Total
2218 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-7839 | 1 Solarwinds | 1 Log And Event Manager | 2025-04-12 | 7.5 HIGH | N/A |
| SolarWinds Log and Event Manager (LEM) allows remote attackers to execute arbitrary commands on managed computers via a request to services/messagebroker/nonsecurestreamingamf involving the traceroute functionality. | |||||
| CVE-2015-1949 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2025-04-12 | 10.0 HIGH | N/A |
| The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to execute arbitrary commands with SYSTEM privileges via unspecified vectors. | |||||
| CVE-2016-0326 | 1 Ibm | 2 Rational Collaborative Lifecycle Management, Rational Quality Manager | 2025-04-12 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Rational Quality Manager (RQM) and Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.x before 4.0.7 iFix11, 5.x before 5.0.2 iFix17, and 6.x before 6.0.1 ifix3 allow remote authenticated users to execute arbitrary OS commands via a crafted "HTML request." | |||||
| CVE-2015-2746 | 1 Websense | 2 Triton, V-series Appliances | 2025-04-12 | 6.5 MEDIUM | N/A |
| The network diagnostics tool (CommandLineServlet) in the Appliance Manager command line utility (CLU) in Websense TRITON 7.8.3 and V-Series appliances before 7.8.4 Hotfix 02 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the "second" parameter of a command, as demonstrated by the Destination parameter in the ping command. | |||||
| CVE-2015-2208 | 1 Avinu | 1 Phpmoadmin | 2025-04-12 | 7.5 HIGH | N/A |
| The saveObject function in moadmin.php in phpMoAdmin 1.1.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the object parameter. | |||||
| CVE-2015-5190 | 1 Pacemaker\/corosync Configuration System Project | 1 Pacemaker\/corosync Configuration System | 2025-04-12 | 8.5 HIGH | N/A |
| The pcsd web UI in PCS 0.9.139 and earlier allows remote authenticated users to execute arbitrary commands via "escape characters" in a URL. | |||||
| CVE-2015-8968 | 1 Squareup | 1 Git-fastclone | 2025-04-12 | 9.3 HIGH | 8.8 HIGH |
| git-fastclone before 1.0.1 permits arbitrary shell command execution from .gitmodules. If an attacker can instruct a user to run a recursive clone from a repository they control, they can get a client to run an arbitrary shell command. Alternately, if an attacker can MITM an unencrypted git clone, they could exploit this. The ext command will be run if the repository is recursively cloned or if submodules are updated. This attack works when cloning both local and remote repositories. | |||||
| CVE-2014-8515 | 1 Bittorrent | 1 Bittorrent | 2025-04-12 | 6.8 MEDIUM | N/A |
| The web interface in BitTorrent allows remote attackers to execute arbitrary commands by leveraging knowledge of the pairing values and a crafted request to port 10000. | |||||
| CVE-2016-2397 | 1 Sonicwall | 4 Analyzer, Global Management System, Uma Em5000 and 1 more | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted XML data. | |||||
| CVE-2015-4974 | 1 Ibm | 2 General Parallel File System, Spectrum Scale | 2025-04-12 | 7.2 HIGH | N/A |
| IBM General Parallel File System (GPFS) 3.5.x before 3.5.0.27 and 4.1.x before 4.1.1.2 and Spectrum Scale 4.1.1.x before 4.1.1.2 allow local users to obtain root privileges for command execution via unspecified vectors. | |||||
| CVE-2016-0920 | 1 Emc | 1 Avamar Server | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
| Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root access via a crafted parameter to a command that is available in the sudo configuration. | |||||
| CVE-2014-3524 | 2 Apache, Libreoffice | 2 Openoffice, Libreoffice | 2025-04-12 | 9.3 HIGH | N/A |
| Apache OpenOffice before 4.1.1 allows remote attackers to execute arbitrary commands and possibly have other unspecified impact via a crafted Calc spreadsheet. | |||||
| CVE-2016-3081 | 2 Apache, Oracle | 2 Struts, Siebel E-billing | 2025-04-12 | 9.3 HIGH | 8.1 HIGH |
| Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to chained expressions. | |||||
| CVE-2015-0857 | 2 Debian, Tardiff Project | 2 Debian Linux, Tardiff | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| Cool Projects TarDiff allows remote attackers to execute arbitrary commands via shell metacharacters in the name of a (1) tar file or (2) file within a tar file. | |||||
| CVE-2015-1561 | 1 Centreon | 1 Centreon | 2025-04-12 | 6.5 MEDIUM | N/A |
| The escape_command function in include/Administration/corePerformance/getStats.php in Centreon (formerly Merethis Centreon) 2.5.4 and earlier (fixed in Centreon 19.10.0) uses an incorrect regular expression, which allows remote authenticated users to execute arbitrary commands via shell metacharacters in the ns_id parameter. | |||||
| CVE-2014-9277 | 1 Mediawiki | 1 Mediawiki | 2025-04-12 | 7.5 HIGH | N/A |
| The wfMangleFlashPolicy function in OutputHandler.php in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7 allows remote attackers to conduct PHP object injection attacks via a crafted string containing <cross-domain-policy> in a PHP format request, which causes the string length to change when converting the request to <NOT-cross-domain-policy>. | |||||
| CVE-2015-8969 | 1 Squareup | 1 Git-fastclone | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| git-fastclone before 1.0.5 passes user modifiable strings directly to a shell command. An attacker can execute malicious commands by modifying the strings that are passed as arguments to "cd " and "git clone " commands in the library. | |||||
| CVE-2016-6367 | 1 Cisco | 30 Adaptive Security Appliance Software, Asa 5500, Asa 5500-x and 27 more | 2025-04-12 | 6.8 MEDIUM | 7.8 HIGH |
| Cisco Adaptive Security Appliance (ASA) Software before 8.4(1) on ASA 5500, ASA 5500-X, PIX, and FWSM devices allows local users to gain privileges via invalid CLI commands, aka Bug ID CSCtu74257 or EPICBANANA. | |||||
| CVE-2015-5011 | 1 Ibm | 2 Integration Bus, Websphere Message Broker | 2025-04-12 | 3.2 LOW | N/A |
| IBM WebSphere Message Broker 8 before 8.0.0.6 and Integration Bus 9 before 9.0.0.4 do not check authorization for MQSISTARTMSGFLOW and MQSISTOPMSGFLOW commands, which allows local users to bypass intended access restrictions, and start or stop a service, by issuing a command. | |||||
| CVE-2013-7418 | 1 Ipcop | 1 Ipcop | 2025-04-12 | 6.5 MEDIUM | N/A |
| cgi-bin/iptablesgui.cgi in IPCop (aka IPCop Firewall) before 2.1.5 allows remote authenticated users to execute arbitrary code via shell metacharacters in the TABLE parameter. NOTE: this can be exploited remotely by leveraging a separate cross-site scripting (XSS) vulnerability. | |||||