Total
3081 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-1947 | 2 Kelly D. Redding, Ruby-lang | 2 Kelredd-pruview, Ruby | 2024-02-04 | 9.3 HIGH | N/A |
kelredd-pruview gem 0.3.8 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument to (1) document.rb, (2) video.rb, or (3) video_image.rb. | |||||
CVE-2013-4984 | 1 Sophos | 1 Web Appliance | 2024-02-04 | 7.2 HIGH | N/A |
The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows local users to gain privileges via shell metacharacters in the second argument. | |||||
CVE-2012-3075 | 1 Cisco | 11 Telepresence System 1300 65, Telepresence System 3000, Telepresence System 3010 and 8 more | 2024-02-04 | 9.0 HIGH | N/A |
The administrative web interface on Cisco TelePresence Immersive Endpoint Devices before 1.7.4 allows remote authenticated users to execute arbitrary commands via a malformed request on TCP port 443, aka Bug ID CSCtn99724. | |||||
CVE-2013-5703 | 1 Draytek | 2 Vigor 2700 Router, Vigor 2700 Router Firmware | 2024-02-04 | 6.8 MEDIUM | N/A |
The DrayTek Vigor 2700 router 2.8.3 allows remote attackers to execute arbitrary JavaScript code, and modify settings or the DNS cache, via a crafted SSID value that is not properly handled during insertion into the sWlessSurvey value in variables.js. | |||||
CVE-2012-3074 | 1 Cisco | 11 Telepresence System 1300 65, Telepresence System 3000, Telepresence System 3010 and 8 more | 2024-02-04 | 8.3 HIGH | N/A |
An unspecified API on Cisco TelePresence Immersive Endpoint Devices before 1.9.1 allows remote attackers to execute arbitrary commands by leveraging certain adjacency and sending a malformed request on TCP port 61460, aka Bug ID CSCtz38382. | |||||
CVE-2012-3366 | 1 Anl | 1 Bcfg2 | 2024-02-04 | 9.0 HIGH | N/A |
The Trigger plugin in bcfg2 1.2.x before 1.2.3 allows remote attackers with root access to the client to execute arbitrary commands via shell metacharacters in the UUID field to the server process (bcfg2-server). | |||||
CVE-2012-4075 | 1 Cisco | 1 Nx-os | 2024-02-04 | 7.2 HIGH | N/A |
Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in unspecified command parameters, aka Bug IDs CSCtf19827 and CSCtf27788. | |||||
CVE-2012-6592 | 1 Paloaltonetworks | 1 Pan-os | 2024-02-04 | 10.0 HIGH | N/A |
Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.5 allows remote attackers to execute arbitrary commands via unspecified vectors, aka Ref ID 31091. | |||||
CVE-2012-2986 | 1 Hp | 2 San\/iq, Virtual San Appliance | 2024-02-04 | 7.7 HIGH | N/A |
lhn/public/network/ping in HP SAN/iQ 9.5 on the HP Virtual SAN Appliance allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) first, (2) third, or (3) fourth parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4361. | |||||
CVE-2012-3076 | 1 Cisco | 1 Telepresence Recording Server | 2024-02-04 | 9.0 HIGH | N/A |
The administrative web interface on Cisco TelePresence Recording Server before 1.8.0 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Bug ID CSCth85804. | |||||
CVE-2013-5530 | 1 Cisco | 1 Identity Services Engine Software | 2024-02-04 | 9.0 HIGH | N/A |
The web framework in Cisco Identity Services Engine (ISE) 1.0 and 1.1.0 before 1.1.0.665-5, 1.1.1 before 1.1.1.268-7, 1.1.2 before 1.1.2.145-10, 1.1.3 before 1.1.3.124-7, 1.1.4 before 1.1.4.218-7, and 1.2 before 1.2.0.899-2 allows remote authenticated users to execute arbitrary commands via a crafted session on TCP port 443, aka Bug ID CSCuh81511. | |||||
CVE-2013-3578 | 1 Wave | 2 Embassy Remote Administration Server, Embassy Remote Administration Server Help Desk | 2024-02-04 | 9.0 HIGH | N/A |
SQL injection vulnerability in the Help Desk application in Wave EMBASSY Remote Administration Server (ERAS) allows remote authenticated users to execute arbitrary SQL commands via the ct100$4MainController$TextBoxSearchValue parameter (aka the search field), leading to execution of operating-system commands. | |||||
CVE-2013-4457 | 1 Thoughtbot | 1 Cocaine | 2024-02-04 | 6.8 MEDIUM | N/A |
The Cocaine gem 0.4.0 through 0.5.2 for Ruby allows context-dependent attackers to execute arbitrary commands via a crafted has object, related to recursive variable interpolation. | |||||
CVE-2012-2953 | 1 Symantec | 1 Web Gateway | 2024-02-04 | 10.0 HIGH | N/A |
The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary commands via crafted input to application scripts. | |||||
CVE-2013-7103 | 1 Mcafee | 1 Email Gateway | 2024-02-04 | 9.0 HIGH | N/A |
McAfee Email Gateway 7.6 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the value attribute in a (1) TestFile XML element or the (2) hostname. NOTE: this issue can be combined with CVE-2013-7092 to allow remote attackers to execute commands. | |||||
CVE-2012-6601 | 1 Paloaltonetworks | 1 Pan-os | 2024-02-04 | 10.0 HIGH | N/A |
The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.12, 4.0.x before 4.0.10, and 4.1.x before 4.1.4 allows remote attackers to execute arbitrary code via unspecified vectors, aka Ref ID 36983. | |||||
CVE-2013-4781 | 1 Siemens | 2 Enterprise Openscape Branch, Openscape Session Border Controller | 2024-02-04 | 10.0 HIGH | N/A |
core/getLog.php on the Siemens Enterprise OpenScape Branch appliance and OpenScape Session Border Controller (SBC) before 2 R0.32.0, and 7 before 7 R1.7.0, allows remote attackers to execute arbitrary commands via unspecified vectors. | |||||
CVE-2013-5486 | 1 Cisco | 1 Prime Data Center Network Manager | 2024-02-04 | 10.0 HIGH | N/A |
Directory traversal vulnerability in processImageSave.jsp in DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to write arbitrary files via the chartid parameter, aka Bug IDs CSCue77035 and CSCue77036. NOTE: this can be leveraged to execute arbitrary commands by using the JBoss autodeploy functionality. | |||||
CVE-2014-0659 | 1 Cisco | 6 Rvs4000, Rvs4000 Firmware, Wap4410n and 3 more | 2024-02-04 | 10.0 HIGH | N/A |
The Cisco WAP4410N access point with firmware through 2.0.6.1, WRVS4400N router with firmware 1.x through 1.1.13 and 2.x through 2.0.2.1, and RVS4000 router with firmware through 2.0.3.2 allow remote attackers to read credential and configuration data, and execute arbitrary commands, via requests to the test interface on TCP port 32764, aka Bug IDs CSCum37566, CSCum43693, CSCum43700, and CSCum43685. | |||||
CVE-2013-3444 | 1 Cisco | 8 Application And Content Networking System Software, Enterprise Content Delivery Network Software, Internet Streamer Content Delivery System and 5 more | 2024-02-04 | 9.0 HIGH | N/A |
The web framework in Cisco WAAS Software before 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and 5.2.x before 5.2.1; Cisco ACNS Software 4.x and 5.x before 5.5.29.2; Cisco ECDS Software 2.x before 2.5.6; Cisco CDS-IS Software 2.x before 2.6.3.b50 and 3.1.x before 3.1.2b54; Cisco VDS-IS Software 3.2.x before 3.2.1.b9; Cisco VDS-SB Software 1.x before 1.1.0-b96; Cisco VDS-OE Software 1.x before 1.0.1; and Cisco VDS-OS Software 1.x in central-management mode allows remote authenticated users to execute arbitrary commands by appending crafted strings to values in GUI fields, aka Bug IDs CSCug40609, CSCug48855, CSCug48921, CSCug48872, CSCuh21103, CSCuh21020, and CSCug56790. |