Total
3430 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-6602 | 1 Cisco | 2 Firepower Extensible Operating System, Unified Computing System | 2024-02-04 | 3.6 LOW | 4.4 MEDIUM |
| A vulnerability in the CLI of Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb66189 CSCvb86775. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1742) 92.1(1.1658) 2.1(1.38) 2.0(1.107) 2.0(1.87) 1.1(4.148) 1.1(4.138). | |||||
| CVE-2016-10043 | 1 Mrf | 1 Web Panel | 2024-02-04 | 10.0 HIGH | 10.0 CRITICAL |
| An issue was discovered in Radisys MRF Web Panel (SWMS) 9.0.1. The MSM_MACRO_NAME POST parameter in /swms/ms.cgi was discovered to be vulnerable to OS command injection attacks. It is possible to use the pipe character (|) to inject arbitrary OS commands and retrieve the output in the application's responses. Attackers could execute unauthorized commands, which could then be used to disable the software, or read, write, and modify data for which the attacker does not have permissions to access directly. Since the targeted application is directly executing the commands instead of the attacker, any malicious activities may appear to come from the application or the application's owner (apache user). | |||||
| CVE-2017-7414 | 1 Horde | 1 Groupware | 2024-02-04 | 5.1 MEDIUM | 7.5 HIGH |
| In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition 5.x through 5.2.17, OS Command Injection can occur if the user has PGP features enabled in the user's preferences, and has enabled the "Should PGP signed messages be automatically verified when viewed?" preference. To exploit this vulnerability, an attacker can send a PGP signed email (that is maliciously crafted) to the Horde user, who then must either view or preview it. | |||||
| CVE-2017-6361 | 1 Qnap | 1 Qts | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| QNAP QTS before 4.2.4 Build 20170313 allows attackers to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2016-0325 | 1 Ibm | 1 Rational Team Concert | 2024-02-04 | 7.5 HIGH | 6.3 MEDIUM |
| IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 allow remote authenticated users to execute arbitrary OS commands via a crafted request. | |||||
| CVE-2016-5313 | 1 Symantec | 1 Web Gateway | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
| Symantec Web Gateway (SWG) before 5.2.5 allows remote authenticated users to execute arbitrary OS commands. | |||||
| CVE-2017-2112 | 1 Iodata | 14 Ts-ptcam, Ts-ptcam\/poe, Ts-ptcam\/poe Firmware and 11 more | 2024-02-04 | 8.3 HIGH | 8.8 HIGH |
| TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2017-6398 | 1 Trendmicro | 1 Interscan Messaging Security Virtual Appliance | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in Trend Micro InterScan Messaging Security (Virtual Appliance) 9.1-1600. An authenticated user can execute a terminal command in the context of the web server user (which is root). Besides, the default installation of IMSVA comes with default administrator credentials. The saveCert.imss endpoint takes several user inputs and performs blacklisting. After that, it uses them as arguments to a predefined operating-system command without proper sanitization. However, because of an improper blacklisting rule, it's possible to inject arbitrary commands into it. | |||||
| CVE-2017-3806 | 1 Cisco | 1 Firepower Threat Defense | 2024-02-04 | 4.6 MEDIUM | 5.3 MEDIUM |
| A vulnerability in CLI command processing in the Cisco Firepower 4100 Series Next-Generation Firewall and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to inject arbitrary shell commands that are executed by the device. More Information: CSCvb61343. Known Affected Releases: 2.0(1.68). Known Fixed Releases: 2.0(1.118) 2.1(1.47) 92.1(1.1646) 92.1(1.1763) 92.2(1.101). | |||||
| CVE-2017-7413 | 1 Horde | 1 Groupware | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
| In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition through 5.2.17, OS Command Injection can occur if the attacker is an authenticated Horde Webmail user, has PGP features enabled in their preferences, and attempts to encrypt an email addressed to a maliciously crafted email address. | |||||
| CVE-2017-8799 | 1 Irods | 1 Irods | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Untrusted input execution via igetwild in all iRODS versions before 4.1.11 and 4.2.1 allows other iRODS users (potentially anonymous) to execute remote shell commands via iRODS virtual pathnames. To exploit this vulnerability, a virtual iRODS pathname that includes a semicolon would be retrieved via igetwild. Because igetwild is a Bash script, the part of the pathname following the semicolon would be executed in the user's shell. | |||||
| CVE-2017-8220 | 1 Tp-link | 4 C2, C20i, C20i Firmware and 1 more | 2024-02-04 | 9.0 HIGH | 9.9 CRITICAL |
| TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow remote code execution with a single HTTP request by placing shell commands in a "host=" line within HTTP POST data. | |||||
| CVE-2017-5330 | 2 Fedoraproject, Kde | 2 Fedora, Ark | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| ark before 16.12.1 might allow remote attackers to execute arbitrary code via an executable in an archive, related to associated applications. | |||||
| CVE-2016-8721 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2024-02-04 | 9.0 HIGH | 9.1 CRITICAL |
| An exploitable OS Command Injection vulnerability exists in the web application 'ping' functionality of Moxa AWK-3131A Wireless Access Points running firmware 1.1. Specially crafted web form input can cause an OS Command Injection resulting in complete compromise of the vulnerable device. An attacker can exploit this vulnerability remotely. | |||||
| CVE-2016-6147 | 1 Sap | 1 Trex | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| An unspecified interface in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands with SIDadm privileges via unspecified vectors, aka SAP Security Note 2234226. | |||||
| CVE-2015-4237 | 1 Cisco | 38 Mds 9100, Mds 9140, Mds 9500 and 35 more | 2024-02-04 | 4.6 MEDIUM | N/A |
| The CLI parser in Cisco NX-OS 4.1(2)E1(1), 6.2(11b), 6.2(12), 7.2(0)ZZ(99.1), 7.2(0)ZZ(99.3), and 9.1(1)SV1(3.1.8) on Nexus devices allows local users to execute arbitrary OS commands via crafted characters in a filename, aka Bug IDs CSCuv08491, CSCuv08443, CSCuv08480, CSCuv08448, CSCuu99291, CSCuv08434, and CSCuv08436. | |||||
| CVE-2015-5018 | 1 Ibm | 3 Security Access Manager 9.0 Firmware, Security Access Manager For Web 7.0 Firmware, Security Access Manager For Web 8.0 Firmware | 2024-02-04 | 8.5 HIGH | 8.0 HIGH |
| IBM Security Access Manager for Web 7.0.0 before FP19 and 8.0 before 8.0.1.3 IF3, and Security Access Manager 9.0 before 9.0.0.0 IF1, allows remote authenticated users to execute arbitrary OS commands by leveraging Local Management Interface (LMI) access. | |||||
| CVE-2015-8557 | 2 Canonical, Pygments | 2 Ubuntu Linux, Pygments | 2024-02-04 | 9.3 HIGH | 9.0 CRITICAL |
| The FontManager._get_nix_font_path function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name. | |||||
| CVE-2015-2979 | 1 Webservice-dic | 1 Yoyaku | 2024-02-04 | 7.5 HIGH | N/A |
| Webservice-DIC yoyaku_v41 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2015-6298 | 1 Cisco | 1 Web Security Appliance | 2024-02-04 | 9.0 HIGH | N/A |
| The admin web interface in Cisco AsyncOS 8.x before 8.0.8-113, 8.1.x and 8.5.x before 8.5.3-051, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance (WSA) devices allows remote authenticated users to obtain root privileges via crafted certificate-generation arguments, aka Bug ID CSCus83445. | |||||