Total
1397 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-3716 | 1 Apple | 1 Mac Os X | 2017-09-21 | 4.4 MEDIUM | N/A |
| Spotlight in Apple OS X before 10.10.4 allows attackers to execute arbitrary commands via a crafted name of a photo file within the local photo library. | |||||
| CVE-2015-3678 | 1 Apple | 1 Mac Os X | 2017-09-21 | 7.2 HIGH | N/A |
| AppleThunderboltEDMService in Apple OS X before 10.10.4 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified Thunderbolt commands. | |||||
| CVE-2017-1352 | 1 Ibm | 1 Maximo Asset Management | 2017-09-21 | 6.0 MEDIUM | 5.5 MEDIUM |
| IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to inject commands into work orders that could be executed by another user that downloads the affected file. IBM X-Force ID: 126538. | |||||
| CVE-2016-0861 | 1 Ge | 1 Ups Snmp Web Adapter Firmware | 2017-09-09 | 9.0 HIGH | 8.8 HIGH |
| General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2013-7416 | 1 Canto | 1 Canto Curses | 2017-09-07 | 7.5 HIGH | N/A |
| canto_curses/guibase.py in Canto Curses before 0.9.0 allows remote feed servers to execute arbitrary commands via shell metacharacters in a URL in a feed. | |||||
| CVE-2014-7209 | 1 Debian | 1 Mime-support | 2017-09-07 | 7.5 HIGH | N/A |
| run-mailcap in the Debian mime-support package before 3.52-1+deb7u1 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename. | |||||
| CVE-2014-5009 | 3 Nagios, Redhat, Snoopy | 3 Nagios, Openstack, Snoopy | 2017-08-28 | 7.5 HIGH | 9.8 CRITICAL |
| Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008. | |||||
| CVE-2013-2810 | 1 Emerson | 6 Dl 8000 Remote Terminal Unit, Dl 8000 Remote Terminal Unit Firmware, Roc 800 Remote Terminal Unit and 3 more | 2017-08-28 | 10.0 HIGH | N/A |
| Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to execute arbitrary commands via a TCP replay attack. | |||||
| CVE-2012-4086 | 1 Cisco | 1 Unified Computing System | 2017-08-28 | 5.1 MEDIUM | N/A |
| A setup script for fabric interconnect devices in Cisco Unified Computing System (UCS) allows remote attackers to execute arbitrary commands via invalid parameters, aka Bug ID CSCtg20790. | |||||
| CVE-2017-12756 | 1 Extplorer | 1 Extplorer | 2017-08-20 | 6.5 MEDIUM | 7.2 HIGH |
| Command inject in transfer from another server in extplorer 2.1.9 and prior allows attacker to inject command via the userfile[0] parameter. | |||||
| CVE-2014-8903 | 1 Ibm | 1 Curam Social Program Management | 2017-08-14 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5iFix10 and 6.0.5 before 6.0.5.6 allows remote authenticated users to load arbitrary Java classes via unspecified vectors. | |||||
| CVE-2017-11391 | 1 Trendmicro | 1 Interscan Messaging Security Virtual Appliance | 2017-08-07 | 6.5 MEDIUM | 8.8 HIGH |
| Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the "t" parameter within modTMCSS Proxy. Formerly ZDI-CAN-4744. | |||||
| CVE-2017-11392 | 1 Trendmicro | 1 Interscan Messaging Security Virtual Appliance | 2017-08-04 | 6.5 MEDIUM | 8.8 HIGH |
| Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the "T" parameter within modTMCSS Proxy. Formerly ZDI-CAN-4745. | |||||
| CVE-2016-0920 | 1 Emc | 1 Avamar Server | 2017-07-29 | 7.2 HIGH | 7.8 HIGH |
| Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root access via a crafted parameter to a command that is available in the sudo configuration. | |||||
| CVE-2016-7399 | 1 Veritas | 2 Netbackup Appliance, Netbackup Appliance Firmware | 2017-07-26 | 10.0 HIGH | 9.8 CRITICAL |
| scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, 2.7.x through 2.7.3, and 3.0.x allow remote attackers to execute arbitrary commands via shell metacharacters in the hostName parameter to appliancews/getLicense. | |||||
| CVE-2016-9873 | 1 Emc | 1 Documentum D2 | 2017-07-24 | 6.5 MEDIUM | 6.3 MEDIUM |
| EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has a DQL Injection Vulnerability that could potentially be exploited by malicious users to compromise the affected system. An authenticated low-privileged attacker could potentially exploit this vulnerability to access information, modify data or disrupt services by causing execution of arbitrary DQL commands on the application. | |||||
| CVE-2017-9980 | 1 Greenpacket | 2 Dx-350, Dx-350 Firmware | 2017-07-24 | 7.5 HIGH | 9.8 CRITICAL |
| In Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, the "PING" (aka tag_ipPing) feature within the web interface allows performing command injection, via the "pip" parameter. | |||||
| CVE-2017-4054 | 1 Mcafee | 1 Advanced Threat Defense | 2017-07-17 | 6.5 MEDIUM | 8.8 HIGH |
| Command Injection vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote authenticated users to execute a command of their choice via a crafted HTTP request parameter. | |||||
| CVE-2017-4918 | 1 Vmware | 1 Horizon View | 2017-07-07 | 10.0 HIGH | 9.8 CRITICAL |
| VMware Horizon View Client (2.x, 3.x and 4.x prior to 4.5.0) contains a command injection vulnerability in the service startup script. Successful exploitation of this issue may allow unprivileged users to escalate their privileges to root on the Mac OSX system where the client is installed. | |||||
| CVE-2014-9622 | 1 Gentoo | 1 Xdg-utils | 2017-06-30 | 6.8 MEDIUM | N/A |
| Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open. | |||||