Total
1527 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-7313 | 3 Nagios, Redhat, Snoopy | 3 Nagios, Openstack, Snoopy | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796. | |||||
| CVE-2017-2324 | 1 Juniper | 1 Northstar Controller | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| A command injection vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to cause a denial of service condition. | |||||
| CVE-2017-5675 | 1 Embedthis | 1 Goahead | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
| A command-injection vulnerability exists in a web application on a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models. The mail-sending form in the mail.htm page allows an attacker to inject a command into the receiver1 field in the form; it will be executed with root privileges. | |||||
| CVE-2016-10329 | 1 Synology | 1 Photo Station | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Command injection vulnerability in login.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to execute arbitrary code via shell metacharacters in the crafted 'X-Forwarded-For' header. | |||||
| CVE-2015-6024 | 1 Netcommwireless | 2 Hspa 3g10wve, Hspa 3g10wve Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the DIA_IPADDRESS parameter. | |||||
| CVE-2017-7689 | 1 Schneider-electric | 2 Homelynk Controller Lss100100, Homelynk Controller Lss100100 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| A Command Injection vulnerability in Schneider Electric homeLYnk Controller exists in all versions before 1.5.0. | |||||
| CVE-2016-4445 | 2 Redhat, Setroubleshoot Project | 5 Enterprise Linux Desktop, Enterprise Linux Hpc Node, Enterprise Linux Server and 2 more | 2023-12-10 | 6.9 MEDIUM | 7.0 HIGH |
| The fix_lookup_id function in sealert in setroubleshoot before 3.2.23 allows local users to execute arbitrary commands as root by triggering an SELinux denial with a crafted file name, related to executing external commands with the commands.getstatusoutput function. | |||||
| CVE-2016-9682 | 1 Dell | 1 Sonicwall Secure Remote Access Server | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to two Remote Command Injection vulnerabilities in its web administrative interface. These vulnerabilities occur in the diagnostics CGI (/cgi-bin/diagnostics) component responsible for emailing out information about the state of the system. The application doesn't properly escape the information passed in the 'tsrDeleteRestartedFile' or 'currentTSREmailTo' variables before making a call to system(), allowing for remote command injection. Exploitation of this vulnerability yields shell access to the remote machine under the nobody user account. | |||||
| CVE-2016-5065 | 1 Sierrawireless | 2 Aleos Firmware, Gx 440 | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Embedded_Ace_Set_Task.cgi command injection. | |||||
| CVE-2015-6547 | 1 Symantec | 1 Web Gateway | 2023-12-10 | 8.3 HIGH | N/A |
| The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary commands at boot time via unspecified vectors. | |||||
| CVE-2015-4974 | 1 Ibm | 2 General Parallel File System, Spectrum Scale | 2023-12-10 | 7.2 HIGH | N/A |
| IBM General Parallel File System (GPFS) 3.5.x before 3.5.0.27 and 4.1.x before 4.1.1.2 and Spectrum Scale 4.1.1.x before 4.1.1.2 allow local users to obtain root privileges for command execution via unspecified vectors. | |||||
| CVE-2015-5082 | 1 Endian Firewall | 1 Endian Firewall | 2023-12-10 | 10.0 HIGH | N/A |
| Endian Firewall before 3.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) NEW_PASSWORD_1 or (2) NEW_PASSWORD_2 parameter to cgi-bin/chpasswd.cgi. | |||||
| CVE-2016-4822 | 1 Corega | 2 Cg-wlbargnl, Cg-wlbargnl Firmware | 2023-12-10 | 5.2 MEDIUM | 8.0 HIGH |
| Corega CG-WLBARGL devices allow remote authenticated users to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2016-3081 | 2 Apache, Oracle | 2 Struts, Siebel E-billing | 2023-12-10 | 9.3 HIGH | 8.1 HIGH |
| Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to chained expressions. | |||||
| CVE-2015-1949 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2023-12-10 | 10.0 HIGH | N/A |
| The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to execute arbitrary commands with SYSTEM privileges via unspecified vectors. | |||||
| CVE-2015-7839 | 1 Solarwinds | 1 Log And Event Manager | 2023-12-10 | 7.5 HIGH | N/A |
| SolarWinds Log and Event Manager (LEM) allows remote attackers to execute arbitrary commands on managed computers via a request to services/messagebroker/nonsecurestreamingamf involving the traceroute functionality. | |||||
| CVE-2015-7541 | 1 Colorscore Project | 1 Colorscore | 2023-12-10 | 10.0 HIGH | 10.0 CRITICAL |
| The initialize method in the Histogram class in lib/colorscore/histogram.rb in the colorscore gem before 0.0.5 for Ruby allows context-dependent attackers to execute arbitrary code via shell metacharacters in the (1) image_path, (2) colors, or (3) depth variable. | |||||
| CVE-2015-1561 | 1 Centreon | 1 Centreon | 2023-12-10 | 6.5 MEDIUM | N/A |
| The escape_command function in include/Administration/corePerformance/getStats.php in Centreon (formerly Merethis Centreon) 2.5.4 and earlier (fixed in Centreon 19.10.0) uses an incorrect regular expression, which allows remote authenticated users to execute arbitrary commands via shell metacharacters in the ns_id parameter. | |||||
| CVE-2016-0328 | 1 Ibm | 1 Security Guardium Database Activity Monitor | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
| IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows local users to obtain administrator privileges for command execution via unspecified vectors. | |||||
| CVE-2015-5349 | 1 Apache | 2 Directory Studio, Ldap Studio | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
| The CSV export in Apache LDAP Studio and Apache Directory Studio before 2.0.0-M10 does not properly escape field values, which might allow attackers to execute arbitrary commands by leveraging a crafted LDAP entry that is interpreted as a formula when imported into a spreadsheet. | |||||