Total
5311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-25890 | 1 Wifey Project | 1 Wifey | 2025-04-09 | N/A | 7.4 HIGH |
|
All versions of the package wifey are vulnerable to Command Injection via the connect() function due to improper input sanitization.
|
|||||
| CVE-2008-6554 | 1 Aztech | 1 Adsl2\/2\+4-port Router | 2025-04-09 | 10.0 HIGH | N/A |
|
cgi-bin/script in Aztech ADSL2/2+ 4-port router 3.7.0 build 070426 allows remote attackers to execute arbitrary commands via shell metacharacters in the query string.
|
|||||
| CVE-2009-1916 | 1 Gscripts | 1 Dns Tools | 2025-04-09 | 10.0 HIGH | N/A |
|
dig.php in GScripts.net DNS Tools allows remote attackers to execute arbitrary commands via shell metacharacters in the ns parameter.
|
|||||
| CVE-2008-2575 | 2 Fedoraproject, Jcoppens | 2 Fedora, Cbrpager | 2025-04-09 | 6.8 MEDIUM | N/A |
|
cbrPager before 0.9.17 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a (1) ZIP (aka .cbz) or (2) RAR (aka .cbr) archive filename.
|
|||||
| CVE-2008-5718 | 1 Netatalk | 1 Netatalk | 2025-04-09 | 9.3 HIGH | N/A |
|
The papd daemon in Netatalk before 2.0.4-beta2, when using certain variables in a pipe command for the print file, allows remote attackers to execute arbitrary commands via shell metacharacters in a print request, as demonstrated using a crafted Title.
|
|||||
| CVE-2009-2288 | 1 Nagios | 1 Nagios | 2025-04-09 | 7.5 HIGH | N/A |
|
statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) ping or (2) Traceroute parameters.
|
|||||
| CVE-2008-4636 | 3 Novell, Opensuse, Suse | 7 Linux Desktop, Open Enterprise Server, Opensuse and 4 more | 2025-04-09 | 7.2 HIGH | N/A |
|
yast2-backup 2.14.2 through 2.16.6 on SUSE Linux and Novell Linux allows local users to gain privileges via shell metacharacters in filenames used by the backup process.
|
|||||
| CVE-2007-4560 | 1 Clam Anti-virus | 1 Clamav | 2025-04-09 | 7.6 HIGH | N/A |
|
clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the "recipient field of sendmail."
|
|||||
| CVE-2009-1792 | 4 Apple, Linux, Microsoft and 1 more | 5 Macos, Linux Kernel, Windows and 2 more | 2025-04-09 | 9.3 HIGH | N/A |
|
The system.openURL function in StoneTrip Ston3D StandalonePlayer (aka S3DPlayer StandAlone) 1.6.2.4 and 1.7.0.1 and WebPlayer (aka S3DPlayer Web) 1.6.0.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the first argument (the sURL argument).
|
|||||
| CVE-2008-3074 | 1 Vim | 2 Tar.vim, Vim | 2025-04-09 | 9.3 HIGH | N/A |
|
The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a tar archive and possibly (2) the filename of the first file in a tar archive, which is not properly handled by the VIM TAR plugin (tar.vim) v.10 through v.22, as demonstrated by the shellescape, tarplugin.v2, tarplugin, and tarplugin.updated test cases. NOTE: this issue reportedly exists because ...
Show More |
|||||
| CVE-2007-5322 | 1 Microsoft | 1 Visual Foxpro | 2025-04-09 | 7.5 HIGH | N/A |
|
Insecure method vulnerability in the FPOLE.OCX 6.0.8450.0 ActiveX control in Microsoft Visual FoxPro 6.0 allows remote attackers to execute arbitrary programs by specifying them as an argument to the FoxDoCmd function.
|
|||||
| CVE-2009-4025 | 1 Pear | 1 Pear | 2025-04-09 | 10.0 HIGH | N/A |
|
Argument injection vulnerability in the traceroute function in Traceroute.php in the Net_Traceroute package before 0.21.2 for PEAR allows remote attackers to execute arbitrary shell commands via the host parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-6669 | 1 Dirk Bartley | 1 Nweb2fax | 2025-04-09 | 7.5 HIGH | N/A |
|
viewrq.php in nweb2fax 0.2.7 and earlier allows remote attackers to execute arbitrary code via shell metacharacters in the var_filename parameter in a (1) tif or (2) pdf format action.
|
|||||
| CVE-2008-3076 | 1 Vim | 1 Vim | 2025-04-09 | 9.3 HIGH | N/A |
|
The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within the (1) mz and (2) mc commands, as demonstrated by the netrw.v2 and netrw.v3 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712.
|
|||||
| CVE-2007-5653 | 1 Php | 1 Php | 2025-04-09 | 9.3 HIGH | N/A |
|
The Component Object Model (COM) functions in PHP 5.x on Windows do not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by executing objects with the kill bit set in the corresponding ActiveX control Compatibility Flags, executing programs via a function in compatUI.dll, invoking wscript.shell via wscript.exe, invoking Scripting.FileSystemObject via wshom.ocx, and adding users via a function in shgina.d ...
Show More |
|||||
| CVE-2009-4498 | 1 Zabbix | 1 Zabbix | 2025-04-09 | 6.8 MEDIUM | N/A |
|
The node_process_command function in Zabbix Server before 1.8 allows remote attackers to execute arbitrary commands via a crafted request.
|
|||||
| CVE-2007-4041 | 2 Microsoft, Mozilla | 4 Internet Explorer, Windows 2003 Server, Windows Xp and 1 more | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple argument injection vulnerabilities in Mozilla Firefox 2.0.0.5 and 3.0alpha allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670.
|
|||||
| CVE-2008-4304 | 1 Phpcollab | 1 Phpcollab | 2025-04-09 | 10.0 HIGH | N/A |
|
general/login.php in phpCollab 2.5 rc3 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified input related to the SSL_CLIENT_CERT environment variable. NOTE: in some environments, SSL_CLIENT_CERT always has a base64-encoded string value, which may impose constraints on injection for typical shells.
|
|||||
| CVE-2008-6235 | 1 Vim | 1 Vim | 2025-04-09 | 9.3 HIGH | N/A |
|
The Netrw plugin (netrw.vim) in Vim 7.0 and 7.1 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a filename used by the (1) "D" (delete) command or (2) b:netrw_curdir variable, as demonstrated using the netrw.v4 and netrw.v5 test cases.
|
|||||
| CVE-2008-1115 | 1 Sun | 1 Solaris | 2025-04-09 | 4.9 MEDIUM | N/A |
|
Unspecified vulnerability in Sun Solaris 8 directory functions allows local users to cause a denial of service (panic) via an unspecified sequence of system calls or commands.
|
|||||
| CVE-2009-2011 | 2 Dxstudio, Mozilla | 2 Dx Studio Player, Firefox | 2025-04-09 | 9.3 HIGH | N/A |
|
Worldweaver DX Studio Player 3.0.29.0, 3.0.22.0, 3.0.12.0, and probably other versions before 3.0.29.1, when used as a plug-in for Firefox, does not restrict access to the shell.execute JavaScript API method, which allows remote attackers to execute arbitrary commands via a .dxstudio file that invokes this method.
|
|||||
| CVE-2006-6427 | 1 Xerox | 1 Workcentre | 2025-04-09 | 7.5 HIGH | N/A |
|
The Web User Interface in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows remote attackers to execute arbitrary commands via unspecified vectors involving "command injection" in (1) the TCP/IP hostname, (2) Scan-to-mailbox folder names, and (3) certain parameters in the Microsoft Networking configuration. NOTE: vector 1 might be the same as CVE-2006-5290.
|
|||||
| CVE-2007-4891 | 1 Microsoft | 1 Visual Studio | 2025-04-09 | 6.8 MEDIUM | N/A |
|
A certain ActiveX control in PDWizard.ocx 6.0.0.9782 and earlier in Microsoft Visual Studio 6.0 exposes dangerous (1) StartProcess, (2) SyncShell, (3) SaveAs, (4) CABDefaultURL, (5) CABFileName, and (6) CABRunFile methods, which allows remote attackers to execute arbitrary programs and have other impacts, as demonstrated using absolute pathnames in arguments to StartProcess and SyncShell.
|
|||||
| CVE-2009-0854 | 1 Dash | 1 Dash | 2025-04-09 | 6.9 MEDIUM | N/A |
|
Untrusted search path vulnerability in dash 0.5.4, when used as a login shell, allows local users to execute arbitrary code via a Trojan horse .profile file in the current working directory.
|
|||||
| CVE-2008-2475 | 1 Ebay | 1 Enhanced Picture Uploader Activex Control | 2025-04-09 | 9.3 HIGH | N/A |
|
eBay Enhanced Picture Uploader ActiveX control (EPUWALcontrol.dll) before 1.0.27 allows remote attackers to execute arbitrary commands via the PictureUrls property.
|
|||||
| CVE-2007-4673 | 1 Apple | 1 Quicktime | 2025-04-09 | 9.3 HIGH | N/A |
|
Argument injection vulnerability in Apple QuickTime 7.2 for Windows XP SP2 and Vista allows remote attackers to execute arbitrary commands via a URL in the qtnext field in a crafted QTL file. NOTE: this issue may be related to CVE-2006-4965 or CVE-2007-5045.
|
|||||
| CVE-2009-0848 | 1 Opensuse | 1 Opensuse | 2025-04-09 | 4.4 MEDIUM | N/A |
|
Untrusted search path vulnerability in GTK2 in OpenSUSE 11.0 and 11.1 allows local users to execute arbitrary code via a Trojan horse GTK module in an unspecified "relative search path."
|
|||||
| CVE-2008-7125 | 1 Ariadne-cms | 1 Ariadne Cms | 2025-04-09 | 9.0 HIGH | N/A |
|
pphoto in Ariadne before 2.6 allows remote authenticated users with certain privileges to execute arbitrary shell commands via vectors related to PINP programs and the annotate command. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-7158 | 1 Numarasoftware | 1 Footprints | 2025-04-09 | 10.0 HIGH | N/A |
|
Numara FootPrints 7.5a through 7.5a1 and 8.0 through 8.0a allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) transcriptFile parameter to MRcgi/MRchat.pl or (2) LOADFILE parameter to MRcgi/MRABLoad2.pl. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2009-3233 | 1 Cameron Morland | 1 Changetrack | 2025-04-09 | 7.2 HIGH | N/A |
|
changetrack 4.3 allows local users to execute arbitrary commands via CRLF sequences and shell metacharacters in a filename in a directory that is checked by changetrack.
|
|||||
| CVE-2008-5516 | 3 Git, Git-scm, Rpath | 3 Git, Git, Linux | 2025-04-09 | 7.5 HIGH | N/A |
|
The web interface in git (gitweb) 1.5.x before 1.5.5 allows remote attackers to execute arbitrary commands via shell metacharacters related to git_search.
|
|||||
| CVE-2008-4796 | 4 Debian, Nagios, Snoopy Project and 1 more | 4 Debian Linux, Nagios, Snoopy and 1 more | 2025-04-09 | 10.0 HIGH | N/A |
|
The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote attackers to execute arbitrary commands via shell metacharacters in https URLs.
|
|||||
| CVE-2022-48252 | 1 Pi.alert Project | 1 Pi.alert | 2025-04-08 | N/A | 9.8 CRITICAL |
|
The jokob-sk/Pi.Alert fork (before 22.12.20) of Pi.Alert allows Remote Code Execution via nmap_scan.php (scan parameter) OS Command Injection.
|
|||||
| CVE-2022-2251 | 1 Gitlab | 1 Runner | 2025-04-08 | N/A | 4.8 MEDIUM |
|
Improper sanitization of branch names in GitLab Runner affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user who creates a branch with a specially crafted name and gets another user to trigger a pipeline to execute commands in the runner as that other user.
|
|||||
| CVE-2025-27078 | 2025-04-08 | N/A | 6.5 MEDIUM | ||
|
A vulnerability in a system binary of AOS-8 Instant and AOS-10 AP could allow an authenticated remote attacker to inject commands into the underlying operating system while using the CLI. Successful exploitation could lead to complete system compromise.
|
|||||
| CVE-2025-3361 | 2025-04-08 | N/A | 9.8 CRITICAL | ||
|
The web service of iSherlock from HGiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server.
|
|||||
| CVE-2025-3363 | 2025-04-08 | N/A | 9.8 CRITICAL | ||
|
The web service of iSherlock from HGiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server.
|
|||||
| CVE-2025-27079 | 2025-04-08 | N/A | 6.0 MEDIUM | ||
|
A vulnerability in the file creation process on the command line interface of AOS-8 Instant and AOS-10 AP could allow an authenticated remote attacker to perform remote code execution (RCE). Successful exploitation could allow an attacker to execute arbitrary operating system commands on the underlying operating system leading to potential system compromise.
|
|||||
| CVE-2025-3362 | 2025-04-08 | N/A | 9.8 CRITICAL | ||
|
The web service of iSherlock from HGiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server.
|
|||||
| CVE-2024-30645 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-04-08 | N/A | 8.0 HIGH |
|
Tenda AC15V1.0 V15.03.20_multi has a command injection vulnerability via the deviceName parameter.
|
|||||