Total
3200 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2010-1423 | 1 Oracle | 2 Jdk, Jre | 2023-12-10 | 9.3 HIGH | N/A |
Argument injection vulnerability in the URI handler in (a) Java NPAPI plugin and (b) Java Deployment Toolkit in Java 6 Update 10, 19, and other versions, when running on Windows and possibly on Linux, allows remote attackers to execute arbitrary code via the (1) -J or (2) -XXaltjvm argument to javaws.exe, which is processed by the launch method. NOTE: some of these details are obtained from third party information. | |||||
CVE-2011-0373 | 1 Cisco | 7 Telepresence System 1000, Telepresence System 1100, Telepresence System 1300 Series and 4 more | 2023-12-10 | 9.0 HIGH | N/A |
The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCtb31685. | |||||
CVE-2011-0382 | 1 Cisco | 2 Telepresence Recording Server, Telepresence Recording Server Software | 2023-12-10 | 10.0 HIGH | N/A |
The CGI subsystem on Cisco TelePresence Recording Server devices with software 1.6.x before 1.6.2 allows remote attackers to execute arbitrary commands via a request to TCP port 443, related to a "command injection vulnerability," aka Bug ID CSCtf97221. | |||||
CVE-2010-3757 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2023-12-10 | 10.0 HIGH | N/A |
Format string vulnerability in the _Eventlog function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 allows remote attackers to execute arbitrary code via format string specifiers located after a | (pipe) character in a string. NOTE: this might overlap CVE-2010-3059. | |||||
CVE-2010-3754 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2023-12-10 | 10.0 HIGH | N/A |
The FXCLI_OraBR_Exec_Command function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 uses values of packet fields to determine the content and length of data copied to memory, which allows remote attackers to execute arbitrary code via a crafted packet. NOTE: this might overlap CVE-2010-3059. | |||||
CVE-2011-1904 | 1 Proofpoint | 2 Messaging Security Gateway, Protection Server | 2023-12-10 | 7.5 HIGH | N/A |
An unspecified function in the web interface in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allows remote attackers to execute arbitrary commands via unknown vectors, related to a "command injection" issue. | |||||
CVE-2011-4502 | 4 Canyon-tech, Edimax, Sitecom and 1 more | 12 Cn-wf512, Cn-wf512 Router Firmware, Cn-wf514 and 9 more | 2023-12-10 | 10.0 HIGH | N/A |
The UPnP IGD implementation in Edimax EdiLinux on the Edimax BR-6104K with firmware before 3.25, Edimax 6114Wg, Canyon-Tech CN-WF512 with firmware 1.83, Canyon-Tech CN-WF514 with firmware 2.08, Sitecom WL-153 with firmware before 1.39, and Sweex LB000021 with firmware 3.15 allows remote attackers to execute arbitrary commands via shell metacharacters. | |||||
CVE-2010-3039 | 1 Cisco | 1 Unified Communications Manager | 2023-12-10 | 6.8 MEDIUM | N/A |
/usr/local/cm/bin/pktCap_protectData in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6, 7, and 8 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in a request to the administrative interface, aka Bug IDs CSCti52041 and CSCti74930. | |||||
CVE-2010-3752 | 1 Xelerance | 1 Openswan | 2023-12-10 | 6.5 MEDIUM | N/A |
programs/pluto/xauth.c in the client in Openswan 2.6.25 through 2.6.28 allows remote authenticated gateways to execute arbitrary commands via shell metacharacters in (1) cisco_dns_info or (2) cisco_domain_info data in a packet, a different vulnerability than CVE-2010-3302. | |||||
CVE-2010-0418 | 1 Chumby | 2 Chumby Classic, Chumby One | 2023-12-10 | 10.0 HIGH | N/A |
The web interface in chumby one before 1.0.4 and chumby classic before 1.7.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a request. | |||||
CVE-2009-4498 | 1 Zabbix | 1 Zabbix | 2023-12-10 | 6.8 MEDIUM | N/A |
The node_process_command function in Zabbix Server before 1.8 allows remote attackers to execute arbitrary commands via a crafted request. | |||||
CVE-2010-1132 | 1 Georg Greve | 1 Spamassassin Milter Plugin | 2023-12-10 | 9.3 HIGH | N/A |
The mlfi_envrcpt function in spamass-milter.cpp in SpamAssassin Milter Plugin 0.3.1, when using the expand option, allows remote attackers to execute arbitrary system commands via shell metacharacters in the RCPT TO field of an email message. | |||||
CVE-2011-0374 | 1 Cisco | 7 Telepresence System 1000, Telepresence System 1100, Telepresence System 1300 Series and 4 more | 2023-12-10 | 9.0 HIGH | N/A |
The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCtb31659. | |||||
CVE-2010-4278 | 1 Artica | 1 Pandora Fms | 2023-12-10 | 9.0 HIGH | N/A |
operation/agentes/networkmap.php in Pandora FMS before 3.1.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the layout parameter in an operation/agentes/networkmap action to index.php. | |||||
CVE-2011-0456 | 1 Otrs | 1 Otrs | 2023-12-10 | 7.5 HIGH | N/A |
webscript.pl in Open Ticket Request System (OTRS) 2.3.4 and earlier allows remote attackers to execute arbitrary commands via unspecified vectors, related to a "command injection vulnerability." | |||||
CVE-2011-1513 | 1 E107 | 1 E107 | 2023-12-10 | 7.5 HIGH | N/A |
Static code injection vulnerability in install_.php in e107 CMS 0.7.24 and probably earlier versions, when the installation script is not removed, allows remote attackers to inject arbitrary PHP code into e107_config.php via a crafted MySQL server name. | |||||
CVE-2011-0378 | 1 Cisco | 7 Telepresence System 1000, Telepresence System 1100, Telepresence System 1300 Series and 4 more | 2023-12-10 | 8.3 HIGH | N/A |
The XML-RPC implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote attackers to execute arbitrary commands via a TCP request, related to a "command injection vulnerability," aka Bug ID CSCtb52587. | |||||
CVE-2009-4644 | 1 Accellion | 1 Secure File Transfer Appliance | 2023-12-10 | 9.0 HIGH | N/A |
Accellion Secure File Transfer Appliance before 8_0_105 allows remote authenticated administrators to bypass the restricted shell and execute arbitrary commands via shell metacharacters to the ping command, as demonstrated by modifying the cli program. | |||||
CVE-2011-0381 | 1 Cisco | 1 Telepresence Manager | 2023-12-10 | 10.0 HIGH | N/A |
Cisco TelePresence Manager 1.2.x through 1.6.x allows remote attackers to perform unspecified actions and consequently execute arbitrary code via a crafted request to the Java RMI interface, related to a "command injection vulnerability," aka Bug ID CSCtf97085. | |||||
CVE-2010-1885 | 1 Microsoft | 3 Windows 2003 Server, Windows Server 2003, Windows Xp | 2023-12-10 | 9.3 HIGH | N/A |
The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka "Help Center URL Validation Vulnerability." |