Total
3809 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-2578 | 1 Tp-link | 5 Lm Firmware, Tl-sc3130, Tl-sc3130g and 2 more | 2024-02-28 | 10.0 HIGH | N/A |
cgi-bin/admin/servetest in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the ServerName parameter and (2) other unspecified parameters. | |||||
CVE-2009-4644 | 1 Accellion | 1 Secure File Transfer Appliance | 2024-02-28 | 9.0 HIGH | N/A |
Accellion Secure File Transfer Appliance before 8_0_105 allows remote authenticated administrators to bypass the restricted shell and execute arbitrary commands via shell metacharacters to the ping command, as demonstrated by modifying the cli program. | |||||
CVE-2011-0381 | 1 Cisco | 1 Telepresence Manager | 2024-02-28 | 10.0 HIGH | N/A |
Cisco TelePresence Manager 1.2.x through 1.6.x allows remote attackers to perform unspecified actions and consequently execute arbitrary code via a crafted request to the Java RMI interface, related to a "command injection vulnerability," aka Bug ID CSCtf97085. | |||||
CVE-2010-4278 | 1 Artica | 1 Pandora Fms | 2024-02-28 | 9.0 HIGH | N/A |
operation/agentes/networkmap.php in Pandora FMS before 3.1.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the layout parameter in an operation/agentes/networkmap action to index.php. | |||||
CVE-2011-0271 | 1 Hp | 1 Openview Network Node Manager | 2024-02-28 | 10.0 HIGH | N/A |
The CGI scripts in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 do not properly validate an unspecified parameter, which allows remote attackers to execute arbitrary commands by using a command string for this parameter's value, related to a "command injection vulnerability." | |||||
CVE-2011-0456 | 1 Otrs | 1 Otrs | 2024-02-28 | 7.5 HIGH | N/A |
webscript.pl in Open Ticket Request System (OTRS) 2.3.4 and earlier allows remote attackers to execute arbitrary commands via unspecified vectors, related to a "command injection vulnerability." | |||||
CVE-2011-1904 | 1 Proofpoint | 2 Messaging Security Gateway, Protection Server | 2024-02-28 | 7.5 HIGH | N/A |
An unspecified function in the web interface in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allows remote attackers to execute arbitrary commands via unknown vectors, related to a "command injection" issue. | |||||
CVE-2011-0373 | 1 Cisco | 7 Telepresence System 1000, Telepresence System 1100, Telepresence System 1300 Series and 4 more | 2024-02-28 | 9.0 HIGH | N/A |
The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCtb31685. | |||||
CVE-2011-0375 | 1 Cisco | 7 Telepresence System 1000, Telepresence System 1100, Telepresence System 1300 Series and 4 more | 2024-02-28 | 9.0 HIGH | N/A |
The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.6.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCth24671. | |||||
CVE-2009-4498 | 1 Zabbix | 1 Zabbix | 2024-02-28 | 6.8 MEDIUM | N/A |
The node_process_command function in Zabbix Server before 1.8 allows remote attackers to execute arbitrary commands via a crafted request. | |||||
CVE-2010-3752 | 1 Xelerance | 1 Openswan | 2024-02-28 | 6.5 MEDIUM | N/A |
programs/pluto/xauth.c in the client in Openswan 2.6.25 through 2.6.28 allows remote authenticated gateways to execute arbitrary commands via shell metacharacters in (1) cisco_dns_info or (2) cisco_domain_info data in a packet, a different vulnerability than CVE-2010-3302. | |||||
CVE-2011-4002 | 1 Mawashimono | 1 Nikki | 2024-02-28 | 7.5 HIGH | N/A |
HP no Mawashimono Nikki 6.6 and earlier allows remote attackers to execute arbitrary commands via unspecified vectors, related to a "command injection vulnerability." | |||||
CVE-2011-1513 | 1 E107 | 1 E107 | 2024-02-28 | 7.5 HIGH | N/A |
Static code injection vulnerability in install_.php in e107 CMS 0.7.24 and probably earlier versions, when the installation script is not removed, allows remote attackers to inject arbitrary PHP code into e107_config.php via a crafted MySQL server name. | |||||
CVE-2010-0418 | 1 Chumby | 2 Chumby Classic, Chumby One | 2024-02-28 | 10.0 HIGH | N/A |
The web interface in chumby one before 1.0.4 and chumby classic before 1.7.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a request. | |||||
CVE-2010-1423 | 1 Oracle | 2 Jdk, Jre | 2024-02-28 | 9.3 HIGH | N/A |
Argument injection vulnerability in the URI handler in (a) Java NPAPI plugin and (b) Java Deployment Toolkit in Java 6 Update 10, 19, and other versions, when running on Windows and possibly on Linux, allows remote attackers to execute arbitrary code via the (1) -J or (2) -XXaltjvm argument to javaws.exe, which is processed by the launch method. NOTE: some of these details are obtained from third party information. | |||||
CVE-2011-0374 | 1 Cisco | 7 Telepresence System 1000, Telepresence System 1100, Telepresence System 1300 Series and 4 more | 2024-02-28 | 9.0 HIGH | N/A |
The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCtb31659. | |||||
CVE-2012-1795 | 1 Webglimpse | 1 Webglimpse | 2024-02-28 | 7.5 HIGH | N/A |
webglimpse.cgi in Webglimpse before 2.20.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the query parameter, as exploited in the wild in March 2012. | |||||
CVE-2011-0372 | 1 Cisco | 7 Telepresence System 1000, Telepresence System 1100, Telepresence System 1300 Series and 4 more | 2024-02-28 | 10.0 HIGH | N/A |
The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote attackers to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCtb31640. | |||||
CVE-2010-1132 | 1 Georg Greve | 1 Spamassassin Milter Plugin | 2024-02-28 | 9.3 HIGH | N/A |
The mlfi_envrcpt function in spamass-milter.cpp in SpamAssassin Milter Plugin 0.3.1, when using the expand option, allows remote attackers to execute arbitrary system commands via shell metacharacters in the RCPT TO field of an email message. | |||||
CVE-2010-1885 | 1 Microsoft | 3 Windows 2003 Server, Windows Server 2003, Windows Xp | 2024-02-28 | 9.3 HIGH | N/A |
The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka "Help Center URL Validation Vulnerability." |