Total
1527 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-6183 | 1 Sophos | 1 Web Appliance | 2023-12-10 | 6.5 MEDIUM | 7.2 HIGH |
In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's configuration utilities for adding (and detecting) Active Directory servers was vulnerable to remote command injection, aka NSWA-1314. | |||||
CVE-2016-9835 | 1 Zikula | 1 Zikula Application Framework | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Directory traversal vulnerability in file "jcss.php" in Zikula 1.3.x before 1.3.11 and 1.4.x before 1.4.4 on Windows allows a remote attacker to launch a PHP object injection by uploading a serialized file. | |||||
CVE-2014-5008 | 3 Debian, Redhat, Snoopy | 3 Debian Linux, Openstack, Snoopy | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Snoopy allows remote attackers to execute arbitrary commands. | |||||
CVE-2017-6048 | 1 Satel-iberia | 3 Sennet Multitask Meter, Sennet Optimal Datalogger, Sennet Solar Datalogger | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
A Command Injection issue was discovered in Satel Iberia SenNet Data Logger and Electricity Meters: SenNet Optimal DataLogger V5.37c-1.43c and prior, SenNet Solar Datalogger V5.03-1.56a and prior, and SenNet Multitask Meter V5.21a-1.18b and prior. Successful exploitation of this vulnerability could result in the attacker breaking out of the jailed shell and gaining full access to the system. | |||||
CVE-2014-9114 | 3 Fedoraproject, Kernel, Opensuse | 3 Fedora, Util-linux, Opensuse | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code. | |||||
CVE-2016-10107 | 1 Western Digital | 1 Mycloud Nas | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 index.php page via a modified Cookie header. | |||||
CVE-2016-10312 | 1 Jensenofscandinavia | 6 Al3g, Al3g Firmware, Al5000ac and 3 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to execute arbitrary commands via shell metacharacters to certain /goform/* pages. | |||||
CVE-2015-4046 | 1 Alienvault | 1 Open Source Security Information Management | 2023-12-10 | 6.5 MEDIUM | 7.2 HIGH |
The asset discovery scanner in AlienVault OSSIM before 5.0.1 allows remote authenticated users to execute arbitrary commands via the assets array parameter to netscan/do_scan.php. | |||||
CVE-2015-8988 | 1 Mcafee | 1 Epo Deep Command | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
Unquoted executable path vulnerability in Client Management and Gateway components in McAfee (now Intel Security) ePO Deep Command (eDC) 2.2 and 2.1 allows authenticated users to execute a command of their choice via dropping a malicious file for the path. | |||||
CVE-2016-10322 | 1 Synology | 1 Photo Station | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
Synology Photo Station before 6.3-2958 allows remote authenticated guest users to execute arbitrary commands via shell metacharacters in the X-Forwarded-For HTTP header to photo/login.php. | |||||
CVE-2016-9684 | 1 Dell | 1 Sonicwall Secure Remote Access Server | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'viewcert' CGI (/cgi-bin/viewcert) component responsible for processing SSL certificate information. The CGI application doesn't properly escape the information it's passed in the 'CERT' variable before a call to system() is performed - allowing for remote command injection. Exploitation of this vulnerability yields shell access to the remote machine under the nobody user account. | |||||
CVE-2016-6609 | 1 Phpmyadmin | 1 Phpmyadmin | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
An issue was discovered in phpMyAdmin. A specially crafted database name could be used to run arbitrary PHP commands through the array export feature. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | |||||
CVE-2016-6656 | 1 Pivotal Software | 1 Greenplum | 2023-12-10 | 6.5 MEDIUM | 7.2 HIGH |
An issue was discovered in Pivotal Greenplum before 4.3.10.0. Creation of external tables using GPHDFS protocol has a vulnerability whereby arbitrary commands can be injected into the system. In order to exploit this vulnerability the user must have superuser 'gpadmin' access to the system or have been granted GPHDFS protocol permissions in order to create a GPHDFS external table. | |||||
CVE-2016-10182 | 1 Dlink | 2 Dwr-932b, Dwr-932b Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered on the D-Link DWR-932B router. qmiweb allows command injection with ` characters. | |||||
CVE-2017-6650 | 1 Cisco | 10 Nexus 5548up, Nexus 5596t, Nexus 5596up and 7 more | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
A vulnerability in the Telnet CLI command of Cisco NX-OS System Software 7.1 through 7.3 running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command arguments into the Telnet CLI command. An exploit could allow the attacker to read or write arbitrary files at the user's privilege level outside of the user's path. Cisco Bug IDs: CSCvb86771. | |||||
CVE-2016-1555 | 1 Netgear | 14 Wn604, Wn604 Firmware, Wn802tv2 and 11 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands. | |||||
CVE-2016-1000156 | 1 Mailcwp Project | 1 Mailcwp | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Mailcwp remote file upload vulnerability incomplete fix v1.100 | |||||
CVE-2016-4929 | 1 Juniper | 1 Junos Space | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
Command injection vulnerability in Junos Space before 15.2R2 allows attackers to execute arbitrary code as a root user. | |||||
CVE-2016-9554 | 1 Sophos | 1 Web Appliance | 2023-12-10 | 9.0 HIGH | 7.2 HIGH |
The Sophos Web Appliance Remote / Secure Web Gateway server (version 4.2.1.3) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. These vulnerabilities occur in MgrDiagnosticTools.php (/controllers/MgrDiagnosticTools.php), in the component responsible for performing diagnostic tests with the UNIX wget utility. The application doesn't properly escape the information passed in the 'url' variable before calling the executeCommand class function ($this->dtObj->executeCommand). This function calls exec() with unsanitized user input allowing for remote command injection. The page that contains the vulnerabilities, /controllers/MgrDiagnosticTools.php, is accessed by a built-in command answered by the administrative interface. The command that calls to that vulnerable page (passed in the 'section' parameter) is: 'configuration'. Exploitation of this vulnerability yields shell access to the remote machine under the 'spiderman' user account. | |||||
CVE-2017-7722 | 1 Solarwinds | 1 Log \& Event Manager | 2023-12-10 | 10.0 HIGH | 10.0 CRITICAL |
In SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with "cmc" and "password" (the default username and password). By exploiting a vulnerability in the restrictssh feature of the menuing script, an attacker can escape from the restricted shell. |