Search
Total
194 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-2850 | 1 Sophos | 2 Web Appliance, Web Appliance Firmware | 2014-04-14 | 8.5 HIGH | N/A |
| The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address parameter. | |||||
| CVE-2014-1982 | 1 Alliedtelesis | 8 At-rg634a, At-rg634a Firmware, Img616lh and 5 more | 2014-03-31 | 10.0 HIGH | N/A |
| The administrative interface in Allied Telesis AT-RG634A ADSL Broadband router 3.3+, iMG624A firmware 3.5, iMG616LH firmware 2.4, and iMG646BD firmware 3.5 allows remote attackers to gain privileges and execute arbitrary commands via a direct request to cli.html. | |||||
| CVE-2013-2642 | 1 Sophos | 2 Web Appliance, Web Appliance Firmware | 2014-03-19 | 9.3 HIGH | N/A |
| Sophos Web Appliance before 3.7.8.2 allows (1) remote attackers to execute arbitrary commands via shell metacharacters in the client-ip parameter to the Block page, when using the user_workstation variable in a customized template, and remote authenticated users to execute arbitrary commands via shell metacharacters in the (2) url parameter to the Diagnostic Tools functionality or (3) entries parameter to the Local Site List functionality. | |||||
| CVE-2013-6881 | 1 Cru-inc | 2 Ditto Forensic Fieldstation, Ditto Forensic Fieldstation Firmware | 2014-02-25 | 10.0 HIGH | N/A |
| CRU Ditto Forensic FieldStation with firmware before 2013Oct15a allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) sector size or (2) skip count fields for the forensic imaging task. | |||||
| CVE-2013-3365 | 1 Trendnet | 1 Tew-812dru | 2014-02-05 | 8.5 HIGH | N/A |
| TRENDnet TEW-812DRU router allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) wan network prefix to internet/ipv6.asp; (2) remote port to adm/management.asp; (3) pptp username, (4) pptp password, (5) ip, (6) gateway, (7) l2tp username, or (8) l2tp password to internet/wan.asp; (9) NtpDstStart, (10) NtpDstEnd, or (11) NtpDstOffset to adm/time.asp; or (12) device url to adm/management.asp. NOTE: vectors 9, 10, and 11 can be exploited by unauthenticated remote attackers by leveraging CVE-2013-3098. | |||||
| CVE-2013-5667 | 1 Thecus | 2 N8800 Nas Server, N8800 Nas Server Firmware | 2014-01-24 | 10.0 HIGH | N/A |
| The Thecus NAS server N8800 with firmware 5.03.01 allows remote attackers to execute arbitrary commands via a get_userid action with shell metacharacters in the username parameter. | |||||
| CVE-2013-1616 | 1 Symantec | 3 Web Gateway, Web Gateway Appliance 8450, Web Gateway Appliance 8490 | 2014-01-17 | 8.3 HIGH | N/A |
| The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote attackers to execute arbitrary commands by injecting a command into an application script. | |||||
| CVE-2013-3576 | 1 Hp | 1 System Management Homepage | 2014-01-08 | 9.0 HIGH | N/A |
| ginkgosnmp.inc in HP System Management Homepage (SMH) allows remote authenticated users to execute arbitrary commands via shell metacharacters in the PATH_INFO to smhutil/snmpchp.php.en. | |||||
| CVE-2013-5946 | 1 D-link | 16 Dsr-1000, Dsr-1000 Firmware, Dsr-1000n and 13 more | 2013-12-19 | 10.0 HIGH | N/A |
| The runShellCmd function in systemCheck.htm in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) "Ping or Trace an IP Address" or (2) "Perform a DNS Lookup" section. | |||||
| CVE-2013-4457 | 1 Thoughtbot | 1 Cocaine | 2013-11-05 | 6.8 MEDIUM | N/A |
| The Cocaine gem 0.4.0 through 0.5.2 for Ruby allows context-dependent attackers to execute arbitrary commands via a crafted has object, related to recursive variable interpolation. | |||||
| CVE-2013-5703 | 1 Draytek | 2 Vigor 2700 Router, Vigor 2700 Router Firmware | 2013-10-23 | 6.8 MEDIUM | N/A |
| The DrayTek Vigor 2700 router 2.8.3 allows remote attackers to execute arbitrary JavaScript code, and modify settings or the DNS cache, via a crafted SSID value that is not properly handled during insertion into the sWlessSurvey value in variables.js. | |||||
| CVE-2012-4108 | 1 Cisco | 1 Unified Computing System | 2013-10-15 | 6.8 MEDIUM | N/A |
| The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges and execute arbitrary operating-system commands via crafted parameters to a file-related command, aka Bug ID CSCtq86554. | |||||
| CVE-2013-2578 | 1 Tp-link | 5 Lm Firmware, Tl-sc3130, Tl-sc3130g and 2 more | 2013-10-15 | 10.0 HIGH | N/A |
| cgi-bin/admin/servetest in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the ServerName parameter and (2) other unspecified parameters. | |||||
| CVE-2013-4983 | 1 Sophos | 2 Web Appliance, Web Appliance Firmware | 2013-10-09 | 10.0 HIGH | N/A |
| The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to end-user/index.php. | |||||
| CVE-2013-4781 | 1 Siemens | 2 Enterprise Openscape Branch, Openscape Session Border Controller | 2013-08-22 | 10.0 HIGH | N/A |
| core/getLog.php on the Siemens Enterprise OpenScape Branch appliance and OpenScape Session Border Controller (SBC) before 2 R0.32.0, and 7 before 7 R1.7.0, allows remote attackers to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2013-3578 | 1 Wave | 2 Embassy Remote Administration Server, Embassy Remote Administration Server Help Desk | 2013-07-16 | 9.0 HIGH | N/A |
| SQL injection vulnerability in the Help Desk application in Wave EMBASSY Remote Administration Server (ERAS) allows remote authenticated users to execute arbitrary SQL commands via the ct100$4MainController$TextBoxSearchValue parameter (aka the search field), leading to execution of operating-system commands. | |||||
| CVE-2013-1947 | 2 Kelly D. Redding, Ruby-lang | 2 Kelredd-pruview, Ruby | 2013-05-01 | 9.3 HIGH | N/A |
| kelredd-pruview gem 0.3.8 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument to (1) document.rb, (2) video.rb, or (3) video_image.rb. | |||||
| CVE-2012-4177 | 1 Ubi | 1 Uplay Pc | 2013-04-02 | 10.0 HIGH | N/A |
| The web browser plugin for Ubisoft Uplay PC before 2.0.4 allows remote attackers to execute arbitrary programs via the -orbit_exe_path command line argument. | |||||
| CVE-2012-3001 | 1 Mutiny | 1 Standard | 2013-03-02 | 8.5 HIGH | N/A |
| Mutiny Standard before 4.5-1.12 allows remote attackers to execute arbitrary commands via the network-interface menu, related to a "command injection vulnerability." | |||||
| CVE-2013-0804 | 1 Novell | 1 Groupwise | 2013-02-25 | 10.0 HIGH | N/A |
| The client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference) via unspecified vectors. | |||||
| CVE-2011-4502 | 4 Canyon-tech, Edimax, Sitecom and 1 more | 12 Cn-wf512, Cn-wf512 Router Firmware, Cn-wf514 and 9 more | 2013-01-24 | 10.0 HIGH | N/A |
| The UPnP IGD implementation in Edimax EdiLinux on the Edimax BR-6104K with firmware before 3.25, Edimax 6114Wg, Canyon-Tech CN-WF512 with firmware 1.83, Canyon-Tech CN-WF514 with firmware 2.08, Sitecom WL-153 with firmware before 1.39, and Sweex LB000021 with firmware 3.15 allows remote attackers to execute arbitrary commands via shell metacharacters. | |||||
| CVE-2012-4011 | 1 Cybozu | 1 Kunai | 2012-09-17 | 9.3 HIGH | N/A |
| The Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site. | |||||
| CVE-2012-2986 | 1 Hp | 2 San\/iq, Virtual San Appliance | 2012-08-21 | 7.7 HIGH | N/A |
| lhn/public/network/ping in HP SAN/iQ 9.5 on the HP Virtual SAN Appliance allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) first, (2) third, or (3) fourth parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4361. | |||||
| CVE-2012-4361 | 1 Hp | 2 San\/iq, Virtual San Appliance | 2012-08-21 | 7.7 HIGH | N/A |
| lhn/public/network/ping in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance allows remote authenticated users to execute arbitrary commands via shell metacharacters in the second parameter. | |||||
| CVE-2012-2516 | 1 Ge | 5 Intelligent Platforms Proficy Batch Execution, Intelligent Platforms Proficy Historian, Intelligent Platforms Proficy Hmi\/scada Ifix and 2 more | 2012-07-17 | 9.3 HIGH | N/A |
| An ActiveX control in KeyHelp.ocx in KeyWorks KeyHelp Module (aka the HTML Help component), as used in GE Intelligent Platforms Proficy Historian 3.1, 3.5, 4.0, and 4.5; Proficy HMI/SCADA iFIX 5.0 and 5.1; Proficy Pulse 1.0; Proficy Batch Execution 5.6; SI7 I/O Driver 7.20 through 7.42; and other products, allows remote attackers to execute arbitrary commands via crafted input, related to a "command injection vulnerability." | |||||
| CVE-2012-2607 | 1 Johnsoncontrols | 2 Network Controller, Network Controller Firmware | 2012-07-17 | 7.5 HIGH | N/A |
| The Johnson Controls CK721-A controller with firmware before SSM4388_03.1.0.14_BB allows remote attackers to perform arbitrary actions via crafted packets to TCP port 41014 (aka the download port). | |||||
| CVE-2012-3076 | 1 Cisco | 1 Telepresence Recording Server | 2012-07-12 | 9.0 HIGH | N/A |
| The administrative web interface on Cisco TelePresence Recording Server before 1.8.0 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Bug ID CSCth85804. | |||||
| CVE-2012-3075 | 1 Cisco | 11 Telepresence System 1300 65, Telepresence System 3000, Telepresence System 3010 and 8 more | 2012-07-12 | 9.0 HIGH | N/A |
| The administrative web interface on Cisco TelePresence Immersive Endpoint Devices before 1.7.4 allows remote authenticated users to execute arbitrary commands via a malformed request on TCP port 443, aka Bug ID CSCtn99724. | |||||
| CVE-2011-4002 | 1 Mawashimono | 1 Nikki | 2011-12-14 | 7.5 HIGH | N/A |
| HP no Mawashimono Nikki 6.6 and earlier allows remote attackers to execute arbitrary commands via unspecified vectors, related to a "command injection vulnerability." | |||||
| CVE-2011-0456 | 1 Otrs | 1 Otrs | 2011-08-26 | 7.5 HIGH | N/A |
| webscript.pl in Open Ticket Request System (OTRS) 2.3.4 and earlier allows remote attackers to execute arbitrary commands via unspecified vectors, related to a "command injection vulnerability." | |||||
| CVE-2011-1904 | 1 Proofpoint | 2 Messaging Security Gateway, Protection Server | 2011-05-31 | 7.5 HIGH | N/A |
| An unspecified function in the web interface in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allows remote attackers to execute arbitrary commands via unknown vectors, related to a "command injection" issue. | |||||
| CVE-2011-0382 | 1 Cisco | 2 Telepresence Recording Server, Telepresence Recording Server Software | 2011-04-09 | 10.0 HIGH | N/A |
| The CGI subsystem on Cisco TelePresence Recording Server devices with software 1.6.x before 1.6.2 allows remote attackers to execute arbitrary commands via a request to TCP port 443, related to a "command injection vulnerability," aka Bug ID CSCtf97221. | |||||
| CVE-2011-0372 | 1 Cisco | 7 Telepresence System 1000, Telepresence System 1100, Telepresence System 1300 Series and 4 more | 2011-03-31 | 10.0 HIGH | N/A |
| The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote attackers to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCtb31640. | |||||
| CVE-2011-0373 | 1 Cisco | 7 Telepresence System 1000, Telepresence System 1100, Telepresence System 1300 Series and 4 more | 2011-03-31 | 9.0 HIGH | N/A |
| The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCtb31685. | |||||
| CVE-2011-0374 | 1 Cisco | 7 Telepresence System 1000, Telepresence System 1100, Telepresence System 1300 Series and 4 more | 2011-03-31 | 9.0 HIGH | N/A |
| The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCtb31659. | |||||
| CVE-2011-0378 | 1 Cisco | 7 Telepresence System 1000, Telepresence System 1100, Telepresence System 1300 Series and 4 more | 2011-03-31 | 8.3 HIGH | N/A |
| The XML-RPC implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote attackers to execute arbitrary commands via a TCP request, related to a "command injection vulnerability," aka Bug ID CSCtb52587. | |||||
| CVE-2011-0375 | 1 Cisco | 7 Telepresence System 1000, Telepresence System 1100, Telepresence System 1300 Series and 4 more | 2011-03-31 | 9.0 HIGH | N/A |
| The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.6.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCth24671. | |||||
| CVE-2009-4498 | 1 Zabbix | 1 Zabbix | 2010-05-25 | 6.8 MEDIUM | N/A |
| The node_process_command function in Zabbix Server before 1.8 allows remote attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2009-2288 | 1 Nagios | 1 Nagios | 2010-04-03 | 7.5 HIGH | N/A |
| statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) ping or (2) Traceroute parameters. | |||||
| CVE-2010-0418 | 1 Chumby | 2 Chumby Classic, Chumby One | 2010-03-31 | 10.0 HIGH | N/A |
| The web interface in chumby one before 1.0.4 and chumby classic before 1.7.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a request. | |||||
| CVE-2010-0934 | 1 Perforce | 1 Perforce Server | 2010-03-08 | 7.1 HIGH | N/A |
| The triggers functionality in Perforce Server 2008.1 allows remote authenticated users with super privileges to execute arbitrary operating-system commands by using a "p4 client" command in conjunction with the form-in trigger script. | |||||
| CVE-2009-3233 | 1 Cameron Morland | 1 Changetrack | 2009-09-17 | 7.2 HIGH | N/A |
| changetrack 4.3 allows local users to execute arbitrary commands via CRLF sequences and shell metacharacters in a filename in a directory that is checked by changetrack. | |||||
| CVE-2008-2475 | 1 Ebay | 1 Enhanced Picture Uploader Activex Control | 2009-07-09 | 9.3 HIGH | N/A |
| eBay Enhanced Picture Uploader ActiveX control (EPUWALcontrol.dll) before 1.0.27 allows remote attackers to execute arbitrary commands via the PictureUrls property. | |||||
| CVE-2008-5718 | 1 Netatalk | 1 Netatalk | 2009-04-02 | 9.3 HIGH | N/A |
| The papd daemon in Netatalk before 2.0.4-beta2, when using certain variables in a pipe command for the print file, allows remote attackers to execute arbitrary commands via shell metacharacters in a print request, as demonstrated using a crafted Title. | |||||