Total
3429 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-16666 | 1 Xplico | 1 Xplico | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
| Xplico before 1.2.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the name of an uploaded PCAP file. NOTE: this issue can be exploited without authentication by leveraging the user registration feature. | |||||
| CVE-2017-16641 | 1 Cacti | 1 Cacti | 2024-02-04 | 9.0 HIGH | 7.2 HIGH |
| lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php. | |||||
| CVE-2017-11321 | 1 Ucopia | 1 Wireless Appliance | 2024-02-04 | 6.5 MEDIUM | 7.2 HIGH |
| The restricted shell interface in UCOPIA Wireless Appliance before 5.1.8 allows remote authenticated users to gain 'admin' privileges via shell metacharacters in the less command. | |||||
| CVE-2015-3431 | 1 Pydio | 1 Pydio | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| Pydio (formerly AjaXplorer) before 6.0.7 allows remote attackers to execute arbitrary commands via unspecified vectors, aka "Pydio OS Command Injection Vulnerabilities." | |||||
| CVE-2017-2843 | 1 Foscam | 2 C1 Indoor Hd Camera, C1 Indoor Hd Camera Firmware | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| In the web management interface in Foscam C1 Indoor HD Camera running application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability. | |||||
| CVE-2017-1000009 | 1 Akeneo | 1 Product Information Management | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Akeneo PIM CE and EE <1.6.6, <1.5.15, <1.4.28 are vulnerable to shell injection in the mass edition, resulting in remote execution. | |||||
| CVE-2017-14118 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| In the EyesOfNetwork web interface (aka eonweb) 5.1-0, module\tool_all\tools\interface.php does not properly restrict exec calls, which allows remote attackers to execute arbitrary commands via shell metacharacters in the host_list parameter to module/tool_all/select_tool.php. | |||||
| CVE-2017-17458 | 2 Debian, Mercurial | 2 Debian Linux, Mercurial | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the repository. Typical use of Mercurial prevents construction of such repositories, but they can be created programmatically. | |||||
| CVE-2017-17055 | 1 Articatech | 1 Artica Proxy | 2024-02-04 | 8.5 HIGH | 9.0 CRITICAL |
| Artica Web Proxy before 3.06.112911 allows remote attackers to execute arbitrary code as root by conducting a cross-site scripting (XSS) attack involving the username-form-id parameter to freeradius.users.php. | |||||
| CVE-2017-15924 | 2 Debian, Shadowsocks | 2 Debian Linux, Shadowsocks-libev | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic, related to the add_server, build_config, and construct_command_line functions. | |||||
| CVE-2017-6683 | 1 Cisco | 1 Elastic Services Controller | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability in the esc_listener.py script of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to execute arbitrary commands as the tomcat user on an affected system, aka an Authentication Request Processing Arbitrary Command Execution Vulnerability. More Information: CSCvc76642. Known Affected Releases: 2.2(9.76). | |||||
| CVE-2017-16921 | 2 Debian, Otrs | 2 Debian Linux, Otrs | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
| In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters (related to PGP) and execute arbitrary shell commands with the permissions of the OTRS or web server user. | |||||
| CVE-2017-2844 | 1 Foscam | 2 C1 Indoor Hd Camera, C1 Indoor Hd Camera Firmware | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability. | |||||
| CVE-2017-1000215 | 1 Xrootd | 1 Xrootd | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| ROOT xrootd version 4.6.0 and below is vulnerable to an unauthenticated shell command injection resulting in remote code execution | |||||
| CVE-2017-2185 | 1 Kddi | 2 Home Spot Cube 2, Home Spot Cube 2 Firmware | 2024-02-04 | 5.2 MEDIUM | 8.8 HIGH |
| HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via WebUI. | |||||
| CVE-2017-1000220 | 1 Pidusage Project | 1 Pidusage | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| soyuka/pidusage <=1.1.4 is vulnerable to command injection in the module resulting in arbitrary command execution | |||||
| CVE-2017-14705 | 1 Denyall | 2 I-suite, Web Application Firewall | 2024-02-04 | 9.3 HIGH | 8.1 HIGH |
| DenyAll WAF before 6.4.1 allows unauthenticated remote command execution via TCP port 3001 because shell metacharacters can be inserted into the type parameter to the tailDateFile function in /webservices/stream/tail.php. An iToken authentication parameter is required but can be obtained by exploiting CVE-2017-14706. This affects DenyAll i-Suite LTS 5.5.0 through 5.5.12, i-Suite 5.6, Web Application Firewall 5.7, and Web Application Firewall 6.x before 6.4.1, with On Premises or AWS/Azure cloud deployments. | |||||
| CVE-2017-15049 | 1 Zoom | 1 Zoom | 2024-02-04 | 9.3 HIGH | 8.8 HIGH |
| The ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 does not properly sanitize user input when constructing a shell command, which allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler. | |||||
| CVE-2017-2847 | 1 Foscam | 2 C1 Indoor Hd Camera, C1 Indoor Hd Camera Firmware | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability. | |||||
| CVE-2017-14405 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2024-02-04 | 6.5 MEDIUM | 7.2 HIGH |
| The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote command execution via shell metacharacters in a hosts_cacti array parameter to module/admin_device/index.php. | |||||