Total
5311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-4183 | 1 Cisco | 1 Unified Computing System | 2025-04-12 | 7.2 HIGH | N/A |
|
Cisco UCS Central Software 1.2(1a) allows local users to gain privileges for OS command execution via a crafted CLI parameter, aka Bug ID CSCut32795.
|
|||||
| CVE-2014-3358 | 1 Cisco | 2 Ios, Ios Xe | 2025-04-12 | 7.8 HIGH | N/A |
|
Memory leak in Cisco IOS 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.3.xSE before 3.3.2SE, 3.3.xXO before 3.3.1XO, 3.5.xE before 3.5.2E, and 3.11.xS before 3.11.1S allows remote attackers to cause a denial of service (memory consumption, and interface queue wedge or device reload) via malformed mDNS packets, aka Bug ID CSCuj58950.
|
|||||
| CVE-2015-2845 | 1 Goautodial | 1 Goadmin Ce | 2025-04-12 | 10.0 HIGH | N/A |
|
The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1421902800 allows remote attackers to execute arbitrary commands via the $type portion of the PATH_INFO.
|
|||||
| CVE-2015-5672 | 1 Typemoon | 4 Fate\/hollow Ataraxia, Fate\/stay Night, Fate\/stay Night \+ Hollow Ataraxia Set and 1 more | 2025-04-12 | 10.0 HIGH | N/A |
|
TYPE-MOON Fate/stay night, Fate/hollow ataraxia, Witch on the Holy Night, and Fate/stay night + hollow ataraxia set allow remote attackers to execute arbitrary OS commands via crafted saved data.
|
|||||
| CVE-2014-3008 | 1 Unitrends | 1 Enterprise Backup | 2025-04-12 | 10.0 HIGH | N/A |
|
Unitrends Enterprise Backup 7.3.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the comm parameter to recoveryconsole/bpl/snmpd.php.
|
|||||
| CVE-2015-0691 | 1 Cisco | 1 Secure Desktop | 2025-04-12 | 9.3 HIGH | N/A |
|
A certain Cisco JAR file, as distributed in Cache Cleaner in Cisco Secure Desktop (CSD), allows remote attackers to execute arbitrary commands via a crafted web site, aka Bug ID CSCup83001.
|
|||||
| CVE-2014-6434 | 1 Gopro | 2 Gopro Hero, Gopro Hero Firmware | 2025-04-12 | 10.0 HIGH | N/A |
|
gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary commands via a the (1) a1 or (2) a2 parameter in a restart action.
|
|||||
| CVE-2016-1142 | 1 Seeds | 1 Acmailer | 2025-04-12 | 9.0 HIGH | 9.1 CRITICAL |
|
Seeds acmailer before 3.8.21 and 3.9.x before 3.9.15 Beta allows remote authenticated users to execute arbitrary OS commands via unspecified vectors.
|
|||||
| CVE-2014-7269 | 1 Asus | 10 Rt-ac56s, Rt-ac56s Firmware, Rt-ac68u and 7 more | 2025-04-12 | 6.5 MEDIUM | N/A |
|
ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allow remote authenticated users to execute arbitrary OS commands via unspecified vectors.
|
|||||
| CVE-2015-4956 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2025-04-12 | 6.5 MEDIUM | 7.4 HIGH |
|
The Web UI in IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 allows remote authenticated users to execute unspecified OS commands via unknown vectors.
|
|||||
| CVE-2014-0356 | 1 Zyxel | 2 N300 Netusb Nbg-419n, N300 Netusb Nbg-419n Firmware | 2025-04-12 | 7.9 HIGH | N/A |
|
The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 allows remote attackers to execute arbitrary code via shell metacharacters in input to the (1) detectWeather, (2) set_language, (3) SystemCommand, or (4) NTPSyncWithHost function in management.c, or a (5) SET COUNTRY, (6) SET WLAN SSID, (7) SET WLAN CHANNEL, (8) SET WLAN STATUS, or (9) SET WLAN COUNTRY udps command.
|
|||||
| CVE-2016-6373 | 1 Cisco | 1 Cloud Services Platform 2100 | 2025-04-12 | 9.0 HIGH | 7.2 HIGH |
|
The web-based GUI in Cisco Cloud Services Platform (CSP) 2100 2.0 allows remote authenticated administrators to execute arbitrary OS commands as root via crafted platform commands, aka Bug ID CSCva00541.
|
|||||
| CVE-2016-1320 | 1 Cisco | 1 Prime Collaboration | 2025-04-12 | 6.8 MEDIUM | 6.7 MEDIUM |
|
The CLI in Cisco Prime Collaboration 9.0 and 11.0 allows local users to execute arbitrary OS commands as root by leveraging administrator privileges, aka Bug ID CSCux69286.
|
|||||
| CVE-2014-7253 | 1 Fujitsu | 4 Arrows Kiss F-03d, Arrows Tab Lte F-01d, F-12c and 1 more | 2025-04-12 | 7.2 HIGH | N/A |
|
FUJITSU F-12C, ARROWS Tab LTE F-01D, ARROWS Kiss F-03D, and REGZA Phone T-01D for Android allows local users to execute arbitrary commands via unspecified vectors.
|
|||||
| CVE-2016-3655 | 1 Paloaltonetworks | 1 Pan-os | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
|
The management web interface in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5 allows remote attackers to execute arbitrary OS commands via an unspecified API call.
|
|||||
| CVE-2016-1339 | 1 Cisco | 1 Unified Computing System Platform Emulator | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
|
Cisco Unified Computing System (UCS) Platform Emulator 2.5(2)TS4, 3.0(2c)A, and 3.0(2c)TS9 allows local users to gain privileges via crafted arguments on a ucspe-copy command line, aka Bug ID CSCux68832.
|
|||||
| CVE-2014-2959 | 2 Dell, Quantum | 4 Powervault Ml6000, Powervault Ml6000 Firmware, Scalar I500 and 1 more | 2025-04-12 | 9.0 HIGH | N/A |
|
logViewer.htm on the Dell ML6000 tape backup system with firmware before i8.2.0.2 (641G.GS103) and the Quantum Scalar i500 tape backup system with firmware before i8.2.2.1 (646G.GS002) allows remote attackers to execute arbitrary commands via shell metacharacters in a pathname parameter.
|
|||||
| CVE-2014-8334 | 1 Wp-dbmanager Project | 1 Wp-dbmanager | 2025-04-12 | 6.5 MEDIUM | N/A |
|
The WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) $backup['filepath'] (aka "Path to Backup:" field) or (2) $backup['mysqldumppath'] variable.
|
|||||
| CVE-2013-7259 | 1 Neo4j | 1 Neo4j | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Neo4J 1.9.2 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary code, as demonstrated by a request to (1) db/data/ext/GremlinPlugin/graphdb/execute_script or (2) db/manage/server/console/.
|
|||||
| CVE-2014-2967 | 1 Autodesk | 1 Vred | 2025-04-12 | 10.0 HIGH | N/A |
|
Autodesk VRED Professional 2014 before SR1 SP8 allows remote attackers to execute arbitrary code via Python os library calls in Python API commands to the integrated web server.
|
|||||
| CVE-2014-9727 | 1 Avm | 1 Fritz\!box | 2025-04-12 | 10.0 HIGH | N/A |
|
AVM Fritz!Box allows remote attackers to execute arbitrary commands via shell metacharacters in the var:lang parameter to cgi-bin/webcm.
|
|||||
| CVE-2016-6147 | 1 Sap | 1 Trex | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
|
An unspecified interface in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands with SIDadm privileges via unspecified vectors, aka SAP Security Note 2234226.
|
|||||
| CVE-2015-0525 | 1 Emc | 1 Secure Remote Services | 2025-04-12 | 7.5 HIGH | N/A |
|
The Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
|
|||||
| CVE-2014-3357 | 1 Cisco | 2 Ios, Ios Xe | 2025-04-12 | 7.8 HIGH | N/A |
|
Cisco IOS 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.3.xSE before 3.3.2SE, 3.3.xXO before 3.3.1XO, 3.5.xE before 3.5.2E, and 3.11.xS before 3.11.1S allow remote attackers to cause a denial of service (device reload) via malformed mDNS packets, aka Bug ID CSCul90866.
|
|||||
| CVE-2016-4853 | 1 Akabei Soft2 | 1 Happy Wardrobe | 2025-04-12 | 6.8 MEDIUM | 7.8 HIGH |
|
AKABEi SOFT2 games allow remote attackers to execute arbitrary OS commands via crafted saved data, as demonstrated by Happy Wardrobe.
|
|||||
| CVE-2015-4224 | 1 Cisco | 1 Wireless Lan Controller Software | 2025-04-12 | 7.2 HIGH | N/A |
|
Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0) allow local users to execute arbitrary OS commands in a privileged context via crafted CLI commands, aka Bug ID CSCuj39474.
|
|||||
| CVE-2016-1141 | 1 Kddi | 2 Home Spot Cube, Home Spot Cube Firmware | 2025-04-12 | 6.5 MEDIUM | 4.7 MEDIUM |
|
KDDI HOME SPOT CUBE devices before 2 allow remote authenticated users to execute arbitrary OS commands via unspecified vectors.
|
|||||
| CVE-2013-6719 | 1 Ibm | 1 Tealeaf Cx | 2025-04-12 | 6.0 MEDIUM | N/A |
|
delivery.php in the Passive Capture Application (PCA) web console in IBM Tealeaf CX 7.x, 8.x through 8.6, 8.7 before FP2, and 8.8 before FP2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the testconn_host parameter.
|
|||||
| CVE-2013-2090 | 1 Uplawski | 1 Creme Fraiche | 2025-04-12 | 9.3 HIGH | N/A |
|
The set_meta_data function in lib/cremefraiche.rb in the Creme Fraiche gem before 0.6.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the file name of an email attachment. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2014-8387 | 1 Advantech | 2 Eki-6340, Eki-6340 Firmware | 2025-04-12 | 9.0 HIGH | N/A |
|
cgi/utility.cgi in Advantech EKI-6340 2.05 Wi-Fi Mesh Access Point allows remote authenticated users to execute arbitrary commands via shell metacharacters in the pinghost parameter to ping.cgi.
|
|||||
| CVE-2015-7698 | 1 Owncloud | 2 Owncloud, Smb | 2025-04-12 | 9.0 HIGH | N/A |
|
icewind1991 SMB before 1.0.3 allows remote authenticated users to execute arbitrary SMB commands via shell metacharacters in the user argument in the (1) listShares function in Server.php or the (2) connect or (3) read function in Share.php.
|
|||||
| CVE-2014-2850 | 1 Sophos | 2 Web Appliance, Web Appliance Firmware | 2025-04-12 | 8.5 HIGH | N/A |
|
The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address parameter.
|
|||||
| CVE-2015-4718 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | 9.0 HIGH | N/A |
|
The external SMB storage driver in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 allows remote authenticated users to execute arbitrary SMB commands via a ; (semicolon) character in a file.
|
|||||
| CVE-2016-6414 | 1 Cisco | 1 Ios | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
|
iox in Cisco IOS, possibly 15.6 and earlier, and IOS XE, possibly 3.18 and earlier, allows local users to execute arbitrary IOx Linux commands on the guest OS via crafted iox command-line options, aka Bug ID CSCuz59223.
|
|||||
| CVE-2015-6298 | 1 Cisco | 1 Web Security Appliance | 2025-04-12 | 9.0 HIGH | N/A |
|
The admin web interface in Cisco AsyncOS 8.x before 8.0.8-113, 8.1.x and 8.5.x before 8.5.3-051, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance (WSA) devices allows remote authenticated users to obtain root privileges via crafted certificate-generation arguments, aka Bug ID CSCus83445.
|
|||||
| CVE-2015-1388 | 1 Arubanetworks | 1 Arubaos | 2025-04-12 | 7.2 HIGH | N/A |
|
The "RAP console" feature in ArubaOS 5.x through 6.2.x, 6.3.x before 6.3.1.15, and 6.4.x before 6.4.2.4 on Aruba access points in Remote Access Point (AP) mode allows remote attackers to execute arbitrary commands via unspecified vectors.
|
|||||
| CVE-2015-4642 | 2 Microsoft, Php | 2 Windows, Php | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
|
The escapeshellarg function in ext/standard/exec.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 on Windows allows remote attackers to execute arbitrary OS commands via a crafted string to an application that accepts command-line arguments for a call to the PHP system function.
|
|||||
| CVE-2015-7769 | 1 Basercms | 1 Basercms | 2025-04-12 | 6.5 MEDIUM | 6.3 MEDIUM |
|
baserCMS 3.0.2 through 3.0.8 allows remote authenticated users to execute arbitrary OS commands via unspecified vectors.
|
|||||
| CVE-2025-0255 | 1 Hcltechsw | 2 Hcl Devops Deploy, Hcl Launch | 2025-04-11 | N/A | 7.2 HIGH |
|
HCL DevOps Deploy / HCL Launch could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements.
|
|||||
| CVE-2022-46598 | 1 Trendnet | 2 Tew-755ap, Tew-755ap Firmware | 2025-04-11 | N/A | 9.8 CRITICAL |
|
TRENDnet TEW755AP 1.13B01 was discovered to contain a command injection vulnerability via the wps_sta_enrollee_pin parameter in the action set_sta_enrollee_pin_5g function.
|
|||||