Total
789 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-7841 | 1 Huawei | 10 Fusionserver Ch121 V3, Fusionserver Ch220 V3, Fusionserver Ch222 V3 and 7 more | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| The login page of the server on Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with software before V100R003C00SPC602, RH2288A V2 with software before V100R002C00SPC701, RH1288A V2 with software before V100R002C00SPC502, RH8100 V3 with software before V100R003C00SPC110, CH222 V3 with software before V100R001C00SPC161, CH220 V3 with software before V100R001C00SPC161, and CH121 V3 with software before V100R001C00SPC161 allows remote attackers to bypass access restrictions and enter commands via unspecified parameters, as demonstrated by a "user creation command." | |||||
| CVE-2017-4984 | 1 Emc | 4 Vnx1, Vnx1 Firmware, Vnx2 and 1 more | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, an unauthenticated remote attacker may be able to elevate their permissions to root through a command injection. This may potentially be exploited by an attacker to run arbitrary code with root-level privileges on the targeted VNX Control Station system, aka remote code execution. | |||||
| CVE-2017-9980 | 1 Greenpacket | 2 Dx-350, Dx-350 Firmware | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| In Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, the "PING" (aka tag_ipPing) feature within the web interface allows performing command injection, via the "pip" parameter. | |||||
| CVE-2015-2857 | 1 Accellion | 1 File Transfer Appliance | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Accellion File Transfer Appliance before FTA_9_11_210 allows remote attackers to execute arbitrary code via shell metacharacters in the oauth_token parameter. | |||||
| CVE-2017-15940 | 1 Paloaltonetworks | 1 Pan-os | 2025-04-20 | 9.0 HIGH | 9.8 CRITICAL |
| The web interface packet capture management component in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote authenticated users to execute arbitrary code via unspecified vectors. | |||||
| CVE-2016-9683 | 1 Dell | 1 Sonicwall Secure Remote Access Server | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'extensionsettings' CGI (/cgi-bin/extensionsettings) component responsible for handling some of the server's internal configurations. The CGI application doesn't properly escape the information it's passed when processing a particular multi-part form request involving scripts. The filename of the 'scriptname' variable is read in unsanitized before a call to system() is performed - allowing for remote command injection. Exploitation of this vulnerability yields shell access to the remote machine under the nobody user account. This is SonicWall Issue ID 181195. | |||||
| CVE-2017-7689 | 1 Schneider-electric | 2 Homelynk Controller Lss100100, Homelynk Controller Lss100100 Firmware | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| A Command Injection vulnerability in Schneider Electric homeLYnk Controller exists in all versions before 1.5.0. | |||||
| CVE-2008-7313 | 3 Nagios, Redhat, Snoopy | 3 Nagios, Openstack, Snoopy | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796. | |||||
| CVE-2017-2349 | 1 Juniper | 1 Junos | 2025-04-20 | 9.0 HIGH | 9.9 CRITICAL |
| A command injection vulnerability in the IDP feature of Juniper Networks Junos OS on SRX series devices potentially allows a user with login access to the device to execute shell commands and elevate privileges. Affected releases are Juniper Networks Junos OS 12.1X44 prior to 12.1X44-D60; 12.1X46 prior to 12.1X46-D50; 12.1X47 prior to 12.1X47-D30, 12.1X47-D35; 12.3X48 prior to 12.3X48-D20, 12.3X48-D30; 15.1X49 prior to 15.1X49-D20, 15.1X49-D30. | |||||
| CVE-2017-4918 | 1 Vmware | 1 Horizon View | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| VMware Horizon View Client (2.x, 3.x and 4.x prior to 4.5.0) contains a command injection vulnerability in the service startup script. Successful exploitation of this issue may allow unprivileged users to escalate their privileges to root on the Mac OSX system where the client is installed. | |||||
| CVE-2017-7977 | 1 Unicon-software | 1 Elux | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| The Screensavercc component in eLux RP before 5.5.0 allows attackers to bypass intended configuration restrictions and execute arbitrary commands with root privileges by inserting commands in a local configuration dialog in the control panel. | |||||
| CVE-2014-3741 | 1 Node-printer Project | 1 Node-printer | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The printDirect function in lib/printer.js in the node-printer module 0.0.1 and earlier for Node.js allows remote attackers to execute arbitrary commands via unspecified characters in the lpr command. | |||||
| CVE-2017-7722 | 1 Solarwinds | 1 Log \& Event Manager | 2025-04-20 | 10.0 HIGH | 10.0 CRITICAL |
| In SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with "cmc" and "password" (the default username and password). By exploiting a vulnerability in the restrictssh feature of the menuing script, an attacker can escape from the restricted shell. | |||||
| CVE-2016-1555 | 1 Netgear | 14 Wn604, Wn604 Firmware, Wn802tv2 and 11 more | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| (1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands. | |||||
| CVE-2016-9684 | 1 Dell | 1 Sonicwall Secure Remote Access Server | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'viewcert' CGI (/cgi-bin/viewcert) component responsible for processing SSL certificate information. The CGI application doesn't properly escape the information it's passed in the 'CERT' variable before a call to system() is performed - allowing for remote command injection. Exploitation of this vulnerability yields shell access to the remote machine under the nobody user account. | |||||
| CVE-2016-10194 | 1 Festivaltts4r Project | 1 Festivaltts4r | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The festivaltts4r gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a string to the (1) to_speech or (2) to_mp3 method in lib/festivaltts4r/festival4r.rb. | |||||
| CVE-2016-9682 | 1 Dell | 1 Sonicwall Secure Remote Access Server | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to two Remote Command Injection vulnerabilities in its web administrative interface. These vulnerabilities occur in the diagnostics CGI (/cgi-bin/diagnostics) component responsible for emailing out information about the state of the system. The application doesn't properly escape the information passed in the 'tsrDeleteRestartedFile' or 'currentTSREmailTo' variables before making a call to system(), allowing for remote command injection. Exploitation of this vulnerability yields shell access to the remote machine under the nobody user account. | |||||
| CVE-2015-9059 | 1 Picocom Project | 1 Picocom | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| picocom before 2.0 has a command injection vulnerability in the 'send and receive file' command because the command line is executed by /bin/sh unsafely. | |||||
| CVE-2016-10329 | 1 Synology | 1 Photo Station | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Command injection vulnerability in login.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to execute arbitrary code via shell metacharacters in the crafted 'X-Forwarded-For' header. | |||||
| CVE-2008-7319 | 1 Net-ping-external Project | 1 Net-ping-external | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| The Net::Ping::External extension through 0.15 for Perl does not properly sanitize arguments (e.g., invalid hostnames) containing shell metacharacters before use of backticks in External.pm, allowing for shell command injection and arbitrary command execution if untrusted input is used. | |||||