Total
3665 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-0887 | 1 Ibm | 1 Lotus Protector For Mail Security | 2024-02-28 | 7.1 HIGH | N/A |
| The Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors. | |||||
| CVE-2014-3418 | 1 Infoblox | 1 Netmri | 2024-02-28 | 10.0 HIGH | N/A |
| config/userAdmin/login.tdf in Infoblox NetMRI before 6.8.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the skipjackUsername parameter. | |||||
| CVE-2013-6719 | 1 Ibm | 1 Tealeaf Cx | 2024-02-28 | 6.0 MEDIUM | N/A |
| delivery.php in the Passive Capture Application (PCA) web console in IBM Tealeaf CX 7.x, 8.x through 8.6, 8.7 before FP2, and 8.8 before FP2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the testconn_host parameter. | |||||
| CVE-2013-2090 | 1 Uplawski | 1 Creme Fraiche | 2024-02-28 | 9.3 HIGH | N/A |
| The set_meta_data function in lib/cremefraiche.rb in the Creme Fraiche gem before 0.6.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the file name of an email attachment. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2014-0886 | 1 Ibm | 1 Lotus Protector For Mail Security | 2024-02-28 | 7.1 HIGH | N/A |
| The Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to bypass intended access restrictions and execute arbitrary commands via unspecified vectors. | |||||
| CVE-2015-0691 | 1 Cisco | 1 Secure Desktop | 2024-02-28 | 9.3 HIGH | N/A |
| A certain Cisco JAR file, as distributed in Cache Cleaner in Cisco Secure Desktop (CSD), allows remote attackers to execute arbitrary commands via a crafted web site, aka Bug ID CSCup83001. | |||||
| CVE-2013-2642 | 1 Sophos | 2 Web Appliance, Web Appliance Firmware | 2024-02-28 | 9.3 HIGH | N/A |
| Sophos Web Appliance before 3.7.8.2 allows (1) remote attackers to execute arbitrary commands via shell metacharacters in the client-ip parameter to the Block page, when using the user_workstation variable in a customized template, and remote authenticated users to execute arbitrary commands via shell metacharacters in the (2) url parameter to the Diagnostic Tools functionality or (3) entries parameter to the Local Site List functionality. | |||||
| CVE-2015-0977 | 1 Network Vision | 1 Intravue | 2024-02-28 | 10.0 HIGH | N/A |
| Network Vision IntraVue before 2.3.0a14 on Windows allows remote attackers to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2012-6595 | 1 Paloaltonetworks | 1 Pan-os | 2024-02-28 | 9.0 HIGH | N/A |
| The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1.x before 4.1.2 allows remote authenticated administrators to execute arbitrary commands via unspecified vectors, aka Ref ID 34595. | |||||
| CVE-2012-6599 | 1 Paloaltonetworks | 1 Pan-os | 2024-02-28 | 9.0 HIGH | N/A |
| The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 and 4.1.x before 4.1.1 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 33476. | |||||
| CVE-2013-4457 | 1 Thoughtbot | 1 Cocaine | 2024-02-28 | 6.8 MEDIUM | N/A |
| The Cocaine gem 0.4.0 through 0.5.2 for Ruby allows context-dependent attackers to execute arbitrary commands via a crafted has object, related to recursive variable interpolation. | |||||
| CVE-2012-3076 | 1 Cisco | 1 Telepresence Recording Server | 2024-02-28 | 9.0 HIGH | N/A |
| The administrative web interface on Cisco TelePresence Recording Server before 1.8.0 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Bug ID CSCth85804. | |||||
| CVE-2013-3576 | 1 Hp | 1 System Management Homepage | 2024-02-28 | 9.0 HIGH | N/A |
| ginkgosnmp.inc in HP System Management Homepage (SMH) allows remote authenticated users to execute arbitrary commands via shell metacharacters in the PATH_INFO to smhutil/snmpchp.php.en. | |||||
| CVE-2012-6600 | 1 Paloaltonetworks | 1 Pan-os | 2024-02-28 | 9.0 HIGH | N/A |
| The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1.x before 4.1.2 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 34502. | |||||
| CVE-2013-1947 | 2 Kelly D. Redding, Ruby-lang | 2 Kelredd-pruview, Ruby | 2024-02-28 | 9.3 HIGH | N/A |
| kelredd-pruview gem 0.3.8 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument to (1) document.rb, (2) video.rb, or (3) video_image.rb. | |||||
| CVE-2012-4108 | 1 Cisco | 1 Unified Computing System | 2024-02-28 | 6.8 MEDIUM | N/A |
| The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges and execute arbitrary operating-system commands via crafted parameters to a file-related command, aka Bug ID CSCtq86554. | |||||
| CVE-2013-5486 | 1 Cisco | 1 Prime Data Center Network Manager | 2024-02-28 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in processImageSave.jsp in DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to write arbitrary files via the chartid parameter, aka Bug IDs CSCue77035 and CSCue77036. NOTE: this can be leveraged to execute arbitrary commands by using the JBoss autodeploy functionality. | |||||
| CVE-2012-2976 | 1 Symantec | 1 Web Gateway | 2024-02-28 | 10.0 HIGH | N/A |
| The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary shell commands via crafted input to application scripts, related to an "injection" issue. | |||||
| CVE-2013-0928 | 1 Emc | 1 Alphastor | 2024-02-28 | 9.3 HIGH | N/A |
| The NetWorker command processor in rrobotd.exe in the Device Manager in EMC AlphaStor 4.0 before build 800 allows remote attackers to execute arbitrary commands via a DCP "run command" operation. | |||||
| CVE-2012-1988 | 4 Canonical, Debian, Fedoraproject and 1 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-02-28 | 6.0 MEDIUM | N/A |
| Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys and file-creation permissions on the puppet master to execute arbitrary commands by creating a file whose full pathname contains shell metacharacters, then performing a filebucket request. | |||||