Vulnerabilities (CVE)

Filtered by CWE-78
Total 3793 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-5672 1 Typemoon 4 Fate\/hollow Ataraxia, Fate\/stay Night, Fate\/stay Night \+ Hollow Ataraxia Set and 1 more 2024-02-28 10.0 HIGH N/A
TYPE-MOON Fate/stay night, Fate/hollow ataraxia, Witch on the Holy Night, and Fate/stay night + hollow ataraxia set allow remote attackers to execute arbitrary OS commands via crafted saved data.
CVE-2015-4237 1 Cisco 38 Mds 9100, Mds 9140, Mds 9500 and 35 more 2024-02-28 4.6 MEDIUM N/A
The CLI parser in Cisco NX-OS 4.1(2)E1(1), 6.2(11b), 6.2(12), 7.2(0)ZZ(99.1), 7.2(0)ZZ(99.3), and 9.1(1)SV1(3.1.8) on Nexus devices allows local users to execute arbitrary OS commands via crafted characters in a filename, aka Bug IDs CSCuv08491, CSCuv08443, CSCuv08480, CSCuv08448, CSCuu99291, CSCuv08434, and CSCuv08436.
CVE-2016-6147 1 Sap 1 Trex 2024-02-28 10.0 HIGH 9.8 CRITICAL
An unspecified interface in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands with SIDadm privileges via unspecified vectors, aka SAP Security Note 2234226.
CVE-2016-5679 2 Netgear, Nuuo 2 Readynas Surveillance, Nvrmini 2 2024-02-28 9.0 HIGH 8.8 HIGH
cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the transfer_license command.
CVE-2016-1320 1 Cisco 1 Prime Collaboration 2024-02-28 6.8 MEDIUM 6.7 MEDIUM
The CLI in Cisco Prime Collaboration 9.0 and 11.0 allows local users to execute arbitrary OS commands as root by leveraging administrator privileges, aka Bug ID CSCux69286.
CVE-2016-4965 1 Fortinet 1 Fortiwan 2024-02-28 9.0 HIGH 8.8 HIGH
Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users with access to the nslookup functionality to execute arbitrary commands with root privileges via the graph parameter to diagnosis_control.php.
CVE-2014-9284 1 Buffalotech 14 Bhr-4grv2, Bhr-4grv2 Firmware, Wex-300 and 11 more 2024-02-28 7.7 HIGH N/A
The Buffalo WHR-1166DHP 1.60 and earlier, WSR-600DHP 1.60 and earlier, WHR-600D 1.60 and earlier, WHR-300HP2 1.60 and earlier, WMR-300 1.60 and earlier, WEX-300 1.60 and earlier, and BHR-4GRV2 1.04 and earlier routers allow remote authenticated users to execute arbitrary OS commands via unspecified vectors.
CVE-2015-2844 1 Goautodial 1 Goadmin Ce 2024-02-28 10.0 HIGH N/A
The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1420434000 allows remote attackers to execute arbitrary commands via the $action portion of the PATH_INFO.
CVE-2015-7901 1 Infinite Automation Systems 1 Mango Automation 2024-02-28 6.5 MEDIUM N/A
Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote authenticated users to execute arbitrary OS commands via unspecified vectors.
CVE-2016-1000216 1 Ruckus 1 Wireless H500 2024-02-28 9.0 HIGH 8.8 HIGH
Ruckus Wireless H500 web management interface authenticated command injection
CVE-2016-1352 1 Cisco 1 Unified Computing System Central Software 2024-02-28 7.5 HIGH 9.8 CRITICAL
Cisco Unified Computing System (UCS) Central Software 1.3(1b) and earlier allows remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuv33856.
CVE-2016-1468 1 Cisco 1 Telepresence Video Communication Server 2024-02-28 6.5 MEDIUM 8.8 HIGH
The administrative web interface in Cisco TelePresence Video Communication Server Expressway X8.5.2 allows remote authenticated users to execute arbitrary commands via crafted fields, aka Bug ID CSCuv12531.
CVE-2015-2845 1 Goautodial 1 Goadmin Ce 2024-02-28 10.0 HIGH N/A
The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1421902800 allows remote attackers to execute arbitrary commands via the $type portion of the PATH_INFO.
CVE-2015-8024 1 Mcafee 1 Mcafee Enterprise Security Manager 2024-02-28 9.3 HIGH N/A
McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), and Enterprise Security Manager/Receiver (ESMREC) 9.3.x before 9.3.2MR19, 9.4.x before 9.4.2MR9, and 9.5.x before 9.5.0MR8, when configured to use Active Directory or LDAP authentication sources, allow remote attackers to bypass authentication by logging in with the username "NGCP|NGCP|NGCP;" and any password.
CVE-2015-6435 1 Cisco 2 Firepower Extensible Operating System, Unified Computing System 2024-02-28 10.0 HIGH 9.8 CRITICAL
An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS) Manager before 2.2(4b), 2.2(5) before 2.2(5a), and 3.0 before 3.0(2e) allows remote attackers to execute arbitrary shell commands via a crafted HTTP request, aka Bug ID CSCur90888.
CVE-2016-4853 1 Akabei Soft2 1 Happy Wardrobe 2024-02-28 6.8 MEDIUM 7.8 HIGH
AKABEi SOFT2 games allow remote attackers to execute arbitrary OS commands via crafted saved data, as demonstrated by Happy Wardrobe.
CVE-2016-1142 1 Seeds 1 Acmailer 2024-02-28 9.0 HIGH 9.1 CRITICAL
Seeds acmailer before 3.8.21 and 3.9.x before 3.9.15 Beta allows remote authenticated users to execute arbitrary OS commands via unspecified vectors.
CVE-2016-6414 1 Cisco 1 Ios 2024-02-28 7.2 HIGH 7.8 HIGH
iox in Cisco IOS, possibly 15.6 and earlier, and IOS XE, possibly 3.18 and earlier, allows local users to execute arbitrary IOx Linux commands on the guest OS via crafted iox command-line options, aka Bug ID CSCuz59223.
CVE-2016-1141 1 Kddi 2 Home Spot Cube, Home Spot Cube Firmware 2024-02-28 6.5 MEDIUM 4.7 MEDIUM
KDDI HOME SPOT CUBE devices before 2 allow remote authenticated users to execute arbitrary OS commands via unspecified vectors.
CVE-2015-4186 1 Cisco 1 Virtualization Experience Client 6000 Series Firmware 2024-02-28 7.2 HIGH N/A
The diagnostics subsystem in the administrative web interface on Cisco Virtualization Experience (aka VXC) Client 6215 devices with firmware 11.2(27.4) allows local users to gain privileges for OS command execution via a crafted option value, aka Bug ID CSCug54412.