Total
3286 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-6370 | 1 Cisco | 1 Firepower Extensible Operating System | 2023-12-10 | 7.2 HIGH | N/A |
The Management I/O (MIO) component in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows local users to execute arbitrary OS commands as root via crafted CLI input, aka Bug ID CSCux10578. | |||||
CVE-2016-1142 | 1 Seeds | 1 Acmailer | 2023-12-10 | 9.0 HIGH | 9.1 CRITICAL |
Seeds acmailer before 3.8.21 and 3.9.x before 3.9.15 Beta allows remote authenticated users to execute arbitrary OS commands via unspecified vectors. | |||||
CVE-2015-7698 | 1 Owncloud | 2 Owncloud, Smb | 2023-12-10 | 9.0 HIGH | N/A |
icewind1991 SMB before 1.0.3 allows remote authenticated users to execute arbitrary SMB commands via shell metacharacters in the user argument in the (1) listShares function in Server.php or the (2) connect or (3) read function in Share.php. | |||||
CVE-2015-7310 | 1 Mcafee | 3 Enterprise Security Manager, Enterprise Security Manager\/log Manager, Enterprise Security Manager\/receiver | 2023-12-10 | 6.5 MEDIUM | N/A |
McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), and Enterprise Security Manager/Receiver (ESMREC) before 9.3.2MR18, 9.4.x before 9.4.2MR8, and 9.5.x before 9.5.0MR7 allow remote authenticated users to execute arbitrary OS commands via a crafted filename, which is not properly handled when downloading the file. | |||||
CVE-2016-1320 | 1 Cisco | 1 Prime Collaboration | 2023-12-10 | 6.8 MEDIUM | 6.7 MEDIUM |
The CLI in Cisco Prime Collaboration 9.0 and 11.0 allows local users to execute arbitrary OS commands as root by leveraging administrator privileges, aka Bug ID CSCux69286. | |||||
CVE-2016-4965 | 1 Fortinet | 1 Fortiwan | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users with access to the nslookup functionality to execute arbitrary commands with root privileges via the graph parameter to diagnosis_control.php. | |||||
CVE-2015-2979 | 1 Webservice-dic | 1 Yoyaku | 2023-12-10 | 7.5 HIGH | N/A |
Webservice-DIC yoyaku_v41 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | |||||
CVE-2015-2844 | 1 Goautodial | 1 Goadmin Ce | 2023-12-10 | 10.0 HIGH | N/A |
The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1420434000 allows remote attackers to execute arbitrary commands via the $action portion of the PATH_INFO. | |||||
CVE-2015-4642 | 2 Microsoft, Php | 2 Windows, Php | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
The escapeshellarg function in ext/standard/exec.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 on Windows allows remote attackers to execute arbitrary OS commands via a crafted string to an application that accepts command-line arguments for a call to the PHP system function. | |||||
CVE-2016-1141 | 1 Kddi | 2 Home Spot Cube, Home Spot Cube Firmware | 2023-12-10 | 6.5 MEDIUM | 4.7 MEDIUM |
KDDI HOME SPOT CUBE devices before 2 allow remote authenticated users to execute arbitrary OS commands via unspecified vectors. | |||||
CVE-2014-9727 | 1 Avm | 1 Fritz\!box | 2023-12-10 | 10.0 HIGH | N/A |
AVM Fritz!Box allows remote attackers to execute arbitrary commands via shell metacharacters in the var:lang parameter to cgi-bin/webcm. | |||||
CVE-2015-7901 | 1 Infinite Automation Systems | 1 Mango Automation | 2023-12-10 | 6.5 MEDIUM | N/A |
Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote authenticated users to execute arbitrary OS commands via unspecified vectors. | |||||
CVE-2016-6373 | 1 Cisco | 1 Cloud Services Platform 2100 | 2023-12-10 | 9.0 HIGH | 7.2 HIGH |
The web-based GUI in Cisco Cloud Services Platform (CSP) 2100 2.0 allows remote authenticated administrators to execute arbitrary OS commands as root via crafted platform commands, aka Bug ID CSCva00541. | |||||
CVE-2016-1339 | 1 Cisco | 1 Unified Computing System Platform Emulator | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
Cisco Unified Computing System (UCS) Platform Emulator 2.5(2)TS4, 3.0(2c)A, and 3.0(2c)TS9 allows local users to gain privileges via crafted arguments on a ucspe-copy command line, aka Bug ID CSCux68832. | |||||
CVE-2015-4224 | 1 Cisco | 1 Wireless Lan Controller Software | 2023-12-10 | 7.2 HIGH | N/A |
Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0) allow local users to execute arbitrary OS commands in a privileged context via crafted CLI commands, aka Bug ID CSCuj39474. | |||||
CVE-2015-6298 | 1 Cisco | 1 Web Security Appliance | 2023-12-10 | 9.0 HIGH | N/A |
The admin web interface in Cisco AsyncOS 8.x before 8.0.8-113, 8.1.x and 8.5.x before 8.5.3-051, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance (WSA) devices allows remote authenticated users to obtain root privileges via crafted certificate-generation arguments, aka Bug ID CSCus83445. | |||||
CVE-2016-1000216 | 1 Ruckus | 1 Wireless H500 | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
Ruckus Wireless H500 web management interface authenticated command injection | |||||
CVE-2015-4279 | 1 Cisco | 1 Unified Computing System | 2023-12-10 | 7.2 HIGH | N/A |
The Manager component in Cisco Unified Computing System (UCS) 2.2(3b) on B Blade Server devices allows local users to gain privileges for executing arbitrary CLI commands by leveraging access to the subordinate fabric interconnect, aka Bug ID CSCut32778. | |||||
CVE-2016-6414 | 1 Cisco | 1 Ios | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
iox in Cisco IOS, possibly 15.6 and earlier, and IOS XE, possibly 3.18 and earlier, allows local users to execute arbitrary IOx Linux commands on the guest OS via crafted iox command-line options, aka Bug ID CSCuz59223. | |||||
CVE-2016-4853 | 1 Akabei Soft2 | 1 Happy Wardrobe | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
AKABEi SOFT2 games allow remote attackers to execute arbitrary OS commands via crafted saved data, as demonstrated by Happy Wardrobe. |