Total
3665 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-3883 | 1 Webmin | 1 Usermin | 2024-02-28 | 6.8 MEDIUM | N/A |
Usermin before 1.600 allows remote attackers to execute arbitrary operating-system commands via unspecified vectors related to a user action. | |||||
CVE-2014-2707 | 1 Linuxfoundation | 1 Cups-filters | 2024-02-28 | 8.3 HIGH | N/A |
cups-browsed in cups-filters 1.0.41 before 1.0.51 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the (1) model or (2) PDL, related to "System V interface scripts generated for queues." | |||||
CVE-2014-2850 | 1 Sophos | 2 Web Appliance, Web Appliance Firmware | 2024-02-28 | 8.5 HIGH | N/A |
The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address parameter. | |||||
CVE-2014-8334 | 1 Wp-dbmanager Project | 1 Wp-dbmanager | 2024-02-28 | 6.5 MEDIUM | N/A |
The WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) $backup['filepath'] (aka "Path to Backup:" field) or (2) $backup['mysqldumppath'] variable. | |||||
CVE-2012-1166 | 1 Canonical | 2 Ltsp Display Manager, Ubuntu Linux | 2024-02-28 | 10.0 HIGH | N/A |
The default keybindings for wwm in LTSP Display Manager (ldm) 2.2.x before 2.2.7 allow remote attackers to execute arbitrary commands via the KP_RETURN keybinding, which launches a terminal window. | |||||
CVE-2014-1982 | 1 Alliedtelesis | 8 At-rg634a, At-rg634a Firmware, Img616lh and 5 more | 2024-02-28 | 10.0 HIGH | N/A |
The administrative interface in Allied Telesis AT-RG634A ADSL Broadband router 3.3+, iMG624A firmware 3.5, iMG616LH firmware 2.4, and iMG646BD firmware 3.5 allows remote attackers to gain privileges and execute arbitrary commands via a direct request to cli.html. | |||||
CVE-2014-7253 | 1 Fujitsu | 4 Arrows Kiss F-03d, Arrows Tab Lte F-01d, F-12c and 1 more | 2024-02-28 | 7.2 HIGH | N/A |
FUJITSU F-12C, ARROWS Tab LTE F-01D, ARROWS Kiss F-03D, and REGZA Phone T-01D for Android allows local users to execute arbitrary commands via unspecified vectors. | |||||
CVE-2014-2967 | 1 Autodesk | 1 Vred | 2024-02-28 | 10.0 HIGH | N/A |
Autodesk VRED Professional 2014 before SR1 SP8 allows remote attackers to execute arbitrary code via Python os library calls in Python API commands to the integrated web server. | |||||
CVE-2013-7259 | 1 Neo4j | 1 Neo4j | 2024-02-28 | 6.8 MEDIUM | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in Neo4J 1.9.2 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary code, as demonstrated by a request to (1) db/data/ext/GremlinPlugin/graphdb/execute_script or (2) db/manage/server/console/. | |||||
CVE-2014-6278 | 1 Gnu | 1 Bash | 2024-02-28 | 10.0 HIGH | N/A |
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277. | |||||
CVE-2014-2959 | 2 Dell, Quantum | 4 Powervault Ml6000, Powervault Ml6000 Firmware, Scalar I500 and 1 more | 2024-02-28 | 9.0 HIGH | N/A |
logViewer.htm on the Dell ML6000 tape backup system with firmware before i8.2.0.2 (641G.GS103) and the Quantum Scalar i500 tape backup system with firmware before i8.2.2.1 (646G.GS002) allows remote attackers to execute arbitrary commands via shell metacharacters in a pathname parameter. | |||||
CVE-2014-4326 | 1 Elastic | 1 Logstash | 2024-02-28 | 7.5 HIGH | N/A |
Elasticsearch Logstash 1.0.14 through 1.4.x before 1.4.2 allows remote attackers to execute arbitrary commands via a crafted event in (1) zabbix.rb or (2) nagios_nsca.rb in outputs/. | |||||
CVE-2015-1388 | 1 Arubanetworks | 1 Arubaos | 2024-02-28 | 7.2 HIGH | N/A |
The "RAP console" feature in ArubaOS 5.x through 6.2.x, 6.3.x before 6.3.1.15, and 6.4.x before 6.4.2.4 on Aruba access points in Remote Access Point (AP) mode allows remote attackers to execute arbitrary commands via unspecified vectors. | |||||
CVE-2014-3007 | 2 Python, Pythonware | 2 Pillow, Python Imaging Library | 2024-02-28 | 10.0 HIGH | N/A |
Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might allow remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors related to CVE-2014-1932, possibly JpegImagePlugin.py. | |||||
CVE-2014-3360 | 1 Cisco | 2 Ios, Ios Xe | 2024-02-28 | 7.8 HIGH | N/A |
Cisco IOS 12.4 and 15.0 through 15.4 and IOS XE 3.1.xS, 3.2.xS, 3.3.xS, 3.4.xS, 3.5.xS, 3.6.xS, and 3.7.xS before 3.7.6S; 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S; and 3.11.xS before 3.12S allow remote attackers to cause a denial of service (device reload) via a crafted SIP message, aka Bug ID CSCul46586. | |||||
CVE-2014-4823 | 1 Ibm | 5 Security Access Manager For Mobile 8.0 Firmware, Security Access Manager For Mobile Appliance, Security Access Manager For Web 7.0 Firmware and 2 more | 2024-02-28 | 10.0 HIGH | N/A |
The administration console in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers to inject system commands via unspecified vectors. | |||||
CVE-2014-2565 | 1 Bluecoat | 2 Content Analysis System, Content Analysis System Software | 2024-02-28 | 6.5 MEDIUM | N/A |
The commandline interface in Blue Coat Content Analysis System (CAS) 1.1 before 1.1.4.2 allows remote administrators to execute arbitrary commands via unspecified vectors, related to "command injection." | |||||
CVE-2014-3121 | 1 Marc Lehmann | 1 Rxvt-unicode | 2024-02-28 | 7.6 HIGH | N/A |
rxvt-unicode before 9.20 does not properly handle OSC escape sequences, which allows user-assisted remote attackers to manipulate arbitrary X window properties and execute arbitrary commands. | |||||
CVE-2014-6277 | 1 Gnu | 1 Bash | 2024-02-28 | 10.0 HIGH | N/A |
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer read and write operations) via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271 and CVE-2014-7169. | |||||
CVE-2014-3008 | 1 Unitrends | 1 Enterprise Backup | 2024-02-28 | 10.0 HIGH | N/A |
Unitrends Enterprise Backup 7.3.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the comm parameter to recoveryconsole/bpl/snmpd.php. |