Total
2452 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-11318 | 1 Cobiansoft | 1 Cobian Backup | 2017-08-07 | 6.8 MEDIUM | 8.1 HIGH |
Cobian Backup 11 client allows man-in-the-middle attackers to add and execute new backup tasks when the master server is spoofed. In addition, the attacker can execute system commands remotely by abusing pre-backup events. | |||||
CVE-2016-7844 | 1 Gigaccsecure | 1 Gigacc Office | 2017-08-03 | 6.0 MEDIUM | 5.5 MEDIUM |
GigaCC OFFICE ver.2.3 and earlier allows remote attackers to execute arbitrary OS commands via specially crafted mail template. | |||||
CVE-2016-6414 | 1 Cisco | 1 Ios | 2017-07-29 | 7.2 HIGH | 7.8 HIGH |
iox in Cisco IOS, possibly 15.6 and earlier, and IOS XE, possibly 3.18 and earlier, allows local users to execute arbitrary IOx Linux commands on the guest OS via crafted iox command-line options, aka Bug ID CSCuz59223. | |||||
CVE-2016-6373 | 1 Cisco | 1 Cloud Services Platform 2100 | 2017-07-29 | 9.0 HIGH | 7.2 HIGH |
The web-based GUI in Cisco Cloud Services Platform (CSP) 2100 2.0 allows remote authenticated administrators to execute arbitrary OS commands as root via crafted platform commands, aka Bug ID CSCva00541. | |||||
CVE-2016-1482 | 1 Cisco | 1 Webex Meetings Server | 2017-07-29 | 9.3 HIGH | 8.1 HIGH |
Cisco WebEx Meetings Server 2.6 allows remote attackers to execute arbitrary commands by injecting these commands into an application script, aka Bug ID CSCuy83130. | |||||
CVE-2016-6459 | 1 Cisco | 1 Telepresence Tc Software | 2017-07-28 | 4.9 MEDIUM | 5.5 MEDIUM |
Cisco TelePresence endpoints running either CE or TC software contain a vulnerability that could allow an authenticated, local attacker to execute a local shell command injection. More Information: CSCvb25010. Known Affected Releases: 8.1.x. Known Fixed Releases: 6.3.4 7.3.7 8.2.2 8.3.0. | |||||
CVE-2007-4673 | 1 Apple | 1 Quicktime | 2017-07-28 | 9.3 HIGH | N/A |
Argument injection vulnerability in Apple QuickTime 7.2 for Windows XP SP2 and Vista allows remote attackers to execute arbitrary commands via a URL in the qtnext field in a crafted QTL file. NOTE: this issue may be related to CVE-2006-4965 or CVE-2007-5045. | |||||
CVE-2004-2732 | 1 Netbilling | 1 Netbilling | 2017-07-28 | 4.3 MEDIUM | N/A |
nbmember.cgi in Netbilling 2.0 allows remote attackers to obtain sensitive information via the cmd=test option, which can be leveraged to determine the access key. | |||||
CVE-2006-6427 | 1 Xerox | 1 Workcentre | 2017-07-28 | 7.5 HIGH | N/A |
The Web User Interface in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows remote attackers to execute arbitrary commands via unspecified vectors involving "command injection" in (1) the TCP/IP hostname, (2) Scan-to-mailbox folder names, and (3) certain parameters in the Microsoft Networking configuration. NOTE: vector 1 might be the same as CVE-2006-5290. | |||||
CVE-2017-1318 | 1 Ibm | 1 Mq Appliance | 2017-07-28 | 9.0 HIGH | 8.8 HIGH |
IBM MQ Appliance 8.0 and 9.0 could allow an authenticated messaging administrator to execute arbitrary commands on the system, caused by command execution. IBM X-Force ID: 125730. | |||||
CVE-2017-2275 | 1 Sony | 2 Wg-c10, Wg-c10 Firmware | 2017-07-26 | 9.0 HIGH | 7.2 HIGH |
WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. | |||||
CVE-2017-3796 | 1 Cisco | 1 Webex Meetings Server | 2017-07-25 | 6.5 MEDIUM | 7.2 HIGH |
A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute predetermined shell commands on other hosts. More Information: CSCuz03353. Known Affected Releases: 2.6. | |||||
CVE-2017-1253 | 1 Ibm | 1 Security Guardium | 2017-07-17 | 6.5 MEDIUM | 9.9 CRITICAL |
IBM Security Guardium 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 124633. | |||||
CVE-2017-2185 | 1 Kddi | 2 Home Spot Cube 2, Home Spot Cube 2 Firmware | 2017-07-14 | 5.2 MEDIUM | 8.8 HIGH |
HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via WebUI. | |||||
CVE-2017-2183 | 1 Kddi | 2 Home Spot Cube 2, Home Spot Cube 2 Firmware | 2017-07-14 | 5.2 MEDIUM | 8.0 HIGH |
HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via Clock Settings. | |||||
CVE-2017-2237 | 1 Toshiba | 4 Hem-gw16a, Hem-gw16a Firmware, Hem-gw26a and 1 more | 2017-07-14 | 10.0 HIGH | 9.8 CRITICAL |
Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. | |||||
CVE-2017-7175 | 1 Nfsen | 1 Nfsen | 2017-07-13 | 9.0 HIGH | 9.9 CRITICAL |
NfSen before 1.3.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the customfmt parameter (aka the "Custom output format" field). | |||||
CVE-2017-6597 | 1 Cisco | 2 Firepower Extensible Operating System, Unified Computing System | 2017-07-11 | 7.2 HIGH | 7.8 HIGH |
A vulnerability in the local-mgmt CLI command of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb61394 CSCvb86816. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1658) 2.0(1.115). | |||||
CVE-2017-6606 | 1 Cisco | 1 Ios Xe | 2017-07-11 | 6.9 MEDIUM | 6.4 MEDIUM |
A vulnerability in a startup script of Cisco IOS XE Software could allow an unauthenticated attacker with physical access to the targeted system to execute arbitrary commands on the underlying operating system with the privileges of the root user. More Information: CSCuz06639 CSCuz42122. Known Affected Releases: 15.6(1.1)S 16.1.2 16.2.0 15.2(1)E. Known Fixed Releases: Denali-16.1.3 16.2(1.8) 16.1(2.61) 15.6(2)SP 15.6(2)S1 15.6(1)S2 15.5(3)S3a 15.5(3)S3 15.5(2)S4 15.5(1)S4 15.4(3)S6a 15.4(3)S6 15.3(3)S8a 15.3(3)S8 15.2(5)E 15.2(4)E3 15.2(3)E5 15.0(2)SQD3 15.0(1.9.2)SQD3 3.9(0)E. | |||||
CVE-2002-1660 | 1 Jelsoft | 1 Vbulletin | 2017-07-10 | 7.5 HIGH | N/A |
calendar.php in vBulletin before 2.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the command parameter. |