Total
3665 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-14127 | 1 Technicolor | 2 Td5336, Td5336 Firmware | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
Command Injection in the Ping Module in the Web Interface on Technicolor TD5336 OI_Fw_v7 devices allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the pingAddr parameter to mnt_ping.cgi. | |||||
CVE-2017-16926 | 1 Ohcount Project | 1 Ohcount | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
Ohcount 3.0.0 is prone to a command injection via specially crafted filenames containing shell metacharacters, which can be exploited by an attacker (providing a source tree for Ohcount processing) to execute arbitrary code as the user running Ohcount. | |||||
CVE-2017-6710 | 1 Cisco | 1 Virtual Network Function Element Manager | 2024-02-28 | 8.5 HIGH | 8.1 HIGH |
A vulnerability in the Cisco Virtual Network Function (VNF) Element Manager could allow an authenticated, remote attacker to elevate privileges and run commands in the context of the root user on the server. The vulnerability is due to command settings that allow Cisco VNF Element Manager users to specify arbitrary commands that will run as root on the server. An attacker could use this setting to elevate privileges and run commands in the context of the root user on the server. Cisco Bug IDs: CSCvc76670. Known Affected Releases: prior to 5.0.4 and 5.1.4. | |||||
CVE-2017-14118 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
In the EyesOfNetwork web interface (aka eonweb) 5.1-0, module\tool_all\tools\interface.php does not properly restrict exec calls, which allows remote attackers to execute arbitrary commands via shell metacharacters in the host_list parameter to module/tool_all/select_tool.php. | |||||
CVE-2017-12243 | 1 Cisco | 9 Firepower 4100 Next-generation Firewall Firmware, Firepower 4110 Next-generation Firewall, Firepower 4120 Next-generation Firewall and 6 more | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
A vulnerability in the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to obtain root shell privileges on the device, aka Command Injection. The vulnerability is due to improper validation of string input in the shell application. An attacker could exploit this vulnerability through the use of malicious commands. A successful exploit could allow the attacker to obtain root shell privileges on the device. Cisco Bug IDs: CSCvf20741, CSCvf60078. | |||||
CVE-2017-17405 | 3 Debian, Redhat, Ruby-lang | 8 Debian Linux, Enterprise Linux Desktop, Enterprise Linux Server and 5 more | 2024-02-28 | 9.3 HIGH | 8.8 HIGH |
Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default value of localfile is File.basename(remotefile), so malicious FTP servers could cause arbitrary command execution. | |||||
CVE-2017-1000009 | 1 Akeneo | 1 Product Information Management | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Akeneo PIM CE and EE <1.6.6, <1.5.15, <1.4.28 are vulnerable to shell injection in the mass edition, resulting in remote execution. | |||||
CVE-2016-7806 | 1 Iodata | 2 Wfs-sr01, Wfs-sr01 Firmware | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors. | |||||
CVE-2017-7175 | 1 Nfsen | 1 Nfsen | 2024-02-28 | 9.0 HIGH | 9.9 CRITICAL |
NfSen before 1.3.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the customfmt parameter (aka the "Custom output format" field). | |||||
CVE-2017-10813 | 1 Corega | 2 Wlr 300 Nm, Wlr 300 Nm Firmware | 2024-02-28 | 7.7 HIGH | 6.8 MEDIUM |
CG-WLR300NM Firmware version 1.90 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. | |||||
CVE-2017-14119 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
In the EyesOfNetwork web interface (aka eonweb) 5.1-0, module\tool_all\tools\snmpwalk.php does not properly restrict popen calls, which allows remote attackers to execute arbitrary commands via shell metacharacters in a parameter. | |||||
CVE-2017-6320 | 1 Barracuda | 1 Load Balancer Adc | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
A remote command injection vulnerability exists in the Barracuda Load Balancer product line (confirmed on v5.4.0.004 (2015-11-26) and v6.0.1.006 (2016-08-19); fixed in 6.1.0.003 (2017-01-17)) in which an authenticated user can execute arbitrary shell commands and gain root privileges. The vulnerability stems from unsanitized data being processed in a system call when the delete_assessment command is issued. | |||||
CVE-2017-1253 | 1 Ibm | 1 Security Guardium | 2024-02-28 | 6.5 MEDIUM | 9.9 CRITICAL |
IBM Security Guardium 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 124633. | |||||
CVE-2017-11322 | 1 Ucopia | 1 Ucopia Wireless Appliance | 2024-02-28 | 7.2 HIGH | 8.2 HIGH |
The chroothole_client executable in UCOPIA Wireless Appliance before 5.1.8 allows remote attackers to gain root privileges via a dollar sign ($) metacharacter in the argument to chroothole_client. | |||||
CVE-2017-1000473 | 1 Linux-dash Project | 1 Linux-dash | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
Linux Dash up to version v2 is vulnerable to multiple command injection vulnerabilities in the way module names are parsed and then executed resulting in code execution on the server, potentially as root. | |||||
CVE-2017-9483 | 1 Cisco | 2 Dpc3939, Dpc3939 Firmware | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows Network Processor (NP) Linux users to obtain root access to the Application Processor (AP) Linux system via shell metacharacters in commands. | |||||
CVE-2015-5958 | 1 Phpfilemanager Project | 1 Phpfilemanager | 2024-02-28 | 9.3 HIGH | 8.8 HIGH |
phpFileManager 0.9.8 allows remote attackers to execute arbitrary commands via a crafted URL. | |||||
CVE-2017-14405 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2024-02-28 | 6.5 MEDIUM | 7.2 HIGH |
The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote command execution via shell metacharacters in a hosts_cacti array parameter to module/admin_device/index.php. | |||||
CVE-2017-10811 | 1 Buffalo | 2 Wcr-1166ds, Wcr-1166ds Firmware | 2024-02-28 | 7.7 HIGH | 6.8 MEDIUM |
Buffalo WCR-1166DS devices with firmware 1.30 and earlier allow an attacker to execute arbitrary OS commands via unspecified vectors. | |||||
CVE-2017-1000487 | 2 Debian, Plexus-utils Project | 2 Debian Linux, Plexus-utils | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings. |