Total
3851 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-3611 | 1 Fortinet | 1 Fortimanager | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| A Command Injection vulnerability exists in FortiManager 5.2.1 and earlier and FortiManager 5.0.10 and earlier via unspecified vectors, which could let a malicious user run systems commands when executing a report. | |||||
| CVE-2015-3431 | 1 Pydio | 1 Pydio | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Pydio (formerly AjaXplorer) before 6.0.7 allows remote attackers to execute arbitrary commands via unspecified vectors, aka "Pydio OS Command Injection Vulnerabilities." | |||||
| CVE-2015-2980 | 1 Yodobashi | 1 Yodobashi | 2024-11-21 | 6.8 MEDIUM | N/A |
| The Yodobashi application 1.2.1.0 and earlier for Android allows remote attackers to execute arbitrary Java methods, and consequently obtain sensitive information or execute OS commands, via a crafted HTML document. | |||||
| CVE-2015-2979 | 1 Webservice-dic | 1 Yoyaku | 2024-11-21 | 7.5 HIGH | N/A |
| Webservice-DIC yoyaku_v41 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2015-2955 | 1 Igreks | 3 Milkystep Light, Milkystep Professional, Milkystep Professional Oem | 2024-11-21 | 7.5 HIGH | N/A |
| Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2015-2845 | 1 Goautodial | 1 Goadmin Ce | 2024-11-21 | 10.0 HIGH | N/A |
| The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1421902800 allows remote attackers to execute arbitrary commands via the $type portion of the PATH_INFO. | |||||
| CVE-2015-2844 | 1 Goautodial | 1 Goadmin Ce | 2024-11-21 | 10.0 HIGH | N/A |
| The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1420434000 allows remote attackers to execute arbitrary commands via the $action portion of the PATH_INFO. | |||||
| CVE-2015-2280 | 1 Airlink101 | 2 Skyipcam1620w Wireless N Mpeg4 3gpp, Skyipcam1620w Wireless N Mpeg4 3gpp Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| snwrite.cgi in AirLink101 SkyIPCam1620W Wireless N MPEG4 3GPP network camera with firmware FW_AIC1620W_1.1.0-12_20120709_r1192.pck allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the mac parameter. | |||||
| CVE-2015-2279 | 1 Airlive | 6 Bu-2015, Bu-2015 Firmware, Bu-3026 and 3 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| cgi_test.cgi in AirLive BU-2015 with firmware 1.03.18, BU-3026 with firmware 1.43, and MD-3025 with firmware 1.81 allows remote attackers to execute arbitrary OS commands via shell metacharacters after an "&" (ampersand) in the write_mac write_pid, write_msn, write_tan, or write_hdv parameter. | |||||
| CVE-2015-2201 | 2 Arubanetworks, Hp | 2 Airwave, Airwave | 2024-11-21 | N/A | 7.2 HIGH |
| Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows VisualRF remote OS command execution and file disclosure by administrative users. | |||||
| CVE-2015-1388 | 1 Arubanetworks | 1 Arubaos | 2024-11-21 | 7.2 HIGH | N/A |
| The "RAP console" feature in ArubaOS 5.x through 6.2.x, 6.3.x before 6.3.1.15, and 6.4.x before 6.4.2.4 on Aruba access points in Remote Access Point (AP) mode allows remote attackers to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2015-0977 | 1 Network Vision | 1 Intravue | 2024-11-21 | 10.0 HIGH | N/A |
| Network Vision IntraVue before 2.3.0a14 on Windows allows remote attackers to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2015-0691 | 1 Cisco | 1 Secure Desktop | 2024-11-21 | 9.3 HIGH | N/A |
| A certain Cisco JAR file, as distributed in Cache Cleaner in Cisco Secure Desktop (CSD), allows remote attackers to execute arbitrary commands via a crafted web site, aka Bug ID CSCup83001. | |||||
| CVE-2015-0525 | 1 Emc | 1 Secure Remote Services | 2024-11-21 | 7.5 HIGH | N/A |
| The Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2014-9727 | 1 Avm | 1 Fritz\!box | 2024-11-21 | 10.0 HIGH | N/A |
| AVM Fritz!Box allows remote attackers to execute arbitrary commands via shell metacharacters in the var:lang parameter to cgi-bin/webcm. | |||||
| CVE-2014-9284 | 1 Buffalotech | 14 Bhr-4grv2, Bhr-4grv2 Firmware, Wex-300 and 11 more | 2024-11-21 | 7.7 HIGH | N/A |
| The Buffalo WHR-1166DHP 1.60 and earlier, WSR-600DHP 1.60 and earlier, WHR-600D 1.60 and earlier, WHR-300HP2 1.60 and earlier, WMR-300 1.60 and earlier, WEX-300 1.60 and earlier, and BHR-4GRV2 1.04 and earlier routers allow remote authenticated users to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2014-8945 | 1 Piwigo | 1 Lexiglot | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| admin.php?page=projects in Lexiglot through 2014-11-20 allows command injection via username and password fields. | |||||
| CVE-2014-8563 | 1 Synacor | 1 Zimbra Collaboration Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Synacor Zimbra Collaboration before 8.0.9 allows plaintext command injection during STARTTLS. | |||||
| CVE-2014-8389 | 1 Airlive | 10 Bu-2015, Bu-2015 Firmware, Bu-3026 and 7 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| cgi-bin/mft/wireless_mft.cgi in AirLive BU-2015 with firmware 1.03.18 16.06.2014, AirLive BU-3026 with firmware 1.43 21.08.2014, AirLive MD-3025 with firmware 1.81 21.08.2014, AirLive WL-2000CAM with firmware LM.1.6.18 14.10.2011, and AirLive POE-200CAM v2 with firmware LM.1.6.17.01 uses hard-coded credentials in the embedded Boa web server, which allows remote attackers to obtain user credentials via crafted HTTP requests. | |||||
| CVE-2014-8387 | 1 Advantech | 2 Eki-6340, Eki-6340 Firmware | 2024-11-21 | 9.0 HIGH | N/A |
| cgi/utility.cgi in Advantech EKI-6340 2.05 Wi-Fi Mesh Access Point allows remote authenticated users to execute arbitrary commands via shell metacharacters in the pinghost parameter to ping.cgi. | |||||