Total
3809 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-2565 | 1 Bluecoat | 2 Content Analysis System, Content Analysis System Software | 2024-02-28 | 6.5 MEDIUM | N/A |
The commandline interface in Blue Coat Content Analysis System (CAS) 1.1 before 1.1.4.2 allows remote administrators to execute arbitrary commands via unspecified vectors, related to "command injection." | |||||
CVE-2014-3121 | 1 Marc Lehmann | 1 Rxvt-unicode | 2024-02-28 | 7.6 HIGH | N/A |
rxvt-unicode before 9.20 does not properly handle OSC escape sequences, which allows user-assisted remote attackers to manipulate arbitrary X window properties and execute arbitrary commands. | |||||
CVE-2014-6277 | 1 Gnu | 1 Bash | 2024-02-28 | 10.0 HIGH | N/A |
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer read and write operations) via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271 and CVE-2014-7169. | |||||
CVE-2014-3008 | 1 Unitrends | 1 Enterprise Backup | 2024-02-28 | 10.0 HIGH | N/A |
Unitrends Enterprise Backup 7.3.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the comm parameter to recoveryconsole/bpl/snmpd.php. | |||||
CVE-2014-0887 | 1 Ibm | 1 Lotus Protector For Mail Security | 2024-02-28 | 7.1 HIGH | N/A |
The Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors. | |||||
CVE-2014-3418 | 1 Infoblox | 1 Netmri | 2024-02-28 | 10.0 HIGH | N/A |
config/userAdmin/login.tdf in Infoblox NetMRI before 6.8.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the skipjackUsername parameter. | |||||
CVE-2013-6719 | 1 Ibm | 1 Tealeaf Cx | 2024-02-28 | 6.0 MEDIUM | N/A |
delivery.php in the Passive Capture Application (PCA) web console in IBM Tealeaf CX 7.x, 8.x through 8.6, 8.7 before FP2, and 8.8 before FP2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the testconn_host parameter. | |||||
CVE-2013-2090 | 1 Uplawski | 1 Creme Fraiche | 2024-02-28 | 9.3 HIGH | N/A |
The set_meta_data function in lib/cremefraiche.rb in the Creme Fraiche gem before 0.6.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the file name of an email attachment. NOTE: some of these details are obtained from third party information. | |||||
CVE-2014-0886 | 1 Ibm | 1 Lotus Protector For Mail Security | 2024-02-28 | 7.1 HIGH | N/A |
The Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to bypass intended access restrictions and execute arbitrary commands via unspecified vectors. | |||||
CVE-2015-0691 | 1 Cisco | 1 Secure Desktop | 2024-02-28 | 9.3 HIGH | N/A |
A certain Cisco JAR file, as distributed in Cache Cleaner in Cisco Secure Desktop (CSD), allows remote attackers to execute arbitrary commands via a crafted web site, aka Bug ID CSCup83001. | |||||
CVE-2013-2642 | 1 Sophos | 2 Web Appliance, Web Appliance Firmware | 2024-02-28 | 9.3 HIGH | N/A |
Sophos Web Appliance before 3.7.8.2 allows (1) remote attackers to execute arbitrary commands via shell metacharacters in the client-ip parameter to the Block page, when using the user_workstation variable in a customized template, and remote authenticated users to execute arbitrary commands via shell metacharacters in the (2) url parameter to the Diagnostic Tools functionality or (3) entries parameter to the Local Site List functionality. | |||||
CVE-2015-0977 | 1 Network Vision | 1 Intravue | 2024-02-28 | 10.0 HIGH | N/A |
Network Vision IntraVue before 2.3.0a14 on Windows allows remote attackers to execute arbitrary OS commands via unspecified vectors. | |||||
CVE-2012-6595 | 1 Paloaltonetworks | 1 Pan-os | 2024-02-28 | 9.0 HIGH | N/A |
The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1.x before 4.1.2 allows remote authenticated administrators to execute arbitrary commands via unspecified vectors, aka Ref ID 34595. | |||||
CVE-2012-6599 | 1 Paloaltonetworks | 1 Pan-os | 2024-02-28 | 9.0 HIGH | N/A |
The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 and 4.1.x before 4.1.1 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 33476. | |||||
CVE-2013-4457 | 1 Thoughtbot | 1 Cocaine | 2024-02-28 | 6.8 MEDIUM | N/A |
The Cocaine gem 0.4.0 through 0.5.2 for Ruby allows context-dependent attackers to execute arbitrary commands via a crafted has object, related to recursive variable interpolation. | |||||
CVE-2012-3076 | 1 Cisco | 1 Telepresence Recording Server | 2024-02-28 | 9.0 HIGH | N/A |
The administrative web interface on Cisco TelePresence Recording Server before 1.8.0 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Bug ID CSCth85804. | |||||
CVE-2013-3576 | 1 Hp | 1 System Management Homepage | 2024-02-28 | 9.0 HIGH | N/A |
ginkgosnmp.inc in HP System Management Homepage (SMH) allows remote authenticated users to execute arbitrary commands via shell metacharacters in the PATH_INFO to smhutil/snmpchp.php.en. | |||||
CVE-2012-6600 | 1 Paloaltonetworks | 1 Pan-os | 2024-02-28 | 9.0 HIGH | N/A |
The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1.x before 4.1.2 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 34502. | |||||
CVE-2013-1947 | 2 Kelly D. Redding, Ruby-lang | 2 Kelredd-pruview, Ruby | 2024-02-28 | 9.3 HIGH | N/A |
kelredd-pruview gem 0.3.8 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument to (1) document.rb, (2) video.rb, or (3) video_image.rb. | |||||
CVE-2012-4108 | 1 Cisco | 1 Unified Computing System | 2024-02-28 | 6.8 MEDIUM | N/A |
The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges and execute arbitrary operating-system commands via crafted parameters to a file-related command, aka Bug ID CSCtq86554. |