Total
1527 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-2396 | 1 Sonicwall | 4 Analyzer, Global Management System, Uma Em5000 and 1 more | 2023-12-10 | 9.0 HIGH | 9.9 CRITICAL |
The GMS ViewPoint (GMSVP) web application in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote authenticated users to execute arbitrary commands via vectors related to configuration input. | |||||
CVE-2015-2011 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2023-12-10 | 9.0 HIGH | N/A |
The xmlrpc.cgi Webmin script in IBM QRadar SIEM 7.1 MR2 before Patch 11 IF02 and 7.2.x before 7.2.5 Patch 4 allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors. | |||||
CVE-2015-4930 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2023-12-10 | 9.0 HIGH | N/A |
IBM QRadar SIEM 7.1 MR2 before Patch 11 IF02 and 7.2.x before 7.2.5 Patch 4 allows remote authenticated users to execute arbitrary commands with root privileges by leveraging admin access. | |||||
CVE-2015-5003 | 1 Ibm | 1 Tivoli Monitoring | 2023-12-10 | 8.5 HIGH | 8.5 HIGH |
The portal in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 before FP7 allows remote authenticated users to execute arbitrary commands by leveraging Take Action view authority and providing crafted input. | |||||
CVE-2015-5190 | 1 Pacemaker\/corosync Configuration System Project | 1 Pacemaker\/corosync Configuration System | 2023-12-10 | 8.5 HIGH | N/A |
The pcsd web UI in PCS 0.9.139 and earlier allows remote authenticated users to execute arbitrary commands via "escape characters" in a URL. | |||||
CVE-2015-1938 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2023-12-10 | 10.0 HIGH | N/A |
The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2015-1986. | |||||
CVE-2015-1986 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2023-12-10 | 10.0 HIGH | N/A |
The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2015-1938. | |||||
CVE-2015-5474 | 2 Bittorrent, Utorrent | 2 Bittorrent, Utorrent | 2023-12-10 | 9.3 HIGH | N/A |
BitTorrent and uTorrent allow remote attackers to inject command line parameters and execute arbitrary commands via a crafted URL using the (1) bittorrent or (2) magnet protocol. | |||||
CVE-2016-0861 | 1 Ge | 1 Ups Snmp Web Adapter Firmware | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to execute arbitrary commands via unspecified vectors. | |||||
CVE-2015-3408 | 2 Canonical, Module-signature Project | 2 Ubuntu Linux, Module-signature | 2023-12-10 | 10.0 HIGH | N/A |
Module::Signature before 0.74 allows remote attackers to execute arbitrary shell commands via a crafted SIGNATURE file which is not properly handled when generating checksums from a signed manifest. | |||||
CVE-2016-2002 | 1 Hp | 1 Vertica | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
The validateAdminConfig handler in the Analytics Management Console in HPE Vertica 7.0.x before 7.0.2.12, 7.1.x before 7.1.2-12, and 7.2.x before 7.2.2-1 allows remote attackers to execute arbitrary commands via the mcPort parameter, aka ZDI-CAN-3417. | |||||
CVE-2015-5011 | 1 Ibm | 2 Integration Bus, Websphere Message Broker | 2023-12-10 | 3.2 LOW | N/A |
IBM WebSphere Message Broker 8 before 8.0.0.6 and Integration Bus 9 before 9.0.0.4 do not check authorization for MQSISTARTMSGFLOW and MQSISTOPMSGFLOW commands, which allows local users to bypass intended access restrictions, and start or stop a service, by issuing a command. | |||||
CVE-2015-5080 | 1 Citrix | 2 Netscaler Application Delivery Controller Firmware, Netscaler Gateway Firmware | 2023-12-10 | 9.0 HIGH | N/A |
The Management Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before 10.1.132.8, 10.5 before Build 56.15, and 10.5.e before Build 56.1505.e allows remote authenticated users to execute arbitrary shell commands via shell metacharacters in the filter parameter to rapi/ipsec_logs. | |||||
CVE-2015-5274 | 1 Redhat | 1 Openshift | 2023-12-10 | 6.5 MEDIUM | N/A |
rubygem-openshift-origin-console in Red Hat OpenShift 2.2 allows remote authenticated users to execute arbitrary commands via a crafted request to the Broker. | |||||
CVE-2015-5453 | 1 Watchguard | 1 Xcs | 2023-12-10 | 6.5 MEDIUM | N/A |
Watchguard XCS 9.2 and 10.0 before build 150522 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the id parameter to ADMIN/mailqueue.spl. | |||||
CVE-2016-0326 | 1 Ibm | 2 Rational Collaborative Lifecycle Management, Rational Quality Manager | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
IBM Rational Quality Manager (RQM) and Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.x before 4.0.7 iFix11, 5.x before 5.0.2 iFix17, and 6.x before 6.0.1 ifix3 allow remote authenticated users to execute arbitrary OS commands via a crafted "HTML request." | |||||
CVE-2016-2332 | 1 Systech | 2 Syslink Sl-1000 Modular Gateway, Syslink Sl-1000 Modular Gateway Firmware | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
flu.cgi in the web interface on SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 allows remote authenticated users to execute arbitrary commands via the 5066 (aka dnsmasq) parameter. | |||||
CVE-2016-0920 | 1 Emc | 1 Avamar Server | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root access via a crafted parameter to a command that is available in the sudo configuration. | |||||
CVE-2015-8968 | 1 Squareup | 1 Git-fastclone | 2023-12-10 | 9.3 HIGH | 8.8 HIGH |
git-fastclone before 1.0.1 permits arbitrary shell command execution from .gitmodules. If an attacker can instruct a user to run a recursive clone from a repository they control, they can get a client to run an arbitrary shell command. Alternately, if an attacker can MITM an unencrypted git clone, they could exploit this. The ext command will be run if the repository is recursively cloned or if submodules are updated. This attack works when cloning both local and remote repositories. | |||||
CVE-2015-4525 | 1 Emc | 1 Isilon Onefs | 2023-12-10 | 9.0 HIGH | N/A |
The log-gather implementation in the web administration interface in EMC Isilon OneFS 6.5.x.x through 7.1.1.x before 7.1.1.5 and 7.2.0.x before 7.2.0.2 allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors. |