Total
1367 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-5003 | 1 Ibm | 1 Tivoli Monitoring | 2024-02-04 | 8.5 HIGH | 8.5 HIGH |
The portal in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 before FP7 allows remote authenticated users to execute arbitrary commands by leveraging Take Action view authority and providing crafted input. | |||||
CVE-2015-4336 | 1 Xcloner | 1 Xcloner | 2024-02-04 | 6.5 MEDIUM | N/A |
cloner.functions.php in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to execute arbitrary commands via a file containing filenames with shell metacharacters, as demonstrated by using the backup comments feature to create the file. | |||||
CVE-2015-8968 | 1 Squareup | 1 Git-fastclone | 2024-02-04 | 9.3 HIGH | 8.8 HIGH |
git-fastclone before 1.0.1 permits arbitrary shell command execution from .gitmodules. If an attacker can instruct a user to run a recursive clone from a repository they control, they can get a client to run an arbitrary shell command. Alternately, if an attacker can MITM an unencrypted git clone, they could exploit this. The ext command will be run if the repository is recursively cloned or if submodules are updated. This attack works when cloning both local and remote repositories. | |||||
CVE-2015-1949 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2024-02-04 | 10.0 HIGH | N/A |
The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to execute arbitrary commands with SYSTEM privileges via unspecified vectors. | |||||
CVE-2015-1561 | 1 Centreon | 1 Centreon | 2024-02-04 | 6.5 MEDIUM | N/A |
The escape_command function in include/Administration/corePerformance/getStats.php in Centreon (formerly Merethis Centreon) 2.5.4 and earlier (fixed in Centreon 19.10.0) uses an incorrect regular expression, which allows remote authenticated users to execute arbitrary commands via shell metacharacters in the ns_id parameter. | |||||
CVE-2015-5190 | 1 Pacemaker\/corosync Configuration System Project | 1 Pacemaker\/corosync Configuration System | 2024-02-04 | 8.5 HIGH | N/A |
The pcsd web UI in PCS 0.9.139 and earlier allows remote authenticated users to execute arbitrary commands via "escape characters" in a URL. | |||||
CVE-2015-4930 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-02-04 | 9.0 HIGH | N/A |
IBM QRadar SIEM 7.1 MR2 before Patch 11 IF02 and 7.2.x before 7.2.5 Patch 4 allows remote authenticated users to execute arbitrary commands with root privileges by leveraging admin access. | |||||
CVE-2016-2056 | 2 Debian, Xymon | 2 Debian Linux, Xymon | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the adduser_name argument in (1) web/useradm.c or (2) web/chpasswd.c. | |||||
CVE-2015-6547 | 1 Symantec | 1 Web Gateway | 2024-02-04 | 8.3 HIGH | N/A |
The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary commands at boot time via unspecified vectors. | |||||
CVE-2014-8990 | 3 Debian, Fedoraproject, Lsyncd Project | 3 Debian Linux, Fedora, Lsyncd | 2024-02-04 | 7.5 HIGH | N/A |
default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a filename. | |||||
CVE-2014-8517 | 2 Apple, Netbsd | 2 Mac Os X, Netbsd | 2024-02-04 | 7.5 HIGH | N/A |
The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an HTTP redirect. | |||||
CVE-2014-7208 | 1 Gparted | 1 Gparted | 2024-02-04 | 7.2 HIGH | N/A |
GParted before 0.15.0 allows local users to execute arbitrary commands with root privileges via shell metacharacters in a crafted filesystem label. | |||||
CVE-2014-9144 | 1 Technicolor | 1 Td5130 Router Firmware | 2024-02-04 | 7.5 HIGH | N/A |
Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to execute arbitrary commands via shell metacharacters in the ping field (setobject_ip parameter). | |||||
CVE-2015-0778 | 3 Fedoraproject, Opensuse, Suse | 3 Fedora, Opensuse, Opensuse Osc | 2024-02-04 | 7.5 HIGH | N/A |
osc before 0.151.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a _service file. | |||||
CVE-2014-3556 | 1 F5 | 1 Nginx | 2024-02-04 | 6.8 MEDIUM | N/A |
The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. | |||||
CVE-2015-2746 | 1 Websense | 2 Triton, V-series Appliances | 2024-02-04 | 6.5 MEDIUM | N/A |
The network diagnostics tool (CommandLineServlet) in the Appliance Manager command line utility (CLU) in Websense TRITON 7.8.3 and V-Series appliances before 7.8.4 Hotfix 02 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the "second" parameter of a command, as demonstrated by the Destination parameter in the ping command. | |||||
CVE-2015-0225 | 1 Apache | 1 Cassandra | 2024-02-04 | 7.5 HIGH | N/A |
The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request. | |||||
CVE-2015-2846 | 1 Bittorrent | 1 Sync | 2024-02-04 | 9.3 HIGH | N/A |
BitTorrent Sync allows remote attackers to execute arbitrary commands via a crafted btsync: link. | |||||
CVE-2013-7418 | 1 Ipcop | 1 Ipcop | 2024-02-04 | 6.5 MEDIUM | N/A |
cgi-bin/iptablesgui.cgi in IPCop (aka IPCop Firewall) before 2.1.5 allows remote authenticated users to execute arbitrary code via shell metacharacters in the TABLE parameter. NOTE: this can be exploited remotely by leveraging a separate cross-site scripting (XSS) vulnerability. | |||||
CVE-2014-6260 | 1 Zenoss | 1 Zenoss Core | 2024-02-04 | 6.8 MEDIUM | N/A |
Zenoss Core through 5 Beta 3 does not require a password for modifying the pager command string, which allows remote attackers to execute arbitrary commands or cause a denial of service (paging outage) by leveraging an unattended workstation, aka ZEN-15412. |