Total
3429 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-7125 | 1 Ariadne-cms | 1 Ariadne Cms | 2024-02-04 | 9.0 HIGH | N/A |
| pphoto in Ariadne before 2.6 allows remote authenticated users with certain privileges to execute arbitrary shell commands via vectors related to PINP programs and the annotate command. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-1916 | 1 Gscripts | 1 Dns Tools | 2024-02-04 | 10.0 HIGH | N/A |
| dig.php in GScripts.net DNS Tools allows remote attackers to execute arbitrary commands via shell metacharacters in the ns parameter. | |||||
| CVE-2009-0854 | 1 Dash | 1 Dash | 2024-02-04 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in dash 0.5.4, when used as a login shell, allows local users to execute arbitrary code via a Trojan horse .profile file in the current working directory. | |||||
| CVE-2008-6669 | 1 Dirk Bartley | 1 Nweb2fax | 2024-02-04 | 7.5 HIGH | N/A |
| viewrq.php in nweb2fax 0.2.7 and earlier allows remote attackers to execute arbitrary code via shell metacharacters in the var_filename parameter in a (1) tif or (2) pdf format action. | |||||
| CVE-2008-3076 | 1 Vim | 1 Vim | 2024-02-04 | 9.3 HIGH | N/A |
| The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within the (1) mz and (2) mc commands, as demonstrated by the netrw.v2 and netrw.v3 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. | |||||
| CVE-2009-3233 | 1 Cameron Morland | 1 Changetrack | 2024-02-04 | 7.2 HIGH | N/A |
| changetrack 4.3 allows local users to execute arbitrary commands via CRLF sequences and shell metacharacters in a filename in a directory that is checked by changetrack. | |||||
| CVE-2009-2288 | 1 Nagios | 1 Nagios | 2024-02-04 | 7.5 HIGH | N/A |
| statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) ping or (2) Traceroute parameters. | |||||
| CVE-2008-5718 | 1 Netatalk | 1 Netatalk | 2024-02-04 | 9.3 HIGH | N/A |
| The papd daemon in Netatalk before 2.0.4-beta2, when using certain variables in a pipe command for the print file, allows remote attackers to execute arbitrary commands via shell metacharacters in a print request, as demonstrated using a crafted Title. | |||||
| CVE-2008-6554 | 1 Aztech | 1 Adsl2\/2\+4-port Router | 2024-02-04 | 10.0 HIGH | N/A |
| cgi-bin/script in Aztech ADSL2/2+ 4-port router 3.7.0 build 070426 allows remote attackers to execute arbitrary commands via shell metacharacters in the query string. | |||||
| CVE-2009-1792 | 4 Apple, Linux, Microsoft and 1 more | 5 Macos, Linux Kernel, Windows and 2 more | 2024-02-04 | 9.3 HIGH | N/A |
| The system.openURL function in StoneTrip Ston3D StandalonePlayer (aka S3DPlayer StandAlone) 1.6.2.4 and 1.7.0.1 and WebPlayer (aka S3DPlayer Web) 1.6.0.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the first argument (the sURL argument). | |||||
| CVE-2008-7158 | 1 Numarasoftware | 1 Footprints | 2024-02-04 | 10.0 HIGH | N/A |
| Numara FootPrints 7.5a through 7.5a1 and 8.0 through 8.0a allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) transcriptFile parameter to MRcgi/MRchat.pl or (2) LOADFILE parameter to MRcgi/MRABLoad2.pl. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5516 | 3 Git, Git-scm, Rpath | 3 Git, Git, Linux | 2024-02-04 | 7.5 HIGH | N/A |
| The web interface in git (gitweb) 1.5.x before 1.5.5 allows remote attackers to execute arbitrary commands via shell metacharacters related to git_search. | |||||
| CVE-2008-2475 | 1 Ebay | 1 Enhanced Picture Uploader Activex Control | 2024-02-04 | 9.3 HIGH | N/A |
| eBay Enhanced Picture Uploader ActiveX control (EPUWALcontrol.dll) before 1.0.27 allows remote attackers to execute arbitrary commands via the PictureUrls property. | |||||
| CVE-2007-4560 | 1 Clam Anti-virus | 1 Clamav | 2024-02-04 | 7.6 HIGH | N/A |
| clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the "recipient field of sendmail." | |||||
| CVE-2007-4041 | 2 Microsoft, Mozilla | 4 Internet Explorer, Windows 2003 Server, Windows Xp and 1 more | 2024-02-04 | 6.8 MEDIUM | N/A |
| Multiple argument injection vulnerabilities in Mozilla Firefox 2.0.0.5 and 3.0alpha allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670. | |||||
| CVE-2007-5322 | 1 Microsoft | 1 Visual Foxpro | 2024-02-04 | 7.5 HIGH | N/A |
| Insecure method vulnerability in the FPOLE.OCX 6.0.8450.0 ActiveX control in Microsoft Visual FoxPro 6.0 allows remote attackers to execute arbitrary programs by specifying them as an argument to the FoxDoCmd function. | |||||
| CVE-2007-4673 | 1 Apple | 1 Quicktime | 2024-02-04 | 9.3 HIGH | N/A |
| Argument injection vulnerability in Apple QuickTime 7.2 for Windows XP SP2 and Vista allows remote attackers to execute arbitrary commands via a URL in the qtnext field in a crafted QTL file. NOTE: this issue may be related to CVE-2006-4965 or CVE-2007-5045. | |||||
| CVE-2006-6427 | 1 Xerox | 1 Workcentre | 2024-02-04 | 7.5 HIGH | N/A |
| The Web User Interface in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows remote attackers to execute arbitrary commands via unspecified vectors involving "command injection" in (1) the TCP/IP hostname, (2) Scan-to-mailbox folder names, and (3) certain parameters in the Microsoft Networking configuration. NOTE: vector 1 might be the same as CVE-2006-5290. | |||||
| CVE-2007-4891 | 1 Microsoft | 1 Visual Studio | 2024-02-04 | 6.8 MEDIUM | N/A |
| A certain ActiveX control in PDWizard.ocx 6.0.0.9782 and earlier in Microsoft Visual Studio 6.0 exposes dangerous (1) StartProcess, (2) SyncShell, (3) SaveAs, (4) CABDefaultURL, (5) CABFileName, and (6) CABRunFile methods, which allows remote attackers to execute arbitrary programs and have other impacts, as demonstrated using absolute pathnames in arguments to StartProcess and SyncShell. | |||||
| CVE-2008-1115 | 1 Sun | 1 Solaris | 2024-02-04 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in Sun Solaris 8 directory functions allows local users to cause a denial of service (panic) via an unspecified sequence of system calls or commands. | |||||