Total
2370 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-4525 | 1 Emc | 1 Isilon Onefs | 2025-04-12 | 9.0 HIGH | N/A |
| The log-gather implementation in the web administration interface in EMC Isilon OneFS 6.5.x.x through 7.1.1.x before 7.1.1.5 and 7.2.0.x before 7.2.0.2 allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors. | |||||
| CVE-2015-5474 | 2 Bittorrent, Utorrent | 2 Bittorrent, Utorrent | 2025-04-12 | 9.3 HIGH | N/A |
| BitTorrent and uTorrent allow remote attackers to inject command line parameters and execute arbitrary commands via a crafted URL using the (1) bittorrent or (2) magnet protocol. | |||||
| CVE-2015-0934 | 1 Sharelatex | 1 Sharelatex | 2025-04-12 | 6.5 MEDIUM | N/A |
| Common LaTeX Service Interface (CLSI) before 0.1.3, as used in ShareLaTeX before 0.1.3, allows remote authenticated users to execute arbitrary code via ` (backtick) characters in a filename. | |||||
| CVE-2016-7399 | 1 Veritas | 2 Netbackup Appliance, Netbackup Appliance Firmware | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, 2.7.x through 2.7.3, and 3.0.x allow remote attackers to execute arbitrary commands via shell metacharacters in the hostName parameter to appliancews/getLicense. | |||||
| CVE-2015-1815 | 2 Fedoraproject, Selinux | 2 Fedora, Setroubleshoot | 2025-04-12 | 10.0 HIGH | N/A |
| The get_rpm_nvr_by_file_path_temporary function in util.py in setroubleshoot before 3.2.22 allows remote attackers to execute arbitrary commands via shell metacharacters in a file name. | |||||
| CVE-2014-9277 | 1 Mediawiki | 1 Mediawiki | 2025-04-12 | 7.5 HIGH | N/A |
| The wfMangleFlashPolicy function in OutputHandler.php in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7 allows remote attackers to conduct PHP object injection attacks via a crafted string containing <cross-domain-policy> in a PHP format request, which causes the string length to change when converting the request to <NOT-cross-domain-policy>. | |||||
| CVE-2016-0920 | 1 Emc | 1 Avamar Server | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
| Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root access via a crafted parameter to a command that is available in the sudo configuration. | |||||
| CVE-2015-5003 | 1 Ibm | 1 Tivoli Monitoring | 2025-04-12 | 8.5 HIGH | 8.5 HIGH |
| The portal in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 before FP7 allows remote authenticated users to execute arbitrary commands by leveraging Take Action view authority and providing crafted input. | |||||
| CVE-2014-4336 | 1 Linuxfoundation | 1 Cups-filters | 2025-04-12 | 5.8 MEDIUM | N/A |
| The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the host name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707. | |||||
| CVE-2015-4336 | 1 Xcloner | 1 Xcloner | 2025-04-12 | 6.5 MEDIUM | N/A |
| cloner.functions.php in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to execute arbitrary commands via a file containing filenames with shell metacharacters, as demonstrated by using the backup comments feature to create the file. | |||||
| CVE-2015-8968 | 1 Squareup | 1 Git-fastclone | 2025-04-12 | 9.3 HIGH | 8.8 HIGH |
| git-fastclone before 1.0.1 permits arbitrary shell command execution from .gitmodules. If an attacker can instruct a user to run a recursive clone from a repository they control, they can get a client to run an arbitrary shell command. Alternately, if an attacker can MITM an unencrypted git clone, they could exploit this. The ext command will be run if the repository is recursively cloned or if submodules are updated. This attack works when cloning both local and remote repositories. | |||||
| CVE-2015-1949 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2025-04-12 | 10.0 HIGH | N/A |
| The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to execute arbitrary commands with SYSTEM privileges via unspecified vectors. | |||||
| CVE-2015-3441 | 1 Genexia | 1 Drgos | 2025-04-12 | 9.0 HIGH | 8.8 HIGH |
| The Parental Control panel in Genexis devices with DRGOS before 1.14.1 allows remote authenticated users to execute arbitrary CLI commands via the (1) start_hour, (2) start_minute, (3) end_hour, (4) end_minute, or (5) hostname parameter. | |||||
| CVE-2015-2051 | 1 Dlink | 2 Dir-645, Dir-645 Firmware | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface. | |||||
| CVE-2015-1561 | 1 Centreon | 1 Centreon | 2025-04-12 | 6.5 MEDIUM | N/A |
| The escape_command function in include/Administration/corePerformance/getStats.php in Centreon (formerly Merethis Centreon) 2.5.4 and earlier (fixed in Centreon 19.10.0) uses an incorrect regular expression, which allows remote authenticated users to execute arbitrary commands via shell metacharacters in the ns_id parameter. | |||||
| CVE-2015-5190 | 1 Pacemaker\/corosync Configuration System Project | 1 Pacemaker\/corosync Configuration System | 2025-04-12 | 8.5 HIGH | N/A |
| The pcsd web UI in PCS 0.9.139 and earlier allows remote authenticated users to execute arbitrary commands via "escape characters" in a URL. | |||||
| CVE-2014-8515 | 1 Bittorrent | 1 Bittorrent | 2025-04-12 | 6.8 MEDIUM | N/A |
| The web interface in BitTorrent allows remote attackers to execute arbitrary commands by leveraging knowledge of the pairing values and a crafted request to port 10000. | |||||
| CVE-2016-1000156 | 1 Mailcwp Project | 1 Mailcwp | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Mailcwp remote file upload vulnerability incomplete fix v1.100 | |||||
| CVE-2015-2265 | 2 Canonical, Linuxfoundation | 2 Ubuntu Linux, Cups-filters | 2025-04-12 | 7.5 HIGH | N/A |
| The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707. | |||||
| CVE-2015-4930 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2025-04-12 | 9.0 HIGH | N/A |
| IBM QRadar SIEM 7.1 MR2 before Patch 11 IF02 and 7.2.x before 7.2.5 Patch 4 allows remote authenticated users to execute arbitrary commands with root privileges by leveraging admin access. | |||||