Total
1735 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-6613 | 1 Google | 1 Android | 2024-02-28 | 5.1 MEDIUM | N/A |
Bluetooth in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to send commands to a debugging port, and consequently gain privileges, via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24371736. | |||||
CVE-2016-0861 | 1 Ge | 1 Ups Snmp Web Adapter Firmware | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to execute arbitrary commands via unspecified vectors. | |||||
CVE-2016-0236 | 1 Ibm | 1 Security Guardium Database Activity Monitor | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote authenticated users to execute arbitrary commands with root privileges via the search field. | |||||
CVE-2015-7839 | 1 Solarwinds | 1 Log And Event Manager | 2024-02-28 | 7.5 HIGH | N/A |
SolarWinds Log and Event Manager (LEM) allows remote attackers to execute arbitrary commands on managed computers via a request to services/messagebroker/nonsecurestreamingamf involving the traceroute functionality. | |||||
CVE-2016-2056 | 2 Debian, Xymon | 2 Debian Linux, Xymon | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the adduser_name argument in (1) web/useradm.c or (2) web/chpasswd.c. | |||||
CVE-2015-2011 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-02-28 | 9.0 HIGH | N/A |
The xmlrpc.cgi Webmin script in IBM QRadar SIEM 7.1 MR2 before Patch 11 IF02 and 7.2.x before 7.2.5 Patch 4 allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors. | |||||
CVE-2015-5011 | 1 Ibm | 2 Integration Bus, Websphere Message Broker | 2024-02-28 | 3.2 LOW | N/A |
IBM WebSphere Message Broker 8 before 8.0.0.6 and Integration Bus 9 before 9.0.0.4 do not check authorization for MQSISTARTMSGFLOW and MQSISTOPMSGFLOW commands, which allows local users to bypass intended access restrictions, and start or stop a service, by issuing a command. | |||||
CVE-2015-4525 | 1 Emc | 1 Isilon Onefs | 2024-02-28 | 9.0 HIGH | N/A |
The log-gather implementation in the web administration interface in EMC Isilon OneFS 6.5.x.x through 7.1.1.x before 7.1.1.5 and 7.2.0.x before 7.2.0.2 allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors. | |||||
CVE-2016-1388 | 1 Cisco | 3 Network Analysis Module, Prime Network Analysis Module Software, Prime Virtual Network Analysis Module Software | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) allow remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuy21882. | |||||
CVE-2015-0857 | 2 Debian, Tardiff Project | 2 Debian Linux, Tardiff | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
Cool Projects TarDiff allows remote attackers to execute arbitrary commands via shell metacharacters in the name of a (1) tar file or (2) file within a tar file. | |||||
CVE-2016-2332 | 1 Systech | 2 Syslink Sl-1000 Modular Gateway, Syslink Sl-1000 Modular Gateway Firmware | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
flu.cgi in the web interface on SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 allows remote authenticated users to execute arbitrary commands via the 5066 (aka dnsmasq) parameter. | |||||
CVE-2015-5082 | 1 Endian Firewall | 1 Endian Firewall | 2024-02-28 | 10.0 HIGH | N/A |
Endian Firewall before 3.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) NEW_PASSWORD_1 or (2) NEW_PASSWORD_2 parameter to cgi-bin/chpasswd.cgi. | |||||
CVE-2016-5640 | 1 Crestron | 2 Airmedia Am-100, Airmedia Am-100 Firmware | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
Directory traversal vulnerability in cgi-bin/rftest.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to execute arbitrary commands via a .. (dot dot) in the ATE_COMMAND parameter. | |||||
CVE-2015-1938 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2024-02-28 | 10.0 HIGH | N/A |
The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2015-1986. | |||||
CVE-2015-8969 | 1 Squareup | 1 Git-fastclone | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
git-fastclone before 1.0.5 passes user modifiable strings directly to a shell command. An attacker can execute malicious commands by modifying the strings that are passed as arguments to "cd " and "git clone " commands in the library. | |||||
CVE-2015-1561 | 1 Centreon | 1 Centreon | 2024-02-28 | 6.5 MEDIUM | N/A |
The escape_command function in include/Administration/corePerformance/getStats.php in Centreon (formerly Merethis Centreon) 2.5.4 and earlier (fixed in Centreon 19.10.0) uses an incorrect regular expression, which allows remote authenticated users to execute arbitrary commands via shell metacharacters in the ns_id parameter. | |||||
CVE-2015-0538 | 1 Emc | 1 Autostart | 2024-02-28 | 9.3 HIGH | N/A |
ftagent.exe in EMC AutoStart 5.4.x and 5.5.x before 5.5.0.508 HF4 allows remote attackers to execute arbitrary commands via crafted packets. | |||||
CVE-2015-3716 | 1 Apple | 1 Mac Os X | 2024-02-28 | 4.4 MEDIUM | N/A |
Spotlight in Apple OS X before 10.10.4 allows attackers to execute arbitrary commands via a crafted name of a photo file within the local photo library. | |||||
CVE-2015-8968 | 1 Squareup | 1 Git-fastclone | 2024-02-28 | 9.3 HIGH | 8.8 HIGH |
git-fastclone before 1.0.1 permits arbitrary shell command execution from .gitmodules. If an attacker can instruct a user to run a recursive clone from a repository they control, they can get a client to run an arbitrary shell command. Alternately, if an attacker can MITM an unencrypted git clone, they could exploit this. The ext command will be run if the repository is recursively cloned or if submodules are updated. This attack works when cloning both local and remote repositories. | |||||
CVE-2016-0920 | 1 Emc | 1 Avamar Server | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root access via a crafted parameter to a command that is available in the sudo configuration. |