Total
1813 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-10075 | 1 Karo Project | 1 Karo | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The karo gem 2.3.8 for Ruby allows Remote command injection via the host field. | |||||
| CVE-2013-7471 | 1 Dlink | 10 Dir-300, Dir-300 Firmware, Dir-600 and 7 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request. | |||||
| CVE-2013-7418 | 1 Ipcop | 1 Ipcop | 2024-11-21 | 6.5 MEDIUM | N/A |
| cgi-bin/iptablesgui.cgi in IPCop (aka IPCop Firewall) before 2.1.5 allows remote authenticated users to execute arbitrary code via shell metacharacters in the TABLE parameter. NOTE: this can be exploited remotely by leveraging a separate cross-site scripting (XSS) vulnerability. | |||||
| CVE-2013-7416 | 1 Canto | 1 Canto Curses | 2024-11-21 | 7.5 HIGH | N/A |
| canto_curses/guibase.py in Canto Curses before 0.9.0 allows remote feed servers to execute arbitrary commands via shell metacharacters in a URL in a feed. | |||||
| CVE-2013-7377 | 1 Codem-transcode Project | 1 Codem-transcode | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| The codem-transcode module before 0.5.0 for Node.js, when ffprobe is enabled, allows remote attackers to execute arbitrary commands via a POST request to /probe. | |||||
| CVE-2013-6924 | 1 Seagate | 2 Blackarmor Nas 220, Blackarmor Nas 220 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Seagate BlackArmor NAS devices with firmware sg2000-2000.1331 allow remote attackers to execute arbitrary commands via shell metacharacters in the ip parameter to backupmgt/getAlias.php. | |||||
| CVE-2013-4663 | 1 Redmine | 1 Redmine Git Hosting Plugin | 2024-11-21 | 7.5 HIGH | N/A |
| git_http_controller.rb in the redmine_git_hosting plugin for Redmine allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the service parameter to info/refs, related to the get_info_refs function or (2) the reqfile argument to the file_exists function. | |||||
| CVE-2013-2810 | 1 Emerson | 6 Dl 8000 Remote Terminal Unit, Dl 8000 Remote Terminal Unit Firmware, Roc 800 Remote Terminal Unit and 3 more | 2024-11-21 | 10.0 HIGH | N/A |
| Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to execute arbitrary commands via a TCP replay attack. | |||||
| CVE-2013-2516 | 1 Fileutils Project | 1 Fileutils | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
| Vulnerability in FileUtils v0.7, Ruby Gem Fileutils <= v0.7 Command Injection vulnerability in user supplied url variable that is passed to the shell. | |||||
| CVE-2013-2513 | 1 Milboj | 1 Flash Tool | 2024-11-21 | N/A | 9.8 CRITICAL |
| The flash_tool gem through 0.6.0 for Ruby allows command execution via shell metacharacters in the name of a downloaded file. | |||||
| CVE-2012-4086 | 1 Cisco | 1 Unified Computing System | 2024-11-21 | 5.1 MEDIUM | N/A |
| A setup script for fabric interconnect devices in Cisco Unified Computing System (UCS) allows remote attackers to execute arbitrary commands via invalid parameters, aka Bug ID CSCtg20790. | |||||
| CVE-2010-5330 | 1 Ui | 1 Airos | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show AP info) because the ifname variable is not sanitized, as demonstrated by shell metacharacters. The fixed version is v4.0.1 for 802.11 ISP products, v5.3.5 for AirMax ISP products, and v5.4.5 for AirSync firmware. For example, Nanostation5 (Air OS) is affected. | |||||
| CVE-2010-2008 | 3 Canonical, Fedoraproject, Oracle | 3 Ubuntu Linux, Fedora, Mysql | 2024-11-21 | 3.5 LOW | N/A |
| MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory. | |||||
| CVE-2010-0136 | 3 Apache, Canonical, Debian | 3 Openoffice, Ubuntu Linux, Debian Linux | 2024-11-21 | 9.3 HIGH | N/A |
| OpenOffice.org (OOo) 2.0.4, 2.4.1, and 3.1.1 does not properly enforce Visual Basic for Applications (VBA) macro security settings, which allows remote attackers to run arbitrary macros via a crafted document. | |||||
| CVE-2009-5157 | 1 Linksys | 2 Wag54g2, Wag54g2 Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| On Linksys WAG54G2 1.00.10 devices, there is authenticated command injection via shell metacharacters in the setup.cgi c4_ping_ipaddr variable. | |||||
| CVE-2009-5156 | 1 Veracomp | 2 Asmax Ar-804gu, Asmax Ar-804gu Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on ASMAX AR-804gu 66.34.1 devices. There is Command Injection via the cgi-bin/script query string. | |||||
| CVE-2008-7319 | 1 Net-ping-external Project | 1 Net-ping-external | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The Net::Ping::External extension through 0.15 for Perl does not properly sanitize arguments (e.g., invalid hostnames) containing shell metacharacters before use of backticks in External.pm, allowing for shell command injection and arbitrary command execution if untrusted input is used. | |||||
| CVE-2008-7315 | 1 Cpan | 1 Ui\ | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| UI-Dialog 1.09 and earlier allows remote attackers to execute arbitrary commands. | |||||
| CVE-2008-7313 | 3 Nagios, Redhat, Snoopy | 3 Nagios, Openstack, Snoopy | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796. | |||||
| CVE-2005-2793 | 1 Phpldapadmin Project | 1 Phpldapadmin | 2024-11-21 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to execute arbitrary PHP code via the custom_welcome_page parameter. | |||||