Total
4218 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-2148 | 1 Smartertools | 1 Smarterstats | 2025-04-11 | 10.0 HIGH | N/A |
| Admin/frmSite.aspx in the SmarterTools SmarterStats 6.0 web server allows remote attackers to execute arbitrary commands via vectors involving a leading and trailing & (ampersand) character, and (1) an STTTState cookie, (2) the ctl00%24MPH%24txtAdminNewPassword_SettingText parameter, (3) the ctl00%24MPH%24txtSmarterLogDirectory parameter, (4) the ctl00%24MPH%24ucSiteSeoSearchEngineSettings%24chklistEngines_SettingCheckBox%2414 parameter, (5) the ctl00%24MPH%24ucSiteSeoSettings%24txtSeoMaxKeywords_SettingText parameter, or (6) the ctl00_MPH_grdLogLocations_HiddenLSR parameter, related to an "OS command injection" issue. | |||||
| CVE-2011-0456 | 1 Otrs | 1 Otrs | 2025-04-11 | 7.5 HIGH | N/A |
| webscript.pl in Open Ticket Request System (OTRS) 2.3.4 and earlier allows remote attackers to execute arbitrary commands via unspecified vectors, related to a "command injection vulnerability." | |||||
| CVE-2013-3444 | 1 Cisco | 8 Application And Content Networking System Software, Enterprise Content Delivery Network Software, Internet Streamer Content Delivery System and 5 more | 2025-04-11 | 9.0 HIGH | N/A |
| The web framework in Cisco WAAS Software before 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and 5.2.x before 5.2.1; Cisco ACNS Software 4.x and 5.x before 5.5.29.2; Cisco ECDS Software 2.x before 2.5.6; Cisco CDS-IS Software 2.x before 2.6.3.b50 and 3.1.x before 3.1.2b54; Cisco VDS-IS Software 3.2.x before 3.2.1.b9; Cisco VDS-SB Software 1.x before 1.1.0-b96; Cisco VDS-OE Software 1.x before 1.0.1; and Cisco VDS-OS Software 1.x in central-management mode allows remote authenticated users to execute arbitrary commands by appending crafted strings to values in GUI fields, aka Bug IDs CSCug40609, CSCug48855, CSCug48921, CSCug48872, CSCuh21103, CSCuh21020, and CSCug56790. | |||||
| CVE-2010-1885 | 1 Microsoft | 3 Windows 2003 Server, Windows Server 2003, Windows Xp | 2025-04-11 | 9.3 HIGH | N/A |
| The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka "Help Center URL Validation Vulnerability." | |||||
| CVE-2013-6881 | 1 Cru-inc | 2 Ditto Forensic Fieldstation, Ditto Forensic Fieldstation Firmware | 2025-04-11 | 10.0 HIGH | N/A |
| CRU Ditto Forensic FieldStation with firmware before 2013Oct15a allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) sector size or (2) skip count fields for the forensic imaging task. | |||||
| CVE-2012-3366 | 1 Anl | 1 Bcfg2 | 2025-04-11 | 9.0 HIGH | N/A |
| The Trigger plugin in bcfg2 1.2.x before 1.2.3 allows remote attackers with root access to the client to execute arbitrary commands via shell metacharacters in the UUID field to the server process (bcfg2-server). | |||||
| CVE-2013-3365 | 1 Trendnet | 1 Tew-812dru | 2025-04-11 | 8.5 HIGH | N/A |
| TRENDnet TEW-812DRU router allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) wan network prefix to internet/ipv6.asp; (2) remote port to adm/management.asp; (3) pptp username, (4) pptp password, (5) ip, (6) gateway, (7) l2tp username, or (8) l2tp password to internet/wan.asp; (9) NtpDstStart, (10) NtpDstEnd, or (11) NtpDstOffset to adm/time.asp; or (12) device url to adm/management.asp. NOTE: vectors 9, 10, and 11 can be exploited by unauthenticated remote attackers by leveraging CVE-2013-3098. | |||||
| CVE-2013-5946 | 1 Dlink | 16 Dsr-1000, Dsr-1000 Firmware, Dsr-1000n and 13 more | 2025-04-11 | 10.0 HIGH | N/A |
| The runShellCmd function in systemCheck.htm in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) "Ping or Trace an IP Address" or (2) "Perform a DNS Lookup" section. | |||||
| CVE-2013-4457 | 1 Thoughtbot | 1 Cocaine | 2025-04-11 | 6.8 MEDIUM | N/A |
| The Cocaine gem 0.4.0 through 0.5.2 for Ruby allows context-dependent attackers to execute arbitrary commands via a crafted has object, related to recursive variable interpolation. | |||||
| CVE-2011-0375 | 1 Cisco | 7 Telepresence System 1000, Telepresence System 1100, Telepresence System 1300 Series and 4 more | 2025-04-11 | 9.0 HIGH | N/A |
| The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.6.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCth24671. | |||||
| CVE-2013-3576 | 1 Hp | 1 System Management Homepage | 2025-04-11 | 9.0 HIGH | N/A |
| ginkgosnmp.inc in HP System Management Homepage (SMH) allows remote authenticated users to execute arbitrary commands via shell metacharacters in the PATH_INFO to smhutil/snmpchp.php.en. | |||||
| CVE-2011-0381 | 1 Cisco | 1 Telepresence Manager | 2025-04-11 | 10.0 HIGH | N/A |
| Cisco TelePresence Manager 1.2.x through 1.6.x allows remote attackers to perform unspecified actions and consequently execute arbitrary code via a crafted request to the Java RMI interface, related to a "command injection vulnerability," aka Bug ID CSCtf97085. | |||||
| CVE-2010-4278 | 1 Artica | 1 Pandora Fms | 2025-04-11 | 9.0 HIGH | N/A |
| operation/agentes/networkmap.php in Pandora FMS before 3.1.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the layout parameter in an operation/agentes/networkmap action to index.php. | |||||
| CVE-2012-2607 | 1 Johnsoncontrols | 2 Network Controller, Network Controller Firmware | 2025-04-11 | 7.5 HIGH | N/A |
| The Johnson Controls CK721-A controller with firmware before SSM4388_03.1.0.14_BB allows remote attackers to perform arbitrary actions via crafted packets to TCP port 41014 (aka the download port). | |||||
| CVE-2012-3074 | 1 Cisco | 11 Telepresence System 1300 65, Telepresence System 3000, Telepresence System 3010 and 8 more | 2025-04-11 | 8.3 HIGH | N/A |
| An unspecified API on Cisco TelePresence Immersive Endpoint Devices before 1.9.1 allows remote attackers to execute arbitrary commands by leveraging certain adjacency and sending a malformed request on TCP port 61460, aka Bug ID CSCtz38382. | |||||
| CVE-2013-5703 | 1 Draytek | 2 Vigor 2700 Router, Vigor 2700 Router Firmware | 2025-04-11 | 6.8 MEDIUM | N/A |
| The DrayTek Vigor 2700 router 2.8.3 allows remote attackers to execute arbitrary JavaScript code, and modify settings or the DNS cache, via a crafted SSID value that is not properly handled during insertion into the sWlessSurvey value in variables.js. | |||||
| CVE-2010-2445 | 1 Freeciv | 1 Freeciv | 2025-04-11 | 10.0 HIGH | N/A |
| freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read arbitrary files or execute arbitrary commands via a scenario that contains Lua functionality, related to the (1) os, (2) io, (3) package, (4) dofile, (5) loadfile, (6) loadlib, (7) module, and (8) require modules or functions. | |||||
| CVE-2012-3075 | 1 Cisco | 11 Telepresence System 1300 65, Telepresence System 3000, Telepresence System 3010 and 8 more | 2025-04-11 | 9.0 HIGH | N/A |
| The administrative web interface on Cisco TelePresence Immersive Endpoint Devices before 1.7.4 allows remote authenticated users to execute arbitrary commands via a malformed request on TCP port 443, aka Bug ID CSCtn99724. | |||||
| CVE-2013-4781 | 1 Siemens | 2 Enterprise Openscape Branch, Openscape Session Border Controller | 2025-04-11 | 10.0 HIGH | N/A |
| core/getLog.php on the Siemens Enterprise OpenScape Branch appliance and OpenScape Session Border Controller (SBC) before 2 R0.32.0, and 7 before 7 R1.7.0, allows remote attackers to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2010-3753 | 1 Xelerance | 1 Openswan | 2025-04-11 | 6.5 MEDIUM | N/A |
| programs/pluto/xauth.c in the client in Openswan 2.6.26 through 2.6.28 allows remote authenticated gateways to execute arbitrary commands via shell metacharacters in the cisco_banner (aka server_banner) field, a different vulnerability than CVE-2010-3308. | |||||