Vulnerabilities (CVE)

Filtered by CWE-78
Total 3793 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-7774 2 Pc-egg, Php 2 Pwebmanager, Php 2024-02-28 6.5 MEDIUM N/A
PC-EGG pWebManager before 3.3.10, and before 2.2.2 for PHP 4.x, allows remote authenticated users to execute arbitrary OS commands by leveraging the editor role.
CVE-2015-4183 1 Cisco 1 Unified Computing System 2024-02-28 7.2 HIGH N/A
Cisco UCS Central Software 1.2(1a) allows local users to gain privileges for OS command execution via a crafted CLI parameter, aka Bug ID CSCut32795.
CVE-2016-3655 1 Paloaltonetworks 1 Pan-os 2024-02-28 10.0 HIGH 9.8 CRITICAL
The management web interface in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5 allows remote attackers to execute arbitrary OS commands via an unspecified API call.
CVE-2015-4279 1 Cisco 1 Unified Computing System 2024-02-28 7.2 HIGH N/A
The Manager component in Cisco Unified Computing System (UCS) 2.2(3b) on B Blade Server devices allows local users to gain privileges for executing arbitrary CLI commands by leveraging access to the subordinate fabric interconnect, aka Bug ID CSCut32778.
CVE-2015-2955 1 Igreks 3 Milkystep Light, Milkystep Professional, Milkystep Professional Oem 2024-02-28 7.5 HIGH N/A
Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.
CVE-2015-2980 1 Yodobashi 1 Yodobashi 2024-02-28 6.8 MEDIUM N/A
The Yodobashi application 1.2.1.0 and earlier for Android allows remote attackers to execute arbitrary Java methods, and consequently obtain sensitive information or execute OS commands, via a crafted HTML document.
CVE-2015-6380 1 Cisco 1 Firepower Extensible Operating System 2024-02-28 6.5 MEDIUM N/A
An unspecified script in the web interface in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote authenticated users to execute arbitrary OS commands via crafted parameters, aka Bug ID CSCux10622.
CVE-2015-4330 1 Cisco 1 Telepresence Video Communication Server Software 2024-02-28 6.9 MEDIUM N/A
A local file script in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges for OS command execution via invalid parameters, aka Bug ID CSCuv10556.
CVE-2015-7253 1 Commvault 1 Edge Server 2024-02-28 10.0 HIGH N/A
The Web Console in Commvault Edge Server 10 R2 allows remote attackers to execute arbitrary OS commands via crafted serialized data in a cookie.
CVE-2015-5018 1 Ibm 3 Security Access Manager 9.0 Firmware, Security Access Manager For Web 7.0 Firmware, Security Access Manager For Web 8.0 Firmware 2024-02-28 8.5 HIGH 8.0 HIGH
IBM Security Access Manager for Web 7.0.0 before FP19 and 8.0 before 8.0.1.3 IF3, and Security Access Manager 9.0 before 9.0.0.0 IF1, allows remote authenticated users to execute arbitrary OS commands by leveraging Local Management Interface (LMI) access.
CVE-2016-1297 1 Cisco 1 Application Control Engine Software 2024-02-28 9.0 HIGH 8.8 HIGH
The Device Manager GUI in Cisco Application Control Engine (ACE) 4710 A5 before A5(3.1) allows remote authenticated users to bypass intended RBAC restrictions and execute arbitrary CLI commands with admin privileges via an unspecified parameter in a POST request, aka Bug ID CSCul84801.
CVE-2015-7698 1 Owncloud 2 Owncloud, Smb 2024-02-28 9.0 HIGH N/A
icewind1991 SMB before 1.0.3 allows remote authenticated users to execute arbitrary SMB commands via shell metacharacters in the user argument in the (1) listShares function in Server.php or the (2) connect or (3) read function in Share.php.
CVE-2015-8557 2 Canonical, Pygments 2 Ubuntu Linux, Pygments 2024-02-28 9.3 HIGH 9.0 CRITICAL
The FontManager._get_nix_font_path function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name.
CVE-2015-6370 1 Cisco 1 Firepower Extensible Operating System 2024-02-28 7.2 HIGH N/A
The Management I/O (MIO) component in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows local users to execute arbitrary OS commands as root via crafted CLI input, aka Bug ID CSCux10578.
CVE-2015-4956 1 Ibm 1 Qradar Security Information And Event Manager 2024-02-28 6.5 MEDIUM 7.4 HIGH
The Web UI in IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 allows remote authenticated users to execute unspecified OS commands via unknown vectors.
CVE-2015-7769 1 Basercms 1 Basercms 2024-02-28 6.5 MEDIUM 6.3 MEDIUM
baserCMS 3.0.2 through 3.0.8 allows remote authenticated users to execute arbitrary OS commands via unspecified vectors.
CVE-2015-5673 1 Isucon 1 Isucon 5 Qualifier Eventapp 2024-02-28 6.5 MEDIUM N/A
eventapp/lib/gcloud.rb in the ISUCON5 qualifier portal (aka eventapp) web application before 2015-10-30 makes improper popen calls, which allows remote attackers to execute arbitrary commands via an HTTP request that includes shell metacharacters in an argument to a "gcloud compute" command.
CVE-2016-1339 1 Cisco 1 Unified Computing System Platform Emulator 2024-02-28 7.2 HIGH 7.8 HIGH
Cisco Unified Computing System (UCS) Platform Emulator 2.5(2)TS4, 3.0(2c)A, and 3.0(2c)TS9 allows local users to gain privileges via crafted arguments on a ucspe-copy command line, aka Bug ID CSCux68832.
CVE-2015-4244 1 Cisco 1 Asr 5000 Series Software 2024-02-28 7.2 HIGH N/A
The boot implementation on Cisco ASR 5000 and 5500 devices with software 14.0 allows local users to execute arbitrary Linux commands by leveraging administrative privileges for storage of these commands in a Compact Flash (CF) file, aka Bug ID CSCuu75278.
CVE-2015-7310 1 Mcafee 3 Enterprise Security Manager, Enterprise Security Manager\/log Manager, Enterprise Security Manager\/receiver 2024-02-28 6.5 MEDIUM N/A
McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), and Enterprise Security Manager/Receiver (ESMREC) before 9.3.2MR18, 9.4.x before 9.4.2MR8, and 9.5.x before 9.5.0MR7 allow remote authenticated users to execute arbitrary OS commands via a crafted filename, which is not properly handled when downloading the file.