Total
2452 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-2578 | 1 Tp-link | 5 Lm Firmware, Tl-sc3130, Tl-sc3130g and 2 more | 2013-10-15 | 10.0 HIGH | N/A |
| cgi-bin/admin/servetest in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the ServerName parameter and (2) other unspecified parameters. | |||||
| CVE-2013-4983 | 1 Sophos | 2 Web Appliance, Web Appliance Firmware | 2013-10-09 | 10.0 HIGH | N/A |
| The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to end-user/index.php. | |||||
| CVE-2013-4781 | 1 Siemens | 2 Enterprise Openscape Branch, Openscape Session Border Controller | 2013-08-21 | 10.0 HIGH | N/A |
| core/getLog.php on the Siemens Enterprise OpenScape Branch appliance and OpenScape Session Border Controller (SBC) before 2 R0.32.0, and 7 before 7 R1.7.0, allows remote attackers to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2013-3578 | 1 Wave | 2 Embassy Remote Administration Server, Embassy Remote Administration Server Help Desk | 2013-07-15 | 9.0 HIGH | N/A |
| SQL injection vulnerability in the Help Desk application in Wave EMBASSY Remote Administration Server (ERAS) allows remote authenticated users to execute arbitrary SQL commands via the ct100$4MainController$TextBoxSearchValue parameter (aka the search field), leading to execution of operating-system commands. | |||||
| CVE-2013-1947 | 2 Kelly D. Redding, Ruby-lang | 2 Kelredd-pruview, Ruby | 2013-04-30 | 9.3 HIGH | N/A |
| kelredd-pruview gem 0.3.8 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument to (1) document.rb, (2) video.rb, or (3) video_image.rb. | |||||
| CVE-2012-4177 | 1 Ubi | 1 Uplay Pc | 2013-04-01 | 10.0 HIGH | N/A |
| The web browser plugin for Ubisoft Uplay PC before 2.0.4 allows remote attackers to execute arbitrary programs via the -orbit_exe_path command line argument. | |||||
| CVE-2012-3001 | 1 Mutiny | 1 Standard | 2013-03-01 | 8.5 HIGH | N/A |
| Mutiny Standard before 4.5-1.12 allows remote attackers to execute arbitrary commands via the network-interface menu, related to a "command injection vulnerability." | |||||
| CVE-2013-0804 | 1 Novell | 1 Groupwise | 2013-02-24 | 10.0 HIGH | N/A |
| The client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference) via unspecified vectors. | |||||
| CVE-2011-4502 | 4 Canyon-tech, Edimax, Sitecom and 1 more | 12 Cn-wf512, Cn-wf512 Router Firmware, Cn-wf514 and 9 more | 2013-01-23 | 10.0 HIGH | N/A |
| The UPnP IGD implementation in Edimax EdiLinux on the Edimax BR-6104K with firmware before 3.25, Edimax 6114Wg, Canyon-Tech CN-WF512 with firmware 1.83, Canyon-Tech CN-WF514 with firmware 2.08, Sitecom WL-153 with firmware before 1.39, and Sweex LB000021 with firmware 3.15 allows remote attackers to execute arbitrary commands via shell metacharacters. | |||||
| CVE-2012-4011 | 1 Cybozu | 1 Kunai | 2012-09-16 | 9.3 HIGH | N/A |
| The Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site. | |||||
| CVE-2012-4361 | 1 Hp | 2 San\/iq, Virtual San Appliance | 2012-08-20 | 7.7 HIGH | N/A |
| lhn/public/network/ping in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance allows remote authenticated users to execute arbitrary commands via shell metacharacters in the second parameter. | |||||
| CVE-2012-2986 | 1 Hp | 2 San\/iq, Virtual San Appliance | 2012-08-20 | 7.7 HIGH | N/A |
| lhn/public/network/ping in HP SAN/iQ 9.5 on the HP Virtual SAN Appliance allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) first, (2) third, or (3) fourth parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4361. | |||||
| CVE-2012-2516 | 1 Ge | 5 Intelligent Platforms Proficy Batch Execution, Intelligent Platforms Proficy Historian, Intelligent Platforms Proficy Hmi\/scada Ifix and 2 more | 2012-07-16 | 9.3 HIGH | N/A |
| An ActiveX control in KeyHelp.ocx in KeyWorks KeyHelp Module (aka the HTML Help component), as used in GE Intelligent Platforms Proficy Historian 3.1, 3.5, 4.0, and 4.5; Proficy HMI/SCADA iFIX 5.0 and 5.1; Proficy Pulse 1.0; Proficy Batch Execution 5.6; SI7 I/O Driver 7.20 through 7.42; and other products, allows remote attackers to execute arbitrary commands via crafted input, related to a "command injection vulnerability." | |||||
| CVE-2012-2607 | 1 Johnsoncontrols | 2 Network Controller, Network Controller Firmware | 2012-07-16 | 7.5 HIGH | N/A |
| The Johnson Controls CK721-A controller with firmware before SSM4388_03.1.0.14_BB allows remote attackers to perform arbitrary actions via crafted packets to TCP port 41014 (aka the download port). | |||||
| CVE-2012-3076 | 1 Cisco | 1 Telepresence Recording Server | 2012-07-12 | 9.0 HIGH | N/A |
| The administrative web interface on Cisco TelePresence Recording Server before 1.8.0 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Bug ID CSCth85804. | |||||
| CVE-2012-3075 | 1 Cisco | 11 Telepresence System 1300 65, Telepresence System 3000, Telepresence System 3010 and 8 more | 2012-07-12 | 9.0 HIGH | N/A |
| The administrative web interface on Cisco TelePresence Immersive Endpoint Devices before 1.7.4 allows remote authenticated users to execute arbitrary commands via a malformed request on TCP port 443, aka Bug ID CSCtn99724. | |||||
| CVE-2011-4002 | 1 Mawashimono | 1 Nikki | 2011-12-13 | 7.5 HIGH | N/A |
| HP no Mawashimono Nikki 6.6 and earlier allows remote attackers to execute arbitrary commands via unspecified vectors, related to a "command injection vulnerability." | |||||
| CVE-2011-0456 | 1 Otrs | 1 Otrs | 2011-08-25 | 7.5 HIGH | N/A |
| webscript.pl in Open Ticket Request System (OTRS) 2.3.4 and earlier allows remote attackers to execute arbitrary commands via unspecified vectors, related to a "command injection vulnerability." | |||||
| CVE-2011-1904 | 1 Proofpoint | 2 Messaging Security Gateway, Protection Server | 2011-05-30 | 7.5 HIGH | N/A |
| An unspecified function in the web interface in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allows remote attackers to execute arbitrary commands via unknown vectors, related to a "command injection" issue. | |||||
| CVE-2011-0382 | 1 Cisco | 2 Telepresence Recording Server, Telepresence Recording Server Software | 2011-04-08 | 10.0 HIGH | N/A |
| The CGI subsystem on Cisco TelePresence Recording Server devices with software 1.6.x before 1.6.2 allows remote attackers to execute arbitrary commands via a request to TCP port 443, related to a "command injection vulnerability," aka Bug ID CSCtf97221. | |||||