Total
1517 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-8630 | 2 Fedoraproject, Mozilla | 2 Fedora, Bugzilla | 2023-12-10 | 6.5 MEDIUM | N/A |
Bugzilla before 4.0.16, 4.1.x and 4.2.x before 4.2.12, 4.3.x and 4.4.x before 4.4.7, and 5.x before 5.0rc1 allows remote authenticated users to execute arbitrary commands by leveraging the editcomponents privilege and triggering crafted input to a two-argument Perl open call, as demonstrated by shell metacharacters in a product name. | |||||
CVE-2013-7418 | 1 Ipcop | 1 Ipcop | 2023-12-10 | 6.5 MEDIUM | N/A |
cgi-bin/iptablesgui.cgi in IPCop (aka IPCop Firewall) before 2.1.5 allows remote authenticated users to execute arbitrary code via shell metacharacters in the TABLE parameter. NOTE: this can be exploited remotely by leveraging a separate cross-site scripting (XSS) vulnerability. | |||||
CVE-2013-4663 | 1 Redmine | 1 Redmine Git Hosting Plugin | 2023-12-10 | 7.5 HIGH | N/A |
git_http_controller.rb in the redmine_git_hosting plugin for Redmine allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the service parameter to info/refs, related to the get_info_refs function or (2) the reqfile argument to the file_exists function. | |||||
CVE-2013-2810 | 1 Emerson | 6 Dl 8000 Remote Terminal Unit, Dl 8000 Remote Terminal Unit Firmware, Roc 800 Remote Terminal Unit and 3 more | 2023-12-10 | 10.0 HIGH | N/A |
Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to execute arbitrary commands via a TCP replay attack. | |||||
CVE-2014-4336 | 1 Linuxfoundation | 1 Cups-filters | 2023-12-10 | 5.8 MEDIUM | N/A |
The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the host name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707. | |||||
CVE-2015-2265 | 2 Canonical, Linuxfoundation | 2 Ubuntu Linux, Cups-filters | 2023-12-10 | 7.5 HIGH | N/A |
The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707. | |||||
CVE-2015-2846 | 1 Bittorrent | 1 Sync | 2023-12-10 | 9.3 HIGH | N/A |
BitTorrent Sync allows remote attackers to execute arbitrary commands via a crafted btsync: link. | |||||
CVE-2015-2208 | 1 Avinu | 1 Phpmoadmin | 2023-12-10 | 7.5 HIGH | N/A |
The saveObject function in moadmin.php in phpMoAdmin 1.1.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the object parameter. | |||||
CVE-2015-2746 | 1 Websense | 2 Triton, V-series Appliances | 2023-12-10 | 6.5 MEDIUM | N/A |
The network diagnostics tool (CommandLineServlet) in the Appliance Manager command line utility (CLU) in Websense TRITON 7.8.3 and V-Series appliances before 7.8.4 Hotfix 02 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the "second" parameter of a command, as demonstrated by the Destination parameter in the ping command. | |||||
CVE-2014-8515 | 1 Bittorrent | 1 Bittorrent | 2023-12-10 | 6.8 MEDIUM | N/A |
The web interface in BitTorrent allows remote attackers to execute arbitrary commands by leveraging knowledge of the pairing values and a crafted request to port 10000. | |||||
CVE-2014-7285 | 1 Symantec | 1 Web Gateway | 2023-12-10 | 6.5 MEDIUM | N/A |
The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP scripts. | |||||
CVE-2014-7208 | 1 Gparted | 1 Gparted | 2023-12-10 | 7.2 HIGH | N/A |
GParted before 0.15.0 allows local users to execute arbitrary commands with root privileges via shell metacharacters in a crafted filesystem label. | |||||
CVE-2015-0225 | 1 Apache | 1 Cassandra | 2023-12-10 | 7.5 HIGH | N/A |
The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request. | |||||
CVE-2012-4086 | 1 Cisco | 1 Unified Computing System | 2023-12-10 | 5.1 MEDIUM | N/A |
A setup script for fabric interconnect devices in Cisco Unified Computing System (UCS) allows remote attackers to execute arbitrary commands via invalid parameters, aka Bug ID CSCtg20790. | |||||
CVE-2010-0136 | 3 Apache, Canonical, Debian | 3 Openoffice, Ubuntu Linux, Debian Linux | 2023-12-10 | 9.3 HIGH | N/A |
OpenOffice.org (OOo) 2.0.4, 2.4.1, and 3.1.1 does not properly enforce Visual Basic for Applications (VBA) macro security settings, which allows remote attackers to run arbitrary macros via a crafted document. | |||||
CVE-2010-2008 | 3 Canonical, Fedoraproject, Oracle | 3 Ubuntu Linux, Fedora, Mysql | 2023-12-10 | 3.5 LOW | N/A |
MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory. | |||||
CVE-2005-2793 | 1 Phpldapadmin Project | 1 Phpldapadmin | 2023-12-10 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to execute arbitrary PHP code via the custom_welcome_page parameter. |