Total
4662 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-7769 | 1 Basercms | 1 Basercms | 2025-04-12 | 6.5 MEDIUM | 6.3 MEDIUM |
| baserCMS 3.0.2 through 3.0.8 allows remote authenticated users to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2014-6271 | 17 Apple, Arista, Canonical and 14 more | 85 Mac Os X, Eos, Ubuntu Linux and 82 more | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix. | |||||
| CVE-2015-7901 | 1 Infinite Automation Systems | 1 Mango Automation | 2025-04-12 | 6.5 MEDIUM | N/A |
| Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote authenticated users to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2016-6631 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-12 | 8.5 HIGH | 7.5 HIGH |
| An issue was discovered in phpMyAdmin. A user can execute a remote code execution attack against a server when phpMyAdmin is being run as a CGI application. Under certain server configurations, a user can pass a query string which is executed as a command-line argument by the file generator_plugin.sh. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | |||||
| CVE-2015-7426 | 1 Ibm | 2 Spectrum Protect For Virtual Environments, Spectrum Protect Snapshot | 2025-04-12 | 10.0 HIGH | 10.0 CRITICAL |
| The Data Protection extension in the VMware GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 7.1 before 7.1.3.0 and Tivoli Storage FlashCopy Manager for VMware (aka Spectrum Protect Snapshot) 4.1 before 4.1.3.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2013-6719 | 1 Ibm | 1 Tealeaf Cx | 2025-04-12 | 6.0 MEDIUM | N/A |
| delivery.php in the Passive Capture Application (PCA) web console in IBM Tealeaf CX 7.x, 8.x through 8.6, 8.7 before FP2, and 8.8 before FP2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the testconn_host parameter. | |||||
| CVE-2015-7774 | 2 Pc-egg, Php | 2 Pwebmanager, Php | 2025-04-12 | 6.5 MEDIUM | N/A |
| PC-EGG pWebManager before 3.3.10, and before 2.2.2 for PHP 4.x, allows remote authenticated users to execute arbitrary OS commands by leveraging the editor role. | |||||
| CVE-2016-1141 | 1 Kddi | 2 Home Spot Cube, Home Spot Cube Firmware | 2025-04-12 | 6.5 MEDIUM | 4.7 MEDIUM |
| KDDI HOME SPOT CUBE devices before 2 allow remote authenticated users to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2014-8334 | 1 Wp-dbmanager Project | 1 Wp-dbmanager | 2025-04-12 | 6.5 MEDIUM | N/A |
| The WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) $backup['filepath'] (aka "Path to Backup:" field) or (2) $backup['mysqldumppath'] variable. | |||||
| CVE-2016-1297 | 1 Cisco | 1 Application Control Engine Software | 2025-04-12 | 9.0 HIGH | 8.8 HIGH |
| The Device Manager GUI in Cisco Application Control Engine (ACE) 4710 A5 before A5(3.1) allows remote authenticated users to bypass intended RBAC restrictions and execute arbitrary CLI commands with admin privileges via an unspecified parameter in a POST request, aka Bug ID CSCul84801. | |||||
| CVE-2016-2876 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2025-04-12 | 8.5 HIGH | 7.5 HIGH |
| IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 executes unspecified processes at an incorrect privilege level, which makes it easier for remote authenticated users to obtain root access by leveraging a command-injection issue. | |||||
| CVE-2016-4853 | 1 Akabei Soft2 | 1 Happy Wardrobe | 2025-04-12 | 6.8 MEDIUM | 7.8 HIGH |
| AKABEi SOFT2 games allow remote attackers to execute arbitrary OS commands via crafted saved data, as demonstrated by Happy Wardrobe. | |||||
| CVE-2015-2980 | 1 Yodobashi | 1 Yodobashi | 2025-04-12 | 6.8 MEDIUM | N/A |
| The Yodobashi application 1.2.1.0 and earlier for Android allows remote attackers to execute arbitrary Java methods, and consequently obtain sensitive information or execute OS commands, via a crafted HTML document. | |||||
| CVE-2015-4183 | 1 Cisco | 1 Unified Computing System | 2025-04-12 | 7.2 HIGH | N/A |
| Cisco UCS Central Software 1.2(1a) allows local users to gain privileges for OS command execution via a crafted CLI parameter, aka Bug ID CSCut32795. | |||||
| CVE-2014-3121 | 1 Marc Lehmann | 1 Rxvt-unicode | 2025-04-12 | 7.6 HIGH | N/A |
| rxvt-unicode before 9.20 does not properly handle OSC escape sequences, which allows user-assisted remote attackers to manipulate arbitrary X window properties and execute arbitrary commands. | |||||
| CVE-2014-2967 | 1 Autodesk | 1 Vred | 2025-04-12 | 10.0 HIGH | N/A |
| Autodesk VRED Professional 2014 before SR1 SP8 allows remote attackers to execute arbitrary code via Python os library calls in Python API commands to the integrated web server. | |||||
| CVE-2016-3028 | 1 Ibm | 2 Security Access Manager, Security Access Manager For Web | 2025-04-12 | 9.0 HIGH | 9.1 CRITICAL |
| IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0.1.4 IF3 and Security Access Manager 9.0 before 9.0.1.0 IF5 allow remote authenticated users to execute arbitrary commands by leveraging LMI admin access. | |||||
| CVE-2014-3360 | 1 Cisco | 2 Ios, Ios Xe | 2025-04-12 | 7.8 HIGH | N/A |
| Cisco IOS 12.4 and 15.0 through 15.4 and IOS XE 3.1.xS, 3.2.xS, 3.3.xS, 3.4.xS, 3.5.xS, 3.6.xS, and 3.7.xS before 3.7.6S; 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S; and 3.11.xS before 3.12S allow remote attackers to cause a denial of service (device reload) via a crafted SIP message, aka Bug ID CSCul46586. | |||||
| CVE-2015-4244 | 1 Cisco | 1 Asr 5000 Series Software | 2025-04-12 | 7.2 HIGH | N/A |
| The boot implementation on Cisco ASR 5000 and 5500 devices with software 14.0 allows local users to execute arbitrary Linux commands by leveraging administrative privileges for storage of these commands in a Compact Flash (CF) file, aka Bug ID CSCuu75278. | |||||
| CVE-2016-1320 | 1 Cisco | 1 Prime Collaboration | 2025-04-12 | 6.8 MEDIUM | 6.7 MEDIUM |
| The CLI in Cisco Prime Collaboration 9.0 and 11.0 allows local users to execute arbitrary OS commands as root by leveraging administrator privileges, aka Bug ID CSCux69286. | |||||