Vulnerabilities (CVE)

Filtered by CWE-78
Total 3809 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-2578 1 Tp-link 5 Lm Firmware, Tl-sc3130, Tl-sc3130g and 2 more 2024-02-28 10.0 HIGH N/A
cgi-bin/admin/servetest in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the ServerName parameter and (2) other unspecified parameters.
CVE-2009-4644 1 Accellion 1 Secure File Transfer Appliance 2024-02-28 9.0 HIGH N/A
Accellion Secure File Transfer Appliance before 8_0_105 allows remote authenticated administrators to bypass the restricted shell and execute arbitrary commands via shell metacharacters to the ping command, as demonstrated by modifying the cli program.
CVE-2011-0381 1 Cisco 1 Telepresence Manager 2024-02-28 10.0 HIGH N/A
Cisco TelePresence Manager 1.2.x through 1.6.x allows remote attackers to perform unspecified actions and consequently execute arbitrary code via a crafted request to the Java RMI interface, related to a "command injection vulnerability," aka Bug ID CSCtf97085.
CVE-2010-4278 1 Artica 1 Pandora Fms 2024-02-28 9.0 HIGH N/A
operation/agentes/networkmap.php in Pandora FMS before 3.1.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the layout parameter in an operation/agentes/networkmap action to index.php.
CVE-2011-0271 1 Hp 1 Openview Network Node Manager 2024-02-28 10.0 HIGH N/A
The CGI scripts in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 do not properly validate an unspecified parameter, which allows remote attackers to execute arbitrary commands by using a command string for this parameter's value, related to a "command injection vulnerability."
CVE-2011-0456 1 Otrs 1 Otrs 2024-02-28 7.5 HIGH N/A
webscript.pl in Open Ticket Request System (OTRS) 2.3.4 and earlier allows remote attackers to execute arbitrary commands via unspecified vectors, related to a "command injection vulnerability."
CVE-2011-1904 1 Proofpoint 2 Messaging Security Gateway, Protection Server 2024-02-28 7.5 HIGH N/A
An unspecified function in the web interface in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allows remote attackers to execute arbitrary commands via unknown vectors, related to a "command injection" issue.
CVE-2011-0373 1 Cisco 7 Telepresence System 1000, Telepresence System 1100, Telepresence System 1300 Series and 4 more 2024-02-28 9.0 HIGH N/A
The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCtb31685.
CVE-2011-0375 1 Cisco 7 Telepresence System 1000, Telepresence System 1100, Telepresence System 1300 Series and 4 more 2024-02-28 9.0 HIGH N/A
The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.6.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCth24671.
CVE-2009-4498 1 Zabbix 1 Zabbix 2024-02-28 6.8 MEDIUM N/A
The node_process_command function in Zabbix Server before 1.8 allows remote attackers to execute arbitrary commands via a crafted request.
CVE-2010-3752 1 Xelerance 1 Openswan 2024-02-28 6.5 MEDIUM N/A
programs/pluto/xauth.c in the client in Openswan 2.6.25 through 2.6.28 allows remote authenticated gateways to execute arbitrary commands via shell metacharacters in (1) cisco_dns_info or (2) cisco_domain_info data in a packet, a different vulnerability than CVE-2010-3302.
CVE-2011-4002 1 Mawashimono 1 Nikki 2024-02-28 7.5 HIGH N/A
HP no Mawashimono Nikki 6.6 and earlier allows remote attackers to execute arbitrary commands via unspecified vectors, related to a "command injection vulnerability."
CVE-2011-1513 1 E107 1 E107 2024-02-28 7.5 HIGH N/A
Static code injection vulnerability in install_.php in e107 CMS 0.7.24 and probably earlier versions, when the installation script is not removed, allows remote attackers to inject arbitrary PHP code into e107_config.php via a crafted MySQL server name.
CVE-2010-0418 1 Chumby 2 Chumby Classic, Chumby One 2024-02-28 10.0 HIGH N/A
The web interface in chumby one before 1.0.4 and chumby classic before 1.7.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a request.
CVE-2010-1423 1 Oracle 2 Jdk, Jre 2024-02-28 9.3 HIGH N/A
Argument injection vulnerability in the URI handler in (a) Java NPAPI plugin and (b) Java Deployment Toolkit in Java 6 Update 10, 19, and other versions, when running on Windows and possibly on Linux, allows remote attackers to execute arbitrary code via the (1) -J or (2) -XXaltjvm argument to javaws.exe, which is processed by the launch method. NOTE: some of these details are obtained from third party information.
CVE-2011-0374 1 Cisco 7 Telepresence System 1000, Telepresence System 1100, Telepresence System 1300 Series and 4 more 2024-02-28 9.0 HIGH N/A
The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCtb31659.
CVE-2012-1795 1 Webglimpse 1 Webglimpse 2024-02-28 7.5 HIGH N/A
webglimpse.cgi in Webglimpse before 2.20.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the query parameter, as exploited in the wild in March 2012.
CVE-2011-0372 1 Cisco 7 Telepresence System 1000, Telepresence System 1100, Telepresence System 1300 Series and 4 more 2024-02-28 10.0 HIGH N/A
The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote attackers to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCtb31640.
CVE-2010-1132 1 Georg Greve 1 Spamassassin Milter Plugin 2024-02-28 9.3 HIGH N/A
The mlfi_envrcpt function in spamass-milter.cpp in SpamAssassin Milter Plugin 0.3.1, when using the expand option, allows remote attackers to execute arbitrary system commands via shell metacharacters in the RCPT TO field of an email message.
CVE-2010-1885 1 Microsoft 3 Windows 2003 Server, Windows Server 2003, Windows Xp 2024-02-28 9.3 HIGH N/A
The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka "Help Center URL Validation Vulnerability."