Total
3272 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-2953 | 1 Symantec | 1 Web Gateway | 2023-12-10 | 10.0 HIGH | N/A |
The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary commands via crafted input to application scripts. | |||||
CVE-2012-3075 | 1 Cisco | 11 Telepresence System 1300 65, Telepresence System 3000, Telepresence System 3010 and 8 more | 2023-12-10 | 9.0 HIGH | N/A |
The administrative web interface on Cisco TelePresence Immersive Endpoint Devices before 1.7.4 allows remote authenticated users to execute arbitrary commands via a malformed request on TCP port 443, aka Bug ID CSCtn99724. | |||||
CVE-2012-6600 | 1 Paloaltonetworks | 1 Pan-os | 2023-12-10 | 9.0 HIGH | N/A |
The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1.x before 4.1.2 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 34502. | |||||
CVE-2012-6601 | 1 Paloaltonetworks | 1 Pan-os | 2023-12-10 | 10.0 HIGH | N/A |
The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.12, 4.0.x before 4.0.10, and 4.1.x before 4.1.4 allows remote attackers to execute arbitrary code via unspecified vectors, aka Ref ID 36983. | |||||
CVE-2013-5946 | 1 Dlink | 16 Dsr-1000, Dsr-1000 Firmware, Dsr-1000n and 13 more | 2023-12-10 | 10.0 HIGH | N/A |
The runShellCmd function in systemCheck.htm in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) "Ping or Trace an IP Address" or (2) "Perform a DNS Lookup" section. | |||||
CVE-2013-3576 | 1 Hp | 1 System Management Homepage | 2023-12-10 | 9.0 HIGH | N/A |
ginkgosnmp.inc in HP System Management Homepage (SMH) allows remote authenticated users to execute arbitrary commands via shell metacharacters in the PATH_INFO to smhutil/snmpchp.php.en. | |||||
CVE-2013-4983 | 1 Sophos | 2 Web Appliance, Web Appliance Firmware | 2023-12-10 | 10.0 HIGH | N/A |
The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to end-user/index.php. | |||||
CVE-2012-3076 | 1 Cisco | 1 Telepresence Recording Server | 2023-12-10 | 9.0 HIGH | N/A |
The administrative web interface on Cisco TelePresence Recording Server before 1.8.0 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Bug ID CSCth85804. | |||||
CVE-2013-3444 | 1 Cisco | 8 Application And Content Networking System Software, Enterprise Content Delivery Network Software, Internet Streamer Content Delivery System and 5 more | 2023-12-10 | 9.0 HIGH | N/A |
The web framework in Cisco WAAS Software before 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and 5.2.x before 5.2.1; Cisco ACNS Software 4.x and 5.x before 5.5.29.2; Cisco ECDS Software 2.x before 2.5.6; Cisco CDS-IS Software 2.x before 2.6.3.b50 and 3.1.x before 3.1.2b54; Cisco VDS-IS Software 3.2.x before 3.2.1.b9; Cisco VDS-SB Software 1.x before 1.1.0-b96; Cisco VDS-OE Software 1.x before 1.0.1; and Cisco VDS-OS Software 1.x in central-management mode allows remote authenticated users to execute arbitrary commands by appending crafted strings to values in GUI fields, aka Bug IDs CSCug40609, CSCug48855, CSCug48921, CSCug48872, CSCuh21103, CSCuh21020, and CSCug56790. | |||||
CVE-2012-6591 | 1 Paloaltonetworks | 1 Pan-os | 2023-12-10 | 9.0 HIGH | N/A |
The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.5 allows remote authenticated administrators to execute arbitrary commands via unspecified vectors, aka Ref ID 31116. | |||||
CVE-2012-6604 | 1 Paloaltonetworks | 1 Pan-os | 2023-12-10 | 9.0 HIGH | N/A |
The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.11 and 4.0.x before 4.0.9 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka Ref ID 35249. | |||||
CVE-2013-5486 | 1 Cisco | 1 Prime Data Center Network Manager | 2023-12-10 | 10.0 HIGH | N/A |
Directory traversal vulnerability in processImageSave.jsp in DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to write arbitrary files via the chartid parameter, aka Bug IDs CSCue77035 and CSCue77036. NOTE: this can be leveraged to execute arbitrary commands by using the JBoss autodeploy functionality. | |||||
CVE-2012-2986 | 1 Hp | 2 San\/iq, Virtual San Appliance | 2023-12-10 | 7.7 HIGH | N/A |
lhn/public/network/ping in HP SAN/iQ 9.5 on the HP Virtual SAN Appliance allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) first, (2) third, or (3) fourth parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4361. | |||||
CVE-2012-6605 | 1 Paloaltonetworks | 1 Pan-os | 2023-12-10 | 9.0 HIGH | N/A |
The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.11 and 4.0.x before 4.0.9 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka Ref ID 34896. | |||||
CVE-2013-4984 | 1 Sophos | 1 Web Appliance | 2023-12-10 | 7.2 HIGH | N/A |
The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows local users to gain privileges via shell metacharacters in the second argument. | |||||
CVE-2013-5703 | 1 Draytek | 2 Vigor 2700 Router, Vigor 2700 Router Firmware | 2023-12-10 | 6.8 MEDIUM | N/A |
The DrayTek Vigor 2700 router 2.8.3 allows remote attackers to execute arbitrary JavaScript code, and modify settings or the DNS cache, via a crafted SSID value that is not properly handled during insertion into the sWlessSurvey value in variables.js. | |||||
CVE-2012-2516 | 1 Ge | 5 Intelligent Platforms Proficy Batch Execution, Intelligent Platforms Proficy Historian, Intelligent Platforms Proficy Hmi\/scada Ifix and 2 more | 2023-12-10 | 9.3 HIGH | N/A |
An ActiveX control in KeyHelp.ocx in KeyWorks KeyHelp Module (aka the HTML Help component), as used in GE Intelligent Platforms Proficy Historian 3.1, 3.5, 4.0, and 4.5; Proficy HMI/SCADA iFIX 5.0 and 5.1; Proficy Pulse 1.0; Proficy Batch Execution 5.6; SI7 I/O Driver 7.20 through 7.42; and other products, allows remote attackers to execute arbitrary commands via crafted input, related to a "command injection vulnerability." | |||||
CVE-2013-5530 | 1 Cisco | 1 Identity Services Engine Software | 2023-12-10 | 9.0 HIGH | N/A |
The web framework in Cisco Identity Services Engine (ISE) 1.0 and 1.1.0 before 1.1.0.665-5, 1.1.1 before 1.1.1.268-7, 1.1.2 before 1.1.2.145-10, 1.1.3 before 1.1.3.124-7, 1.1.4 before 1.1.4.218-7, and 1.2 before 1.2.0.899-2 allows remote authenticated users to execute arbitrary commands via a crafted session on TCP port 443, aka Bug ID CSCuh81511. | |||||
CVE-2012-6594 | 1 Paloaltonetworks | 1 Pan-os | 2023-12-10 | 9.0 HIGH | N/A |
The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.11, 4.0.x before 4.0.8, and 4.1.x before 4.1.1 allows remote authenticated administrators to execute arbitrary commands via unspecified vectors, aka Ref ID 34299. | |||||
CVE-2012-6592 | 1 Paloaltonetworks | 1 Pan-os | 2023-12-10 | 10.0 HIGH | N/A |
Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.5 allows remote attackers to execute arbitrary commands via unspecified vectors, aka Ref ID 31091. |