Total
3078 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-0887 | 1 Ibm | 1 Lotus Protector For Mail Security | 2024-02-04 | 7.1 HIGH | N/A |
The Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors. | |||||
CVE-2013-5758 | 1 Yealink | 1 Sip-t38g | 2024-02-04 | 9.0 HIGH | N/A |
cgi-bin/cgiServer.exx in Yealink VoIP Phone SIP-T38G allows remote authenticated users to execute arbitrary commands by calling the system method in the body of a request, as demonstrated by running unauthorized services, changing directory permissions, and modifying files. | |||||
CVE-2015-0525 | 1 Emc | 1 Secure Remote Services | 2024-02-04 | 7.5 HIGH | N/A |
The Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | |||||
CVE-2014-6434 | 1 Gopro | 2 Gopro Hero, Gopro Hero Firmware | 2024-02-04 | 10.0 HIGH | N/A |
gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary commands via a the (1) a1 or (2) a2 parameter in a restart action. | |||||
CVE-2014-1987 | 1 Cybozu | 1 Garoon | 2024-02-04 | 10.0 HIGH | N/A |
The CGI component in Cybozu Garoon 3.1.0 through 3.7 SP3 allows remote attackers to execute arbitrary commands via unspecified vectors. | |||||
CVE-2014-2874 | 1 Paperthin | 1 Commonspot Content Server | 2024-02-04 | 10.0 HIGH | N/A |
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to execute arbitrary code via shell metacharacters in an unspecified context. | |||||
CVE-2012-6604 | 1 Paloaltonetworks | 1 Pan-os | 2024-02-04 | 9.0 HIGH | N/A |
The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.11 and 4.0.x before 4.0.9 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka Ref ID 35249. | |||||
CVE-2012-6594 | 1 Paloaltonetworks | 1 Pan-os | 2024-02-04 | 9.0 HIGH | N/A |
The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.11, 4.0.x before 4.0.8, and 4.1.x before 4.1.1 allows remote authenticated administrators to execute arbitrary commands via unspecified vectors, aka Ref ID 34299. | |||||
CVE-2013-3576 | 1 Hp | 1 System Management Homepage | 2024-02-04 | 9.0 HIGH | N/A |
ginkgosnmp.inc in HP System Management Homepage (SMH) allows remote authenticated users to execute arbitrary commands via shell metacharacters in the PATH_INFO to smhutil/snmpchp.php.en. | |||||
CVE-2012-6605 | 1 Paloaltonetworks | 1 Pan-os | 2024-02-04 | 9.0 HIGH | N/A |
The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.11 and 4.0.x before 4.0.9 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka Ref ID 34896. | |||||
CVE-2013-1933 | 2 Documentcloud, Ruby-lang | 2 Karteek-docsplit, Ruby | 2024-02-04 | 9.3 HIGH | N/A |
The extract_from_ocr function in lib/docsplit/text_extractor.rb in the Karteek Docsplit (karteek-docsplit) gem 0.5.4 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a PDF filename. | |||||
CVE-2012-6599 | 1 Paloaltonetworks | 1 Pan-os | 2024-02-04 | 9.0 HIGH | N/A |
The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 and 4.1.x before 4.1.1 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 33476. | |||||
CVE-2012-6598 | 1 Paloaltonetworks | 1 Pan-os | 2024-02-04 | 9.0 HIGH | N/A |
The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 33080. | |||||
CVE-2013-5946 | 1 Dlink | 16 Dsr-1000, Dsr-1000 Firmware, Dsr-1000n and 13 more | 2024-02-04 | 10.0 HIGH | N/A |
The runShellCmd function in systemCheck.htm in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) "Ping or Trace an IP Address" or (2) "Perform a DNS Lookup" section. | |||||
CVE-2012-4011 | 1 Cybozu | 1 Kunai | 2024-02-04 | 9.3 HIGH | N/A |
The Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site. | |||||
CVE-2012-4108 | 1 Cisco | 1 Unified Computing System | 2024-02-04 | 6.8 MEDIUM | N/A |
The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges and execute arbitrary operating-system commands via crafted parameters to a file-related command, aka Bug ID CSCtq86554. | |||||
CVE-2012-4361 | 1 Hp | 2 San\/iq, Virtual San Appliance | 2024-02-04 | 7.7 HIGH | N/A |
lhn/public/network/ping in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance allows remote authenticated users to execute arbitrary commands via shell metacharacters in the second parameter. | |||||
CVE-2013-1947 | 2 Kelly D. Redding, Ruby-lang | 2 Kelredd-pruview, Ruby | 2024-02-04 | 9.3 HIGH | N/A |
kelredd-pruview gem 0.3.8 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument to (1) document.rb, (2) video.rb, or (3) video_image.rb. | |||||
CVE-2013-4984 | 1 Sophos | 1 Web Appliance | 2024-02-04 | 7.2 HIGH | N/A |
The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows local users to gain privileges via shell metacharacters in the second argument. | |||||
CVE-2012-3075 | 1 Cisco | 11 Telepresence System 1300 65, Telepresence System 3000, Telepresence System 3010 and 8 more | 2024-02-04 | 9.0 HIGH | N/A |
The administrative web interface on Cisco TelePresence Immersive Endpoint Devices before 1.7.4 allows remote authenticated users to execute arbitrary commands via a malformed request on TCP port 443, aka Bug ID CSCtn99724. |