Total
1517 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-2056 | 2 Debian, Xymon | 2 Debian Linux, Xymon | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the adduser_name argument in (1) web/useradm.c or (2) web/chpasswd.c. | |||||
CVE-2015-6613 | 1 Google | 1 Android | 2023-12-10 | 5.1 MEDIUM | N/A |
Bluetooth in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to send commands to a debugging port, and consequently gain privileges, via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24371736. | |||||
CVE-2016-0236 | 1 Ibm | 1 Security Guardium Database Activity Monitor | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote authenticated users to execute arbitrary commands with root privileges via the search field. | |||||
CVE-2015-0857 | 2 Debian, Tardiff Project | 2 Debian Linux, Tardiff | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Cool Projects TarDiff allows remote attackers to execute arbitrary commands via shell metacharacters in the name of a (1) tar file or (2) file within a tar file. | |||||
CVE-2015-1815 | 2 Fedoraproject, Selinux | 2 Fedora, Setroubleshoot | 2023-12-10 | 10.0 HIGH | N/A |
The get_rpm_nvr_by_file_path_temporary function in util.py in setroubleshoot before 3.2.22 allows remote attackers to execute arbitrary commands via shell metacharacters in a file name. | |||||
CVE-2014-7209 | 1 Debian | 1 Mime-support | 2023-12-10 | 7.5 HIGH | N/A |
run-mailcap in the Debian mime-support package before 3.52-1+deb7u1 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename. | |||||
CVE-2014-9622 | 1 Gentoo | 1 Xdg-utils | 2023-12-10 | 6.8 MEDIUM | N/A |
Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open. | |||||
CVE-2015-2051 | 1 Dlink | 2 Dir-645, Dir-645 Firmware | 2023-12-10 | 10.0 HIGH | N/A |
The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface. | |||||
CVE-2014-8990 | 3 Debian, Fedoraproject, Lsyncd Project | 3 Debian Linux, Fedora, Lsyncd | 2023-12-10 | 7.5 HIGH | N/A |
default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a filename. | |||||
CVE-2014-3556 | 1 F5 | 1 Nginx | 2023-12-10 | 6.8 MEDIUM | N/A |
The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. | |||||
CVE-2014-3524 | 2 Apache, Libreoffice | 2 Openoffice, Libreoffice | 2023-12-10 | 9.3 HIGH | N/A |
Apache OpenOffice before 4.1.1 allows remote attackers to execute arbitrary commands and possibly have other unspecified impact via a crafted Calc spreadsheet. | |||||
CVE-2014-9277 | 1 Mediawiki | 1 Mediawiki | 2023-12-10 | 7.5 HIGH | N/A |
The wfMangleFlashPolicy function in OutputHandler.php in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7 allows remote attackers to conduct PHP object injection attacks via a crafted string containing <cross-domain-policy> in a PHP format request, which causes the string length to change when converting the request to <NOT-cross-domain-policy>. | |||||
CVE-2015-0778 | 3 Fedoraproject, Opensuse, Suse | 3 Fedora, Opensuse, Opensuse Osc | 2023-12-10 | 7.5 HIGH | N/A |
osc before 0.151.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a _service file. | |||||
CVE-2013-7416 | 1 Canto | 1 Canto Curses | 2023-12-10 | 7.5 HIGH | N/A |
canto_curses/guibase.py in Canto Curses before 0.9.0 allows remote feed servers to execute arbitrary commands via shell metacharacters in a URL in a feed. | |||||
CVE-2015-0934 | 1 Sharelatex | 1 Sharelatex | 2023-12-10 | 6.5 MEDIUM | N/A |
Common LaTeX Service Interface (CLSI) before 0.1.3, as used in ShareLaTeX before 0.1.3, allows remote authenticated users to execute arbitrary code via ` (backtick) characters in a filename. | |||||
CVE-2014-6260 | 1 Zenoss | 1 Zenoss Core | 2023-12-10 | 6.8 MEDIUM | N/A |
Zenoss Core through 5 Beta 3 does not require a password for modifying the pager command string, which allows remote attackers to execute arbitrary commands or cause a denial of service (paging outage) by leveraging an unattended workstation, aka ZEN-15412. | |||||
CVE-2014-9144 | 1 Technicolor | 1 Td5130 Router Firmware | 2023-12-10 | 7.5 HIGH | N/A |
Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to execute arbitrary commands via shell metacharacters in the ping field (setobject_ip parameter). | |||||
CVE-2014-9682 | 1 Dns-sync Project | 1 Dns-sync | 2023-12-10 | 10.0 HIGH | N/A |
The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function. | |||||
CVE-2014-1905 | 1 Videowhisper | 1 Videowhisper Live Streaming Integration | 2023-12-10 | 10.0 HIGH | N/A |
Unrestricted file upload vulnerability in ls/vw_snapshots.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a double extension, and then accessing the file via a direct request to a wp-content/plugins/videowhisper-live-streaming-integration/ls/snapshots/ pathname, as demonstrated by a .php.jpg filename. | |||||
CVE-2014-8517 | 2 Apple, Netbsd | 2 Mac Os X, Netbsd | 2023-12-10 | 7.5 HIGH | N/A |
The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an HTTP redirect. |