| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The NDN-210 has a web administration panel which is made available over https. There is a command injection issue that will allow authenticated users to the administration panel to perform authenticated remote code execution. An issue exists in ngpsystemcmd.php in which the http parameters "x_modules" and "y_modules" are not properly handled. The NDN-210 is part of Barco TransForm N solution and this vulnerability is patched from TransForm N version 3.8 onwards. |
| The NDN-210 has a web administration panel which is made available over https. There is a command injection issue that will allow authenticated users to the administration panel to perform authenticated remote code execution. An issue exists in split_card_cmd.php in which the http parameter "locking" is not properly handled. The NDN-210 is part of Barco TransForm N solution and this vulnerability is patched from TransForm N version 3.8 onwards. |
| Barco TransForm N before 3.8 allows Command Injection (issue 2 of 4). The NDN-210 has a web administration panel which is made available over https. There is a command injection issue that will allow authenticated users of the administration panel to perform authenticated remote code execution. An issue exists in split_card_cmd.php in which the http parameters xmodules, ymodules and savelocking are not properly handled. The NDN-210 is part of Barco TransForm N solution and includes the patch from TransForm N version 3.8 onwards. |
| Barco TransForm NDN-210 Lite, NDN-210 Pro, NDN-211 Lite, and NDN-211 Pro before 3.8 allows Command Injection (issue 1 of 4). The NDN-210 has a web administration panel which is made available over https. The logon method is basic authentication. There is a command injection issue that will result in unauthenticated remote code execution in the username and password fields of the logon prompt. The NDN-210 is part of Barco TransForm N solution and includes the patch from TransForm N version 3.8 onwards. |
| A Remote Code Execution vulnerability exist in Uffizio's GPS Tracker all versions. The web server can be compromised by uploading and executing a web/reverse shell. An attacker could then run commands, browse system files, and browse local resources |
| SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution via the ipAddr parameter to the system_log.cgi page. |
| USVN (aka User-friendly SVN) before 1.0.9 allows remote code execution via shell metacharacters in the number_start or number_end parameter to LastHundredRequest (aka lasthundredrequestAction) in the Timeline module. NOTE: this may overlap CVE-2020-25069. |
| HEVC Video Extensions Remote Code Execution Vulnerability |
| HEVC Video Extensions Remote Code Execution Vulnerability |
| HEVC Video Extensions Remote Code Execution Vulnerability |
| HEVC Video Extensions Remote Code Execution Vulnerability |
| HEVC Video Extensions Remote Code Execution Vulnerability |
| AV1 Video Extension Remote Code Execution Vulnerability |
| Visual Studio Code JSHint Extension Remote Code Execution Vulnerability |
| HEIF Image Extensions Remote Code Execution Vulnerability |
| Microsoft Teams Remote Code Execution Vulnerability |
| Raw Image Extension Remote Code Execution Vulnerability |
| Microsoft Exchange Server Remote Code Execution Vulnerability |
| Microsoft Exchange Server Remote Code Execution Vulnerability |
| Raw Image Extension Remote Code Execution Vulnerability |
