Total
2452 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-3366 | 1 Anl | 1 Bcfg2 | 2017-08-28 | 9.0 HIGH | N/A |
The Trigger plugin in bcfg2 1.2.x before 1.2.3 allows remote attackers with root access to the client to execute arbitrary commands via shell metacharacters in the UUID field to the server process (bcfg2-server). | |||||
CVE-2011-2148 | 1 Smartertools | 1 Smarterstats | 2017-08-28 | 10.0 HIGH | N/A |
Admin/frmSite.aspx in the SmarterTools SmarterStats 6.0 web server allows remote attackers to execute arbitrary commands via vectors involving a leading and trailing & (ampersand) character, and (1) an STTTState cookie, (2) the ctl00%24MPH%24txtAdminNewPassword_SettingText parameter, (3) the ctl00%24MPH%24txtSmarterLogDirectory parameter, (4) the ctl00%24MPH%24ucSiteSeoSearchEngineSettings%24chklistEngines_SettingCheckBox%2414 parameter, (5) the ctl00%24MPH%24ucSiteSeoSettings%24txtSeoMaxKeywords_SettingText parameter, or (6) the ctl00_MPH_grdLogLocations_HiddenLSR parameter, related to an "OS command injection" issue. | |||||
CVE-2017-10811 | 1 Buffalo | 2 Wcr-1166ds, Wcr-1166ds Firmware | 2017-08-25 | 7.7 HIGH | 6.8 MEDIUM |
Buffalo WCR-1166DS devices with firmware 1.30 and earlier allow an attacker to execute arbitrary OS commands via unspecified vectors. | |||||
CVE-2017-6710 | 1 Cisco | 1 Virtual Network Function Element Manager | 2017-08-25 | 8.5 HIGH | 8.1 HIGH |
A vulnerability in the Cisco Virtual Network Function (VNF) Element Manager could allow an authenticated, remote attacker to elevate privileges and run commands in the context of the root user on the server. The vulnerability is due to command settings that allow Cisco VNF Element Manager users to specify arbitrary commands that will run as root on the server. An attacker could use this setting to elevate privileges and run commands in the context of the root user on the server. Cisco Bug IDs: CSCvc76670. Known Affected Releases: prior to 5.0.4 and 5.1.4. | |||||
CVE-2011-1513 | 1 E107 | 1 E107 | 2017-08-16 | 7.5 HIGH | N/A |
Static code injection vulnerability in install_.php in e107 CMS 0.7.24 and probably earlier versions, when the installation script is not removed, allows remote attackers to inject arbitrary PHP code into e107_config.php via a crafted MySQL server name. | |||||
CVE-2011-0381 | 1 Cisco | 1 Telepresence Manager | 2017-08-16 | 10.0 HIGH | N/A |
Cisco TelePresence Manager 1.2.x through 1.6.x allows remote attackers to perform unspecified actions and consequently execute arbitrary code via a crafted request to the Java RMI interface, related to a "command injection vulnerability," aka Bug ID CSCtf97085. | |||||
CVE-2011-0271 | 1 Hp | 1 Openview Network Node Manager | 2017-08-16 | 10.0 HIGH | N/A |
The CGI scripts in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 do not properly validate an unspecified parameter, which allows remote attackers to execute arbitrary commands by using a command string for this parameter's value, related to a "command injection vulnerability." | |||||
CVE-2010-1132 | 1 Georg Greve | 1 Spamassassin Milter Plugin | 2017-08-16 | 9.3 HIGH | N/A |
The mlfi_envrcpt function in spamass-milter.cpp in SpamAssassin Milter Plugin 0.3.1, when using the expand option, allows remote attackers to execute arbitrary system commands via shell metacharacters in the RCPT TO field of an email message. | |||||
CVE-2009-4025 | 1 Pear | 1 Pear | 2017-08-16 | 10.0 HIGH | N/A |
Argument injection vulnerability in the traceroute function in Traceroute.php in the Net_Traceroute package before 0.21.2 for PEAR allows remote attackers to execute arbitrary shell commands via the host parameter. NOTE: some of these details are obtained from third party information. | |||||
CVE-2009-4644 | 1 Accellion | 1 Secure File Transfer Appliance | 2017-08-16 | 9.0 HIGH | N/A |
Accellion Secure File Transfer Appliance before 8_0_105 allows remote authenticated administrators to bypass the restricted shell and execute arbitrary commands via shell metacharacters to the ping command, as demonstrated by modifying the cli program. | |||||
CVE-2009-0854 | 1 Dash | 1 Dash | 2017-08-16 | 6.9 MEDIUM | N/A |
Untrusted search path vulnerability in dash 0.5.4, when used as a login shell, allows local users to execute arbitrary code via a Trojan horse .profile file in the current working directory. | |||||
CVE-2009-0848 | 1 Opensuse | 1 Opensuse | 2017-08-16 | 4.4 MEDIUM | N/A |
Untrusted search path vulnerability in GTK2 in OpenSUSE 11.0 and 11.1 allows local users to execute arbitrary code via a Trojan horse GTK module in an unspecified "relative search path." | |||||
CVE-2008-7158 | 1 Numarasoftware | 1 Footprints | 2017-08-16 | 10.0 HIGH | N/A |
Numara FootPrints 7.5a through 7.5a1 and 8.0 through 8.0a allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) transcriptFile parameter to MRcgi/MRchat.pl or (2) LOADFILE parameter to MRcgi/MRABLoad2.pl. NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-7125 | 1 Ariadne-cms | 1 Ariadne Cms | 2017-08-16 | 9.0 HIGH | N/A |
pphoto in Ariadne before 2.6 allows remote authenticated users with certain privileges to execute arbitrary shell commands via vectors related to PINP programs and the annotate command. NOTE: some of these details are obtained from third party information. | |||||
CVE-2016-1468 | 1 Cisco | 1 Telepresence Video Communication Server | 2017-08-15 | 6.5 MEDIUM | 8.8 HIGH |
The administrative web interface in Cisco TelePresence Video Communication Server Expressway X8.5.2 allows remote authenticated users to execute arbitrary commands via crafted fields, aka Bug ID CSCuv12531. | |||||
CVE-2016-9091 | 1 Bluecoat | 2 Advanced Secure Gateway, Content Analysis System Software | 2017-08-15 | 9.0 HIGH | 7.2 HIGH |
Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content Analysis System (CAS) 1.3 before 1.3.7.4 are susceptible to an OS command injection vulnerability. An authenticated malicious administrator can execute arbitrary OS commands with elevated system privileges. | |||||
CVE-2017-12581 | 1 Electron | 1 Electron | 2017-08-14 | 9.3 HIGH | 8.1 HIGH |
GitHub Electron before 1.6.8 allows remote command execution because of a nodeIntegration bypass vulnerability. This also affects all applications that bundle Electron code equivalent to 1.6.8 or earlier. Bypassing the Same Origin Policy (SOP) is a precondition; however, recent Electron versions do not have strict SOP enforcement. Combining an SOP bypass with a privileged URL internally used by Electron, it was possible to execute native Node.js primitives in order to run OS commands on the user's host. Specifically, a chrome-devtools://devtools/bundled/inspector.html window could be used to eval a Node.js child_process.execFile API call. | |||||
CVE-2017-2281 | 1 Iodata | 2 Wn-ax1167gr, Wn-ax1167gr Firmware | 2017-08-08 | 8.3 HIGH | 8.8 HIGH |
WN-AX1167GR firmware version 3.00 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. | |||||
CVE-2008-4304 | 1 Phpcollab | 1 Phpcollab | 2017-08-07 | 10.0 HIGH | N/A |
general/login.php in phpCollab 2.5 rc3 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified input related to the SSL_CLIENT_CERT environment variable. NOTE: in some environments, SSL_CLIENT_CERT always has a base64-encoded string value, which may impose constraints on injection for typical shells. | |||||
CVE-2008-3076 | 1 Vim | 1 Vim | 2017-08-07 | 9.3 HIGH | N/A |
The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within the (1) mz and (2) mc commands, as demonstrated by the netrw.v2 and netrw.v3 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. |