Total
1397 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-6633 | 1 Tryton | 1 Tryton | 2018-05-22 | 9.0 HIGH | 8.8 HIGH |
| The safe_eval function in trytond in Tryton before 2.4.15, 2.6.x before 2.6.14, 2.8.x before 2.8.11, 3.0.x before 3.0.7, and 3.2.x before 3.2.3 allows remote authenticated users to execute arbitrary commands via shell metacharacters in (1) the collection.domain in the webdav module or (2) the formula field in the price_list module. | |||||
| CVE-2014-8888 | 1 D-link | 2 Dir-815, Dir-815 Firmware | 2018-05-18 | 10.0 HIGH | 9.8 CRITICAL |
| The remote administration interface in D-Link DIR-815 devices with firmware before 2.03.B02 allows remote attackers to execute arbitrary commands via vectors related to an "HTTP command injection issue." | |||||
| CVE-2014-3114 | 1 Ezpz-one-click-backup Project | 1 Ezpz-one-click-backup | 2018-05-18 | 7.5 HIGH | 9.8 CRITICAL |
| The EZPZ One Click Backup (ezpz-one-click-backup) plugin 12.03.10 and earlier for WordPress allows remote attackers to execute arbitrary commands via the cmd parameter to functions/ezpz-archive-cmd.php. | |||||
| CVE-2014-6120 | 1 Ibm | 2 Rational Appscan Source, Security Appscan Source | 2018-05-11 | 10.0 HIGH | 9.8 CRITICAL |
| IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through 8.5.0.1 and Security AppScan Source 8.6 through 8.6.0.2, 8.7 through 8.7.0.1, 8.8, 9.0 through 9.0.0.1, and 9.0.1 allow remote attackers to execute arbitrary commands on the installation server via unspecified vectors. IBM X-Force ID: 96721. | |||||
| CVE-2014-4677 | 1 Gpgtools | 1 Libmacgpg | 2018-05-02 | 7.2 HIGH | 7.8 HIGH |
| The installPackage function in the installerHelper subcomponent in Libmacgpg in GPG Suite before 2015.06 allows local users to execute arbitrary commands with root privileges via shell metacharacters in the xmlPath argument. | |||||
| CVE-2016-2397 | 1 Sonicwall | 4 Analyzer, Global Management System, Uma Em5000 and 1 more | 2018-03-12 | 10.0 HIGH | 9.8 CRITICAL |
| The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted XML data. | |||||
| CVE-2016-2396 | 1 Sonicwall | 4 Analyzer, Global Management System, Uma Em5000 and 1 more | 2018-03-12 | 9.0 HIGH | 9.9 CRITICAL |
| The GMS ViewPoint (GMSVP) web application in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote authenticated users to execute arbitrary commands via vectors related to configuration input. | |||||
| CVE-2016-8523 | 1 Hp | 1 Smart Storage Administrator | 2018-03-05 | 9.0 HIGH | 8.8 HIGH |
| A Remote Arbitrary Code Execution vulnerability in HPE Smart Storage Administrator version before v2.60.18.0 was found. | |||||
| CVE-2017-1720 | 1 Ibm | 2 Client Application Access, Notes | 2018-03-01 | 4.6 MEDIUM | 5.3 MEDIUM |
| IBM Notes 8.5 and 9.0 could allow a local attacker to execute arbitrary commands by carefully crafting a command line sent via the shared memory IPC. IBM X-Force ID: 134807. | |||||
| CVE-2014-1834 | 1 Echor Project | 1 Echor | 2018-02-14 | 4.6 MEDIUM | 7.8 HIGH |
| The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to inject arbitrary code by adding a semi-colon in their username or password. | |||||
| CVE-2016-0324 | 1 Ibm | 1 Security Identity Manager Virtual Appliance | 2018-01-29 | 9.0 HIGH | 8.8 HIGH |
| IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote authenticated users to execute arbitrary code with administrator privileges via unspecified vectors. IBM X-Force ID: 111640. | |||||
| CVE-2014-4336 | 1 Linuxfoundation | 1 Cups-filters | 2018-01-03 | 5.8 MEDIUM | N/A |
| The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the host name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707. | |||||
| CVE-2017-8135 | 1 Huawei | 1 Fusionsphere Openstack | 2017-12-27 | 8.3 HIGH | 8.8 HIGH |
| The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands. | |||||
| CVE-2017-12339 | 1 Cisco | 2 Lan Switch Software, Nx-os | 2017-12-16 | 4.6 MEDIUM | 5.7 MEDIUM |
| A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments to the CLI parser. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command. An exploit could allow the attacker to execute arbitrary commands at the user's privilege level. On products that support multiple virtual device contexts (VDCs), this vulnerability could allow the attacker to execute commands at the user's privilege level outside the user's environment. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode, Nexus 9000 Series Switches in standalone NX-OS mode, and Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCve99925, CSCvf15164, CSCvf15167, CSCvf15170, CSCvf15173. | |||||
| CVE-2017-13071 | 1 Qnap | 2 Qts, Video Station | 2017-12-12 | 7.5 HIGH | 9.8 CRITICAL |
| QNAP has already patched this vulnerability. This security concern allows a remote attacker to run arbitrary commands on the QNAP Video Station 5.1.3 (for QTS 4.3.3), 5.2.0 (for QTS 4.3.4), and earlier. | |||||
| CVE-2017-2736 | 1 Huawei | 2 Vcm5010, Vcm5010 Firmware | 2017-12-11 | 6.5 MEDIUM | 7.2 HIGH |
| VCM5010 with software versions earlier before V100R002C50SPC100 has a command injection vulnerability. This is due to insufficient validation of user's input. An authenticated attacker could launch a command injection attack. | |||||
| CVE-2017-2719 | 1 Huawei | 1 Fusionsphere Openstack | 2017-12-08 | 8.3 HIGH | 8.8 HIGH |
| FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 has two command injection vulnerabilities due to the insufficient input validation on one port. An attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands. | |||||
| CVE-2017-8188 | 1 Huawei | 1 Fusionsphere Openstack | 2017-12-08 | 6.5 MEDIUM | 7.2 HIGH |
| FusionSphere OpenStack V100R006C00SPC102(NFV)has a command injection vulnerability. Due to lack of validation, an attacker with high privilege may inject malicious code into some module of the affected products, causing code execution. | |||||
| CVE-2017-8193 | 1 Huawei | 1 Fusionsphere Openstack | 2017-12-08 | 7.7 HIGH | 8.0 HIGH |
| The FusionSphere OpenStack V100R006C00SPC102(NFV) has a command injection vulnerability. Due to the insufficient input validation on one port, an authenticated, local attacker may exploit the vulnerability to gain root privileges by sending message with malicious commands. | |||||
| CVE-2017-8197 | 1 Huawei | 1 Fusionsphere | 2017-12-08 | 9.0 HIGH | 7.2 HIGH |
| FusionSphere V100R006C00SPC102(NFV) has a command injection vulnerability. An authenticated, remote attacker could craft packets with malicious strings and send them to a target device. Successful exploit could allow the attacker to launch a command injection attack and execute system commands. | |||||