Total
3660 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-7125 | 1 Ariadne-cms | 1 Ariadne Cms | 2024-02-28 | 9.0 HIGH | N/A |
pphoto in Ariadne before 2.6 allows remote authenticated users with certain privileges to execute arbitrary shell commands via vectors related to PINP programs and the annotate command. NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-2575 | 2 Fedoraproject, Jcoppens | 2 Fedora, Cbrpager | 2024-02-28 | 6.8 MEDIUM | N/A |
cbrPager before 0.9.17 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a (1) ZIP (aka .cbz) or (2) RAR (aka .cbr) archive filename. | |||||
CVE-2009-1916 | 1 Gscripts | 1 Dns Tools | 2024-02-28 | 10.0 HIGH | N/A |
dig.php in GScripts.net DNS Tools allows remote attackers to execute arbitrary commands via shell metacharacters in the ns parameter. | |||||
CVE-2007-5322 | 1 Microsoft | 1 Visual Foxpro | 2024-02-28 | 7.5 HIGH | N/A |
Insecure method vulnerability in the FPOLE.OCX 6.0.8450.0 ActiveX control in Microsoft Visual FoxPro 6.0 allows remote attackers to execute arbitrary programs by specifying them as an argument to the FoxDoCmd function. | |||||
CVE-2007-4560 | 1 Clam Anti-virus | 1 Clamav | 2024-02-28 | 7.6 HIGH | N/A |
clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the "recipient field of sendmail." | |||||
CVE-2006-6427 | 1 Xerox | 1 Workcentre | 2024-02-28 | 7.5 HIGH | N/A |
The Web User Interface in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows remote attackers to execute arbitrary commands via unspecified vectors involving "command injection" in (1) the TCP/IP hostname, (2) Scan-to-mailbox folder names, and (3) certain parameters in the Microsoft Networking configuration. NOTE: vector 1 might be the same as CVE-2006-5290. | |||||
CVE-2007-4041 | 2 Microsoft, Mozilla | 4 Internet Explorer, Windows 2003 Server, Windows Xp and 1 more | 2024-02-28 | 6.8 MEDIUM | N/A |
Multiple argument injection vulnerabilities in Mozilla Firefox 2.0.0.5 and 3.0alpha allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670. | |||||
CVE-2008-1115 | 1 Sun | 1 Solaris | 2024-02-28 | 4.9 MEDIUM | N/A |
Unspecified vulnerability in Sun Solaris 8 directory functions allows local users to cause a denial of service (panic) via an unspecified sequence of system calls or commands. | |||||
CVE-2007-4891 | 1 Microsoft | 1 Visual Studio | 2024-02-28 | 6.8 MEDIUM | N/A |
A certain ActiveX control in PDWizard.ocx 6.0.0.9782 and earlier in Microsoft Visual Studio 6.0 exposes dangerous (1) StartProcess, (2) SyncShell, (3) SaveAs, (4) CABDefaultURL, (5) CABFileName, and (6) CABRunFile methods, which allows remote attackers to execute arbitrary programs and have other impacts, as demonstrated using absolute pathnames in arguments to StartProcess and SyncShell. | |||||
CVE-2007-5653 | 1 Php | 1 Php | 2024-02-28 | 9.3 HIGH | N/A |
The Component Object Model (COM) functions in PHP 5.x on Windows do not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by executing objects with the kill bit set in the corresponding ActiveX control Compatibility Flags, executing programs via a function in compatUI.dll, invoking wscript.shell via wscript.exe, invoking Scripting.FileSystemObject via wshom.ocx, and adding users via a function in shgina.dll, related to the com_load_typelib function. | |||||
CVE-2007-4673 | 1 Apple | 1 Quicktime | 2024-02-28 | 9.3 HIGH | N/A |
Argument injection vulnerability in Apple QuickTime 7.2 for Windows XP SP2 and Vista allows remote attackers to execute arbitrary commands via a URL in the qtnext field in a crafted QTL file. NOTE: this issue may be related to CVE-2006-4965 or CVE-2007-5045. | |||||
CVE-2004-2732 | 1 Netbilling | 1 Netbilling | 2024-02-28 | 4.3 MEDIUM | N/A |
nbmember.cgi in Netbilling 2.0 allows remote attackers to obtain sensitive information via the cmd=test option, which can be leveraged to determine the access key. | |||||
CVE-2006-0325 | 1 Etomite | 1 Etomite | 2024-02-28 | 7.5 HIGH | N/A |
Etomite Content Management System 0.6, and possibly earlier versions, when downloaded from the web site in January 2006 after January 10, contains a back door in manager/includes/todo.inc.php, which allows remote attackers to execute arbitrary commands via the "cij" parameter. | |||||
CVE-2005-2368 | 1 Vim Development Group | 1 Vim | 2024-02-28 | 9.3 HIGH | N/A |
vim 6.3 before 6.3.082, with modelines enabled, allows external user-assisted attackers to execute arbitrary commands via shell metacharacters in the (1) glob or (2) expand commands of a foldexpr expression for calculating fold levels. | |||||
CVE-2003-0041 | 3 Mandrakesoft, Mit, Redhat | 4 Mandrake Linux, Mandrake Multi Network Firewall, Kerberos Ftp Client and 1 more | 2024-02-28 | 10.0 HIGH | N/A |
Kerberos FTP client allows remote FTP sites to execute arbitrary code via a pipe (|) character in a filename that is retrieved by the client. | |||||
CVE-2002-1898 | 1 Apple | 2 Mac Os X, Terminal | 2024-02-28 | 7.2 HIGH | N/A |
Terminal 1.3 in Apple Mac OS X 10.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a telnet:// link, which is executed by Terminal.app window. | |||||
CVE-2002-0061 | 1 Apache | 1 Http Server | 2024-02-28 | 7.5 HIGH | N/A |
Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe. | |||||
CVE-2002-1660 | 1 Jelsoft | 1 Vbulletin | 2024-02-28 | 7.5 HIGH | N/A |
calendar.php in vBulletin before 2.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the command parameter. | |||||
CVE-2001-1583 | 1 Sun | 1 Sunos | 2024-02-28 | 10.0 HIGH | N/A |
lpd daemon (in.lpd) in Solaris 8 and earlier allows remote attackers to execute arbitrary commands via a job request with a crafted control file that is not properly handled when lpd invokes a mail program. NOTE: this might be the same vulnerability as CVE-2000-1220. | |||||
CVE-1999-0067 | 2 Apache, Ncsa | 2 Http Server, Ncsa Httpd | 2024-02-28 | 10.0 HIGH | N/A |
phf CGI program allows remote command execution through shell metacharacters. |