Vulnerabilities (CVE)

Filtered by CWE-78
Total 3809 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-2565 1 Bluecoat 2 Content Analysis System, Content Analysis System Software 2024-02-28 6.5 MEDIUM N/A
The commandline interface in Blue Coat Content Analysis System (CAS) 1.1 before 1.1.4.2 allows remote administrators to execute arbitrary commands via unspecified vectors, related to "command injection."
CVE-2014-3121 1 Marc Lehmann 1 Rxvt-unicode 2024-02-28 7.6 HIGH N/A
rxvt-unicode before 9.20 does not properly handle OSC escape sequences, which allows user-assisted remote attackers to manipulate arbitrary X window properties and execute arbitrary commands.
CVE-2014-6277 1 Gnu 1 Bash 2024-02-28 10.0 HIGH N/A
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer read and write operations) via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271 and CVE-2014-7169.
CVE-2014-3008 1 Unitrends 1 Enterprise Backup 2024-02-28 10.0 HIGH N/A
Unitrends Enterprise Backup 7.3.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the comm parameter to recoveryconsole/bpl/snmpd.php.
CVE-2014-0887 1 Ibm 1 Lotus Protector For Mail Security 2024-02-28 7.1 HIGH N/A
The Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors.
CVE-2014-3418 1 Infoblox 1 Netmri 2024-02-28 10.0 HIGH N/A
config/userAdmin/login.tdf in Infoblox NetMRI before 6.8.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the skipjackUsername parameter.
CVE-2013-6719 1 Ibm 1 Tealeaf Cx 2024-02-28 6.0 MEDIUM N/A
delivery.php in the Passive Capture Application (PCA) web console in IBM Tealeaf CX 7.x, 8.x through 8.6, 8.7 before FP2, and 8.8 before FP2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the testconn_host parameter.
CVE-2013-2090 1 Uplawski 1 Creme Fraiche 2024-02-28 9.3 HIGH N/A
The set_meta_data function in lib/cremefraiche.rb in the Creme Fraiche gem before 0.6.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the file name of an email attachment. NOTE: some of these details are obtained from third party information.
CVE-2014-0886 1 Ibm 1 Lotus Protector For Mail Security 2024-02-28 7.1 HIGH N/A
The Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to bypass intended access restrictions and execute arbitrary commands via unspecified vectors.
CVE-2015-0691 1 Cisco 1 Secure Desktop 2024-02-28 9.3 HIGH N/A
A certain Cisco JAR file, as distributed in Cache Cleaner in Cisco Secure Desktop (CSD), allows remote attackers to execute arbitrary commands via a crafted web site, aka Bug ID CSCup83001.
CVE-2013-2642 1 Sophos 2 Web Appliance, Web Appliance Firmware 2024-02-28 9.3 HIGH N/A
Sophos Web Appliance before 3.7.8.2 allows (1) remote attackers to execute arbitrary commands via shell metacharacters in the client-ip parameter to the Block page, when using the user_workstation variable in a customized template, and remote authenticated users to execute arbitrary commands via shell metacharacters in the (2) url parameter to the Diagnostic Tools functionality or (3) entries parameter to the Local Site List functionality.
CVE-2015-0977 1 Network Vision 1 Intravue 2024-02-28 10.0 HIGH N/A
Network Vision IntraVue before 2.3.0a14 on Windows allows remote attackers to execute arbitrary OS commands via unspecified vectors.
CVE-2012-6595 1 Paloaltonetworks 1 Pan-os 2024-02-28 9.0 HIGH N/A
The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1.x before 4.1.2 allows remote authenticated administrators to execute arbitrary commands via unspecified vectors, aka Ref ID 34595.
CVE-2012-6599 1 Paloaltonetworks 1 Pan-os 2024-02-28 9.0 HIGH N/A
The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 and 4.1.x before 4.1.1 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 33476.
CVE-2013-4457 1 Thoughtbot 1 Cocaine 2024-02-28 6.8 MEDIUM N/A
The Cocaine gem 0.4.0 through 0.5.2 for Ruby allows context-dependent attackers to execute arbitrary commands via a crafted has object, related to recursive variable interpolation.
CVE-2012-3076 1 Cisco 1 Telepresence Recording Server 2024-02-28 9.0 HIGH N/A
The administrative web interface on Cisco TelePresence Recording Server before 1.8.0 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Bug ID CSCth85804.
CVE-2013-3576 1 Hp 1 System Management Homepage 2024-02-28 9.0 HIGH N/A
ginkgosnmp.inc in HP System Management Homepage (SMH) allows remote authenticated users to execute arbitrary commands via shell metacharacters in the PATH_INFO to smhutil/snmpchp.php.en.
CVE-2012-6600 1 Paloaltonetworks 1 Pan-os 2024-02-28 9.0 HIGH N/A
The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1.x before 4.1.2 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 34502.
CVE-2013-1947 2 Kelly D. Redding, Ruby-lang 2 Kelredd-pruview, Ruby 2024-02-28 9.3 HIGH N/A
kelredd-pruview gem 0.3.8 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument to (1) document.rb, (2) video.rb, or (3) video_image.rb.
CVE-2012-4108 1 Cisco 1 Unified Computing System 2024-02-28 6.8 MEDIUM N/A
The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges and execute arbitrary operating-system commands via crafted parameters to a file-related command, aka Bug ID CSCtq86554.