Search
Total
194 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-51698 | 2024-01-12 | N/A | N/A | ||
| Atril is a simple multi-page document viewer. Atril is vulnerable to a critical Command Injection Vulnerability. This vulnerability gives the attacker immediate access to the target system when the target user opens a crafted document or clicks on a crafted link/URL using a maliciously crafted CBT document which is a TAR archive. A patch is available at commit ce41df6. | |||||
| CVE-2023-4542 | 2023-08-26 | N/A | N/A | ||
| A vulnerability was found in D-Link DAR-8000-10 up to 20230809. It has been classified as critical. This affects an unknown part of the file /app/sys1.php. The manipulation of the argument cmd with the input id leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-238047. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-3974 | 2023-07-27 | N/A | N/A | ||
| OS Command Injection in GitHub repository jgraph/drawio prior to 21.4.0. | |||||
| CVE-2023-3975 | 2023-07-27 | N/A | N/A | ||
| OS Command Injection in GitHub repository jgraph/drawio prior to 21.5.0. | |||||
| CVE-2022-22684 | 2022-07-29 | N/A | N/A | ||
| Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in task management component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows remote authenticated users to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2022-2550 | 2022-07-27 | N/A | N/A | ||
| OS Command Injection in GitHub repository hestiacp/hestiacp prior to 1.6.5. | |||||
| CVE-2010-1423 | 1 Oracle | 2 Jdk, Jre | 2022-05-13 | 9.3 HIGH | N/A |
| Argument injection vulnerability in the URI handler in (a) Java NPAPI plugin and (b) Java Deployment Toolkit in Java 6 Update 10, 19, and other versions, when running on Windows and possibly on Linux, allows remote attackers to execute arbitrary code via the (1) -J or (2) -XXaltjvm argument to javaws.exe, which is processed by the launch method. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2014-6278 | 1 Gnu | 1 Bash | 2021-11-17 | 10.0 HIGH | N/A |
| GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277. | |||||
| CVE-2014-7169 | 1 Gnu | 1 Bash | 2021-11-17 | 10.0 HIGH | N/A |
| GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271. | |||||
| CVE-2008-4796 | 4 Debian, Nagios, Snoopy Project and 1 more | 4 Debian Linux, Nagios, Snoopy and 1 more | 2021-09-30 | 10.0 HIGH | N/A |
| The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote attackers to execute arbitrary commands via shell metacharacters in https URLs. | |||||
| CVE-2009-1792 | 4 Apple, Linux, Microsoft and 1 more | 5 Macos, Linux Kernel, Windows and 2 more | 2021-09-22 | 9.3 HIGH | N/A |
| The system.openURL function in StoneTrip Ston3D StandalonePlayer (aka S3DPlayer StandAlone) 1.6.2.4 and 1.7.0.1 and WebPlayer (aka S3DPlayer Web) 1.6.0.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the first argument (the sURL argument). | |||||
| CVE-2007-4041 | 2 Microsoft, Mozilla | 4 Internet Explorer, Windows 2003 Server, Windows Xp and 1 more | 2021-07-23 | 6.8 MEDIUM | N/A |
| Multiple argument injection vulnerabilities in Mozilla Firefox 2.0.0.5 and 3.0alpha allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670. | |||||
| CVE-2010-2445 | 1 Freeciv | 1 Freeciv | 2021-06-30 | 10.0 HIGH | N/A |
| freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read arbitrary files or execute arbitrary commands via a scenario that contains Lua functionality, related to the (1) os, (2) io, (3) package, (4) dofile, (5) loadfile, (6) loadlib, (7) module, and (8) require modules or functions. | |||||
| CVE-2008-5516 | 3 Git, Git-scm, Rpath | 3 Git, Git, Linux | 2021-01-26 | 7.5 HIGH | N/A |
| The web interface in git (gitweb) 1.5.x before 1.5.5 allows remote attackers to execute arbitrary commands via shell metacharacters related to git_search. | |||||
| CVE-2012-6600 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 9.0 HIGH | N/A |
| The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1.x before 4.1.2 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 34502. | |||||
| CVE-2012-6601 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 10.0 HIGH | N/A |
| The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.12, 4.0.x before 4.0.10, and 4.1.x before 4.1.4 allows remote attackers to execute arbitrary code via unspecified vectors, aka Ref ID 36983. | |||||
| CVE-2012-6602 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 9.0 HIGH | N/A |
| The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.4 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 30122. | |||||
| CVE-2012-6598 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 9.0 HIGH | N/A |
| The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 33080. | |||||
| CVE-2012-6593 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 10.0 HIGH | N/A |
| Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.4 allows remote attackers to execute arbitrary commands via unspecified vectors, aka Ref ID 30088. | |||||
| CVE-2012-6604 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 9.0 HIGH | N/A |
| The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.11 and 4.0.x before 4.0.9 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka Ref ID 35249. | |||||
| CVE-2012-6594 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 9.0 HIGH | N/A |
| The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.11, 4.0.x before 4.0.8, and 4.1.x before 4.1.1 allows remote authenticated administrators to execute arbitrary commands via unspecified vectors, aka Ref ID 34299. | |||||
| CVE-2012-6595 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 9.0 HIGH | N/A |
| The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1.x before 4.1.2 allows remote authenticated administrators to execute arbitrary commands via unspecified vectors, aka Ref ID 34595. | |||||
| CVE-2012-6599 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 9.0 HIGH | N/A |
| The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 and 4.1.x before 4.1.1 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 33476. | |||||
| CVE-2012-6591 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 9.0 HIGH | N/A |
| The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.5 allows remote authenticated administrators to execute arbitrary commands via unspecified vectors, aka Ref ID 31116. | |||||
| CVE-2012-6592 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 10.0 HIGH | N/A |
| Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.5 allows remote attackers to execute arbitrary commands via unspecified vectors, aka Ref ID 31091. | |||||
| CVE-2012-6605 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 9.0 HIGH | N/A |
| The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.11 and 4.0.x before 4.0.9 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka Ref ID 34896. | |||||
| CVE-2010-3753 | 1 Xelerance | 1 Openswan | 2019-07-29 | 6.5 MEDIUM | N/A |
| programs/pluto/xauth.c in the client in Openswan 2.6.26 through 2.6.28 allows remote authenticated gateways to execute arbitrary commands via shell metacharacters in the cisco_banner (aka server_banner) field, a different vulnerability than CVE-2010-3308. | |||||
| CVE-2010-3752 | 1 Xelerance | 1 Openswan | 2019-07-29 | 6.5 MEDIUM | N/A |
| programs/pluto/xauth.c in the client in Openswan 2.6.25 through 2.6.28 allows remote authenticated gateways to execute arbitrary commands via shell metacharacters in (1) cisco_dns_info or (2) cisco_domain_info data in a packet, a different vulnerability than CVE-2010-3302. | |||||
| CVE-2014-4326 | 1 Elastic | 1 Logstash | 2019-06-17 | 7.5 HIGH | N/A |
| Elasticsearch Logstash 1.0.14 through 1.4.x before 1.4.2 allows remote attackers to execute arbitrary commands via a crafted event in (1) zabbix.rb or (2) nagios_nsca.rb in outputs/. | |||||
| CVE-2010-1885 | 1 Microsoft | 3 Windows 2003 Server, Windows Server 2003, Windows Xp | 2019-02-26 | 9.3 HIGH | N/A |
| The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka "Help Center URL Validation Vulnerability." | |||||
| CVE-2015-0525 | 1 Emc | 1 Secure Remote Services | 2019-02-01 | 7.5 HIGH | N/A |
| The Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2012-3074 | 1 Cisco | 11 Telepresence System 1300 65, Telepresence System 3000, Telepresence System 3010 and 8 more | 2018-10-30 | 8.3 HIGH | N/A |
| An unspecified API on Cisco TelePresence Immersive Endpoint Devices before 1.9.1 allows remote attackers to execute arbitrary commands by leveraging certain adjacency and sending a malformed request on TCP port 61460, aka Bug ID CSCtz38382. | |||||
| CVE-2006-0325 | 1 Etomite | 1 Etomite | 2018-10-19 | 7.5 HIGH | N/A |
| Etomite Content Management System 0.6, and possibly earlier versions, when downloaded from the web site in January 2006 after January 10, contains a back door in manager/includes/todo.inc.php, which allows remote attackers to execute arbitrary commands via the "cij" parameter. | |||||
| CVE-2007-4560 | 1 Clam Anti-virus | 1 Clamav | 2018-10-15 | 7.6 HIGH | N/A |
| clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the "recipient field of sendmail." | |||||
| CVE-2008-6554 | 1 Aztech | 1 Adsl2\/2\+4-port Router | 2018-10-11 | 10.0 HIGH | N/A |
| cgi-bin/script in Aztech ADSL2/2+ 4-port router 3.7.0 build 070426 allows remote attackers to execute arbitrary commands via shell metacharacters in the query string. | |||||
| CVE-2010-4278 | 1 Artica | 1 Pandora Fms | 2018-10-10 | 9.0 HIGH | N/A |
| operation/agentes/networkmap.php in Pandora FMS before 3.1.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the layout parameter in an operation/agentes/networkmap action to index.php. | |||||
| CVE-2010-3757 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2018-10-10 | 10.0 HIGH | N/A |
| Format string vulnerability in the _Eventlog function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 allows remote attackers to execute arbitrary code via format string specifiers located after a | (pipe) character in a string. NOTE: this might overlap CVE-2010-3059. | |||||
| CVE-2010-3754 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2018-10-10 | 10.0 HIGH | N/A |
| The FXCLI_OraBR_Exec_Command function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 uses values of packet fields to determine the content and length of data copied to memory, which allows remote attackers to execute arbitrary code via a crafted packet. NOTE: this might overlap CVE-2010-3059. | |||||
| CVE-2010-3039 | 1 Cisco | 1 Unified Communications Manager | 2018-10-10 | 6.8 MEDIUM | N/A |
| /usr/local/cm/bin/pktCap_protectData in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6, 7, and 8 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in a request to the administrative interface, aka Bug IDs CSCti52041 and CSCti74930. | |||||
| CVE-2009-2011 | 2 Dxstudio, Mozilla | 2 Dx Studio Player, Firefox | 2018-10-10 | 9.3 HIGH | N/A |
| Worldweaver DX Studio Player 3.0.29.0, 3.0.22.0, 3.0.12.0, and probably other versions before 3.0.29.1, when used as a plug-in for Firefox, does not restrict access to the shell.execute JavaScript API method, which allows remote attackers to execute arbitrary commands via a .dxstudio file that invokes this method. | |||||
| CVE-2015-2844 | 1 Goautodial | 1 Goadmin Ce | 2018-10-09 | 10.0 HIGH | N/A |
| The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1420434000 allows remote attackers to execute arbitrary commands via the $action portion of the PATH_INFO. | |||||
| CVE-2015-2845 | 1 Goautodial | 1 Goadmin Ce | 2018-10-09 | 10.0 HIGH | N/A |
| The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1421902800 allows remote attackers to execute arbitrary commands via the $type portion of the PATH_INFO. | |||||
| CVE-2014-8387 | 1 Advantech | 2 Eki-6340, Eki-6340 Firmware | 2018-10-09 | 9.0 HIGH | N/A |
| cgi/utility.cgi in Advantech EKI-6340 2.05 Wi-Fi Mesh Access Point allows remote authenticated users to execute arbitrary commands via shell metacharacters in the pinghost parameter to ping.cgi. | |||||
| CVE-2014-8334 | 1 Wp-dbmanager Project | 1 Wp-dbmanager | 2018-10-09 | 6.5 MEDIUM | N/A |
| The WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) $backup['filepath'] (aka "Path to Backup:" field) or (2) $backup['mysqldumppath'] variable. | |||||
| CVE-2014-2507 | 1 Emc | 1 Documentum Content Server | 2018-10-09 | 8.5 HIGH | N/A |
| EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to execute arbitrary commands via shell metacharacters in arguments to unspecified methods. | |||||
| CVE-2014-3418 | 1 Infoblox | 1 Netmri | 2018-10-09 | 10.0 HIGH | N/A |
| config/userAdmin/login.tdf in Infoblox NetMRI before 6.8.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the skipjackUsername parameter. | |||||
| CVE-2013-6041 | 1 Softaculous | 1 Webuzo | 2018-08-13 | 7.5 HIGH | N/A |
| index.php in Softaculous Webuzo before 2.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in a SOFTCookies sid cookie within a login action. | |||||
| CVE-2014-9727 | 1 Avm | 1 Fritz\!box | 2018-08-13 | 10.0 HIGH | N/A |
| AVM Fritz!Box allows remote attackers to execute arbitrary commands via shell metacharacters in the var:lang parameter to cgi-bin/webcm. | |||||
| CVE-2014-6277 | 1 Gnu | 1 Bash | 2018-08-09 | 10.0 HIGH | N/A |
| GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer read and write operations) via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271 and CVE-2014-7169. | |||||
| CVE-2012-1795 | 1 Webglimpse | 1 Webglimpse | 2018-01-12 | 7.5 HIGH | N/A |
| webglimpse.cgi in Webglimpse before 2.20.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the query parameter, as exploited in the wild in March 2012. | |||||