CVE-2022-46404 77 2022-12-13 2022-12-27
0.0
None ??? ??? ??? ??? ??? ???
A command injection vulnerability has been identified in Atos Unify OpenScape 4000 Assistant and Unify OpenScape 4000 Manager (8 before R2.22.18, 10 before 0.28.13, and 10 R1 before R1.34.4) that may allow an unauthenticated attacker to upload arbitrary files and achieve administrative access to the system.
22 CVE-2022-46333 77 Exec Code 2022-12-06 2022-12-09
0.0
None ??? ??? ??? ??? ??? ???
The admin user interface in Proofpoint Enterprise Protection (PPS/PoD) contains a command injection vulnerability that enables an admin to execute commands beyond their allowed scope. This affects all versions 8.19.0 and below.
23 CVE-2022-46169 77 Exec Code Bypass 2022-12-05 2022-12-06
0.0
None ??? ??? ??? ??? ??? ???
Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users. In affected versions a command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a specific data source was selected for any monitored device. The vulnerability resides in the `remote_agent.php` file. This file can be accessed without authentication. This function retrieves the IP address of the client via `get_client_addr` and resolves this IP address to the corresponding hostname via `gethostbyaddr`. After this, it is verified that an entry within the `poller` table exists, where the hostname corresponds to the resolved hostname. If such an entry was found, the function returns `true` and the client is authorized. This authorization can be bypassed due to the implementation of the `get_client_addr` function. The function is defined in the file `lib/functions.php` and checks serval `$_SERVER` variables to determine the IP address of the client. The variables beginning with `HTTP_` can be arbitrarily set by an attacker. Since there is a default entry in the `poller` table with the hostname of the server running Cacti, an attacker can bypass the authentication e.g. by providing the header `Forwarded-For: <TARGETIP>`. This way the function `get_client_addr` returns the IP address of the server running Cacti. The following call to `gethostbyaddr` will resolve this IP address to the hostname of the server, which will pass the `poller` hostname check because of the default entry. After the authorization of the `remote_agent.php` file is bypassed, an attacker can trigger different actions. One of these actions is called `polldata`. The called function `poll_for_data` retrieves a few request parameters and loads the corresponding `poller_item` entries from the database. If the `action` of a `poller_item` equals `POLLER_ACTION_SCRIPT_PHP`, the function `proc_open` is used to execute a PHP script. The attacker-controlled parameter `$poller_id` is retrieved via the function `get_nfilter_request_var`, which allows arbitrary strings. This variable is later inserted into the string passed to `proc_open`, which leads to a command injection vulnerability. By e.g. providing the `poller_id=;id` the `id` command is executed. In order to reach the vulnerable call, the attacker must provide a `host_id` and `local_data_id`, where the `action` of the corresponding `poller_item` is set to `POLLER_ACTION_SCRIPT_PHP`. Both of these ids (`host_id` and `local_data_id`) can easily be bruteforced. The only requirement is that a `poller_item` with an `POLLER_ACTION_SCRIPT_PHP` action exists. This is very likely on a productive instance because this action is added by some predefined templates like `Device - Uptime` or `Device - Polling Time`. This command injection vulnerability allows an unauthenticated user to execute arbitrary commands if a `poller_item` with the `action` type `POLLER_ACTION_SCRIPT_PHP` (`2`) is configured. The authorization bypass should be prevented by not allowing an attacker to make `get_client_addr` (file `lib/functions.php`) return an arbitrary IP address. This could be done by not honoring the `HTTP_...` `$_SERVER` variables. If these should be kept for compatibility reasons it should at least be prevented to fake the IP address of the server running Cacti. This vulnerability has been addressed in both the 1.2.x and 1.3.x release branches with `1.2.23` being the first release containing the patch.
24 CVE-2022-45996 77 2022-12-12 2022-12-14
0.0
None ??? ??? ??? ??? ??? ???
Tenda W20E V16.01.0.6(3392) is vulnerable to Command injection via cmd_get_ping_output.
25 CVE-2022-45977 77 2022-12-12 2022-12-14
0.0
None ??? ??? ??? ??? ??? ???
Tenda AX12 V22.03.01.21_CN was found to have a command injection vulnerability via /goform/setMacFilterCfg function.
26 CVE-2022-45907 77 Exec Code 2022-11-26 2022-11-28
0.0
None ??? ??? ??? ??? ??? ???
In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely.
27 CVE-2022-45796 77 Exec Code 2022-12-16 2022-12-27
0.0
None ??? ??? ??? ??? ??? ???
Command injection vulnerability in nw_interface.html in SHARP multifunction printers (MFPs)'s Digital Full-color Multifunctional System 202 or earlier, 120 or earlier, 600 or earlier, 121 or earlier, 500 or earlier, 402 or earlier, 790 or earlier, and Digital Multifunctional System (Monochrome) 200 or earlier, 211 or earlier, 102 or earlier, 453 or earlier, 400 or earlier, 202 or earlier, 602 or earlier, 500 or earlier, 401 or earlier allows remote attackers to execute arbitrary commands via unspecified vectors.
28 CVE-2022-45717 77 2022-12-23 2023-01-04
0.0
None ??? ??? ??? ??? ??? ???
IP-COM M50 V15.11.0.33(10768) was discovered to contain a command injection vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function. This vulnerability is exploited via a crafted GET request.
29 CVE-2022-45506 77 2022-12-08 2022-12-09
0.0
None ??? ??? ??? ??? ??? ???
Tenda W30E v1.0.1.25(633) was discovered to contain a command injection vulnerability via the fileNameMit parameter at /goform/delFileName.
30 CVE-2022-45497 77 2022-12-08 2022-12-09
0.0
None ??? ??? ??? ??? ??? ???
Tenda W6-S v1.0.0.4(510) was discovered to contain a command injection vulnerability in the tpi_get_ping_output function at /goform/exeCommand.
31 CVE-2022-45462 77 2022-11-23 2022-11-26
0.0
None ??? ??? ??? ??? ??? ???
Alarm instance management has command injection when there is a specific command configured. It is only for logged-in users. We recommend you upgrade to version 2.0.6 or higher
32 CVE-2022-45094 77 Exec Code 2023-01-10 2023-01-14
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote attacker with access to the Web Based Management (443/tcp) of the affected product, could potentially inject commands into the dhcpd configuration of the affected product. An attacker might leverage this to trigger remote code execution on the affected component.
33 CVE-2022-45063 77 Exec Code 2022-11-10 2022-12-02
0.0
None ??? ??? ??? ??? ??? ???
xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions.
34 CVE-2022-45043 77 2022-12-12 2022-12-14
0.0
None ??? ??? ??? ??? ??? ???
Tenda AX12 V22.03.01.16_cn is vulnerable to command injection via goform/fast_setting_internet_set.
35 CVE-2022-45025 77 2022-12-07 2022-12-08
0.0
None ??? ??? ??? ??? ??? ???
Markdown Preview Enhanced v0.6.5 and v0.19.6 for VSCode and Atom was discovered to contain a command injection vulnerability via the PDF file import function.
36 CVE-2022-45005 77 2022-12-13 2022-12-16
0.0
None ??? ??? ??? ??? ??? ???
IP-COM EW9 V15.11.0.14(9732) was discovered to contain a command injection vulnerability in the cmd_get_ping_output function.
37 CVE-2022-44930 77 2022-12-02 2022-12-05
0.0
None ??? ??? ??? ??? ??? ???
D-Link DHP-W310AV 3.10EU was discovered to contain a command injection vulnerability via the System Checks function.
38 CVE-2022-44928 77 2022-12-02 2022-12-05
0.0
None ??? ??? ??? ??? ??? ???
D-Link DVG-G5402SP GE_1.03 was discovered to contain a command injection vulnerability via the Maintenance function.
39 CVE-2022-44844 77 2022-11-25 2022-12-01
0.0
None ??? ??? ??? ??? ??? ???
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pass parameter in the setting/setOpenVpnCfg function.
40 CVE-2022-44843 77 2022-11-25 2022-12-01
0.0
None ??? ??? ??? ??? ??? ???
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the port parameter in the setting/setOpenVpnClientCfg function.
41 CVE-2022-44832 77 2022-12-14 2022-12-16
0.0
None ??? ??? ??? ??? ??? ???
D-Link DIR-3040 device with firmware 120B03 was discovered to contain a command injection vulnerability via the SetTriggerLEDBlink function.
42 CVE-2022-44621 77 2022-12-30 2023-01-09
0.0
None ??? ??? ??? ??? ??? ???
Diagnosis Controller miss parameter validation, so user may attacked by command injection via HTTP Request.
43 CVE-2022-44252 77 2022-11-23 2022-11-26
0.0
None ??? ??? ??? ??? ??? ???
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the setUploadSetting function.
44 CVE-2022-44251 77 2022-11-23 2022-11-26
0.0
None ??? ??? ??? ??? ??? ???
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the ussd parameter in the setUssd function.
45 CVE-2022-44250 77 2022-11-23 2022-11-26
0.0
None ??? ??? ??? ??? ??? ???
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the hostName parameter in the setOpModeCfg function.
46 CVE-2022-44249 77 2022-11-23 2022-11-26
0.0
None ??? ??? ??? ??? ??? ???
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the UploadFirmwareFile function.
47 CVE-2022-43781 77 Exec Code 2022-11-17 2022-11-18
0.0
None ??? ??? ??? ??? ??? ???
There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be unauthenticated if the Bitbucket Server and Data Center instance has enabled “Allow public signup”.
48 CVE-2022-43695 77 XSS 2022-11-14 2022-11-17
0.0
None ??? ??? ??? ??? ??? ???
Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Stored Cross-Site Scripting (XSS) in dashboard/system/express/entities/associations because Concrete CMS allows association with an entity name that doesn’t exist or, if it does exist, contains XSS since it was not properly sanitized. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+.
49 CVE-2022-43538 77 Exec Code 2023-01-05 2023-01-11
0.0
None ??? ??? ??? ??? ??? ???
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploits could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below.
50 CVE-2022-43537 77 Exec Code 2023-01-05 2023-01-11
0.0
None ??? ??? ??? ??? ??? ???
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploits could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below.
Total number of vulnerabilities : 1260   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.