Total
2378 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-0225 | 1 Apache | 1 Cassandra | 2025-04-12 | 7.5 HIGH | N/A |
| The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request. | |||||
| CVE-2015-3408 | 2 Canonical, Module-signature Project | 2 Ubuntu Linux, Module-signature | 2025-04-12 | 10.0 HIGH | N/A |
| Module::Signature before 0.74 allows remote attackers to execute arbitrary shell commands via a crafted SIGNATURE file which is not properly handled when generating checksums from a signed manifest. | |||||
| CVE-2015-5011 | 1 Ibm | 2 Integration Bus, Websphere Message Broker | 2025-04-12 | 3.2 LOW | N/A |
| IBM WebSphere Message Broker 8 before 8.0.0.6 and Integration Bus 9 before 9.0.0.4 do not check authorization for MQSISTARTMSGFLOW and MQSISTOPMSGFLOW commands, which allows local users to bypass intended access restrictions, and start or stop a service, by issuing a command. | |||||
| CVE-2016-4822 | 1 Corega | 2 Cg-wlbargl, Cg-wlbargl Firmware | 2025-04-12 | 5.2 MEDIUM | 8.0 HIGH |
| Corega CG-WLBARGL devices allow remote authenticated users to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2015-2846 | 1 Bittorrent | 1 Sync | 2025-04-12 | 9.3 HIGH | N/A |
| BitTorrent Sync allows remote attackers to execute arbitrary commands via a crafted btsync: link. | |||||
| CVE-2015-5080 | 1 Citrix | 2 Netscaler Application Delivery Controller Firmware, Netscaler Gateway Firmware | 2025-04-12 | 9.0 HIGH | N/A |
| The Management Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before 10.1.132.8, 10.5 before Build 56.15, and 10.5.e before Build 56.1505.e allows remote authenticated users to execute arbitrary shell commands via shell metacharacters in the filter parameter to rapi/ipsec_logs. | |||||
| CVE-2016-3081 | 2 Apache, Oracle | 2 Struts, Siebel E-billing | 2025-04-12 | 9.3 HIGH | 8.1 HIGH |
| Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to chained expressions. | |||||
| CVE-2015-8969 | 1 Squareup | 1 Git-fastclone | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| git-fastclone before 1.0.5 passes user modifiable strings directly to a shell command. An attacker can execute malicious commands by modifying the strings that are passed as arguments to "cd " and "git clone " commands in the library. | |||||
| CVE-2013-7418 | 1 Ipcop | 1 Ipcop | 2025-04-12 | 6.5 MEDIUM | N/A |
| cgi-bin/iptablesgui.cgi in IPCop (aka IPCop Firewall) before 2.1.5 allows remote authenticated users to execute arbitrary code via shell metacharacters in the TABLE parameter. NOTE: this can be exploited remotely by leveraging a separate cross-site scripting (XSS) vulnerability. | |||||
| CVE-2015-7839 | 1 Solarwinds | 1 Log And Event Manager | 2025-04-12 | 7.5 HIGH | N/A |
| SolarWinds Log and Event Manager (LEM) allows remote attackers to execute arbitrary commands on managed computers via a request to services/messagebroker/nonsecurestreamingamf involving the traceroute functionality. | |||||
| CVE-2014-6260 | 1 Zenoss | 1 Zenoss Core | 2025-04-12 | 6.8 MEDIUM | N/A |
| Zenoss Core through 5 Beta 3 does not require a password for modifying the pager command string, which allows remote attackers to execute arbitrary commands or cause a denial of service (paging outage) by leveraging an unattended workstation, aka ZEN-15412. | |||||
| CVE-2015-2208 | 1 Avinu | 1 Phpmoadmin | 2025-04-12 | 7.5 HIGH | N/A |
| The saveObject function in moadmin.php in phpMoAdmin 1.1.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the object parameter. | |||||
| CVE-2015-3716 | 1 Apple | 1 Mac Os X | 2025-04-12 | 4.4 MEDIUM | N/A |
| Spotlight in Apple OS X before 10.10.4 allows attackers to execute arbitrary commands via a crafted name of a photo file within the local photo library. | |||||
| CVE-2014-7285 | 1 Symantec | 1 Web Gateway | 2025-04-12 | 6.5 MEDIUM | N/A |
| The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP scripts. | |||||
| CVE-2014-9682 | 1 Dns-sync Project | 1 Dns-sync | 2025-04-12 | 10.0 HIGH | N/A |
| The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function. | |||||
| CVE-2015-7541 | 1 Colorscore Project | 1 Colorscore | 2025-04-12 | 10.0 HIGH | 10.0 CRITICAL |
| The initialize method in the Histogram class in lib/colorscore/histogram.rb in the colorscore gem before 0.0.5 for Ruby allows context-dependent attackers to execute arbitrary code via shell metacharacters in the (1) image_path, (2) colors, or (3) depth variable. | |||||
| CVE-2016-0326 | 1 Ibm | 2 Rational Collaborative Lifecycle Management, Rational Quality Manager | 2025-04-12 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Rational Quality Manager (RQM) and Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.x before 4.0.7 iFix11, 5.x before 5.0.2 iFix17, and 6.x before 6.0.1 ifix3 allow remote authenticated users to execute arbitrary OS commands via a crafted "HTML request." | |||||
| CVE-2015-5082 | 1 Endian Firewall | 1 Endian Firewall | 2025-04-12 | 10.0 HIGH | N/A |
| Endian Firewall before 3.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) NEW_PASSWORD_1 or (2) NEW_PASSWORD_2 parameter to cgi-bin/chpasswd.cgi. | |||||
| CVE-2014-9622 | 1 Gentoo | 1 Xdg-utils | 2025-04-12 | 6.8 MEDIUM | N/A |
| Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open. | |||||
| CVE-2015-1986 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2025-04-12 | 10.0 HIGH | N/A |
| The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2015-1938. | |||||