Total
3665 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-7690 | 1 Proxifier | 1 Proxifier | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
Proxifier for Mac before 2.19.2, when first run, allows local users to gain privileges by replacing the KLoader binary with a Trojan horse program. | |||||
CVE-2017-6597 | 1 Cisco | 2 Firepower Extensible Operating System, Unified Computing System | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
A vulnerability in the local-mgmt CLI command of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb61394 CSCvb86816. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1658) 2.0(1.115). | |||||
CVE-2017-2152 | 1 Buffalo Inc | 2 Wnc01wh, Wnc01wh Firmware | 2024-02-28 | 5.2 MEDIUM | 6.8 MEDIUM |
WNC01WH firmware 1.0.0.9 and earlier allows authenticated attackers to execute arbitrary OS commands via unspecified vectors. | |||||
CVE-2017-6398 | 1 Trendmicro | 1 Interscan Messaging Security Virtual Appliance | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
An issue was discovered in Trend Micro InterScan Messaging Security (Virtual Appliance) 9.1-1600. An authenticated user can execute a terminal command in the context of the web server user (which is root). Besides, the default installation of IMSVA comes with default administrator credentials. The saveCert.imss endpoint takes several user inputs and performs blacklisting. After that, it uses them as arguments to a predefined operating-system command without proper sanitization. However, because of an improper blacklisting rule, it's possible to inject arbitrary commands into it. | |||||
CVE-2015-6298 | 1 Cisco | 1 Web Security Appliance | 2024-02-28 | 9.0 HIGH | N/A |
The admin web interface in Cisco AsyncOS 8.x before 8.0.8-113, 8.1.x and 8.5.x before 8.5.3-051, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance (WSA) devices allows remote authenticated users to obtain root privileges via crafted certificate-generation arguments, aka Bug ID CSCus83445. | |||||
CVE-2016-1482 | 1 Cisco | 1 Webex Meetings Server | 2024-02-28 | 9.3 HIGH | 8.1 HIGH |
Cisco WebEx Meetings Server 2.6 allows remote attackers to execute arbitrary commands by injecting these commands into an application script, aka Bug ID CSCuy83130. | |||||
CVE-2015-2979 | 1 Webservice-dic | 1 Yoyaku | 2024-02-28 | 7.5 HIGH | N/A |
Webservice-DIC yoyaku_v41 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | |||||
CVE-2015-6008 | 1 Refbase | 1 Refbase | 2024-02-28 | 7.5 HIGH | N/A |
install.php in Web Reference Database (aka refbase) through 0.9.6 allows remote attackers to execute arbitrary commands via the adminPassword parameter, a different issue than CVE-2015-7381. | |||||
CVE-2015-5690 | 1 Symantec | 1 Web Gateway | 2024-02-28 | 8.5 HIGH | N/A |
The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to bypass intended access restrictions and execute arbitrary commands by leveraging a "redirect." | |||||
CVE-2015-7426 | 1 Ibm | 2 Spectrum Protect For Virtual Environments, Spectrum Protect Snapshot | 2024-02-28 | 10.0 HIGH | 10.0 CRITICAL |
The Data Protection extension in the VMware GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 7.1 before 7.1.3.0 and Tivoli Storage FlashCopy Manager for VMware (aka Spectrum Protect Snapshot) 4.1 before 4.1.3.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | |||||
CVE-2016-6373 | 1 Cisco | 1 Cloud Services Platform 2100 | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
The web-based GUI in Cisco Cloud Services Platform (CSP) 2100 2.0 allows remote authenticated administrators to execute arbitrary OS commands as root via crafted platform commands, aka Bug ID CSCva00541. | |||||
CVE-2015-4224 | 1 Cisco | 1 Wireless Lan Controller Software | 2024-02-28 | 7.2 HIGH | N/A |
Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0) allow local users to execute arbitrary OS commands in a privileged context via crafted CLI commands, aka Bug ID CSCuj39474. | |||||
CVE-2015-7774 | 2 Pc-egg, Php | 2 Pwebmanager, Php | 2024-02-28 | 6.5 MEDIUM | N/A |
PC-EGG pWebManager before 3.3.10, and before 2.2.2 for PHP 4.x, allows remote authenticated users to execute arbitrary OS commands by leveraging the editor role. | |||||
CVE-2015-4183 | 1 Cisco | 1 Unified Computing System | 2024-02-28 | 7.2 HIGH | N/A |
Cisco UCS Central Software 1.2(1a) allows local users to gain privileges for OS command execution via a crafted CLI parameter, aka Bug ID CSCut32795. | |||||
CVE-2016-3655 | 1 Paloaltonetworks | 1 Pan-os | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
The management web interface in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5 allows remote attackers to execute arbitrary OS commands via an unspecified API call. | |||||
CVE-2015-4279 | 1 Cisco | 1 Unified Computing System | 2024-02-28 | 7.2 HIGH | N/A |
The Manager component in Cisco Unified Computing System (UCS) 2.2(3b) on B Blade Server devices allows local users to gain privileges for executing arbitrary CLI commands by leveraging access to the subordinate fabric interconnect, aka Bug ID CSCut32778. | |||||
CVE-2015-2955 | 1 Igreks | 3 Milkystep Light, Milkystep Professional, Milkystep Professional Oem | 2024-02-28 | 7.5 HIGH | N/A |
Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. | |||||
CVE-2015-2980 | 1 Yodobashi | 1 Yodobashi | 2024-02-28 | 6.8 MEDIUM | N/A |
The Yodobashi application 1.2.1.0 and earlier for Android allows remote attackers to execute arbitrary Java methods, and consequently obtain sensitive information or execute OS commands, via a crafted HTML document. | |||||
CVE-2015-6380 | 1 Cisco | 1 Firepower Extensible Operating System | 2024-02-28 | 6.5 MEDIUM | N/A |
An unspecified script in the web interface in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote authenticated users to execute arbitrary OS commands via crafted parameters, aka Bug ID CSCux10622. | |||||
CVE-2015-4330 | 1 Cisco | 1 Telepresence Video Communication Server Software | 2024-02-28 | 6.9 MEDIUM | N/A |
A local file script in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges for OS command execution via invalid parameters, aka Bug ID CSCuv10556. |