Total
1735 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-7416 | 1 Canto | 1 Canto Curses | 2024-02-28 | 7.5 HIGH | N/A |
canto_curses/guibase.py in Canto Curses before 0.9.0 allows remote feed servers to execute arbitrary commands via shell metacharacters in a URL in a feed. | |||||
CVE-2015-0778 | 3 Fedoraproject, Opensuse, Suse | 3 Fedora, Opensuse, Opensuse Osc | 2024-02-28 | 7.5 HIGH | N/A |
osc before 0.151.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a _service file. | |||||
CVE-2014-8515 | 1 Bittorrent | 1 Bittorrent | 2024-02-28 | 6.8 MEDIUM | N/A |
The web interface in BitTorrent allows remote attackers to execute arbitrary commands by leveraging knowledge of the pairing values and a crafted request to port 10000. | |||||
CVE-2015-0225 | 1 Apache | 1 Cassandra | 2024-02-28 | 7.5 HIGH | N/A |
The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request. | |||||
CVE-2014-7285 | 1 Symantec | 1 Web Gateway | 2024-02-28 | 6.5 MEDIUM | N/A |
The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP scripts. | |||||
CVE-2013-7418 | 1 Ipcop | 1 Ipcop | 2024-02-28 | 6.5 MEDIUM | N/A |
cgi-bin/iptablesgui.cgi in IPCop (aka IPCop Firewall) before 2.1.5 allows remote authenticated users to execute arbitrary code via shell metacharacters in the TABLE parameter. NOTE: this can be exploited remotely by leveraging a separate cross-site scripting (XSS) vulnerability. | |||||
CVE-2014-9622 | 1 Gentoo | 1 Xdg-utils | 2024-02-28 | 6.8 MEDIUM | N/A |
Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open. | |||||
CVE-2014-1905 | 1 Videowhisper | 1 Videowhisper Live Streaming Integration | 2024-02-28 | 10.0 HIGH | N/A |
Unrestricted file upload vulnerability in ls/vw_snapshots.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a double extension, and then accessing the file via a direct request to a wp-content/plugins/videowhisper-live-streaming-integration/ls/snapshots/ pathname, as demonstrated by a .php.jpg filename. | |||||
CVE-2014-3556 | 1 F5 | 1 Nginx | 2024-02-28 | 6.8 MEDIUM | N/A |
The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. | |||||
CVE-2015-2746 | 1 Websense | 2 Triton, V-series Appliances | 2024-02-28 | 6.5 MEDIUM | N/A |
The network diagnostics tool (CommandLineServlet) in the Appliance Manager command line utility (CLU) in Websense TRITON 7.8.3 and V-Series appliances before 7.8.4 Hotfix 02 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the "second" parameter of a command, as demonstrated by the Destination parameter in the ping command. | |||||
CVE-2014-9682 | 1 Dns-sync Project | 1 Dns-sync | 2024-02-28 | 10.0 HIGH | N/A |
The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function. | |||||
CVE-2012-4086 | 1 Cisco | 1 Unified Computing System | 2024-02-28 | 5.1 MEDIUM | N/A |
A setup script for fabric interconnect devices in Cisco Unified Computing System (UCS) allows remote attackers to execute arbitrary commands via invalid parameters, aka Bug ID CSCtg20790. | |||||
CVE-2010-2008 | 3 Canonical, Fedoraproject, Oracle | 3 Ubuntu Linux, Fedora, Mysql | 2024-02-28 | 3.5 LOW | N/A |
MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory. | |||||
CVE-2010-0136 | 3 Apache, Canonical, Debian | 3 Openoffice, Ubuntu Linux, Debian Linux | 2024-02-28 | 9.3 HIGH | N/A |
OpenOffice.org (OOo) 2.0.4, 2.4.1, and 3.1.1 does not properly enforce Visual Basic for Applications (VBA) macro security settings, which allows remote attackers to run arbitrary macros via a crafted document. | |||||
CVE-2005-2793 | 1 Phpldapadmin Project | 1 Phpldapadmin | 2024-02-28 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to execute arbitrary PHP code via the custom_welcome_page parameter. |