Total
5056 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-11061 | 1 Xerox | 50 Workcentre 3655, Workcentre 3655 Firmware, Workcentre 3655i and 47 more | 2024-11-21 | 9.8 Critical |
| Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, and 7970i devices before 073.xxx.086.15410 do not properly escape parameters in the support/remoteUI/configrui.php script, which can allow an unauthenticated attacker to execute OS commands on the device. | ||||
| CVE-2016-11054 | 1 Netgear | 2 Dgn2200, Dgn2200 Firmware | 2024-11-21 | 7.2 High |
| NETGEAR DGN2200v4 devices before 2017-01-06 are affected by command execution and an FTP insecure root directory. | ||||
| CVE-2016-11022 | 1 Netgear | 6 Prosafe Wc7520, Prosafe Wc7520 Firmware, Prosafe Wc7600 and 3 more | 2024-11-21 | 7.2 High |
| NETGEAR Prosafe WC9500 5.1.0.17, WC7600 5.1.0.17, and WC7520 2.5.0.35 devices allow a remote attacker to execute code with root privileges via shell metacharacters in the reqMethod parameter to login_handler.php. | ||||
| CVE-2016-11017 | 1 Akips | 1 Network Monitor | 2024-11-21 | 9.8 Critical |
| The application login page in AKIPS Network Monitor 15.37 through 16.5 allows a remote unauthenticated attacker to execute arbitrary OS commands via shell metacharacters in the username parameter (a failed login attempt returns the command-injection output to a limited login failure field). This is fixed in 16.6. | ||||
| CVE-2016-10729 | 3 Debian, Redhat, Zmanda | 3 Debian Linux, Enterprise Linux, Amanda | 2024-11-21 | N/A |
| An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. The "runtar" setuid root binary does not check for additional arguments supplied after --create, allowing users to manipulate commands and perform command injection as root. | ||||
| CVE-2016-10709 | 1 Pfsense | 1 Pfsense | 2024-11-21 | N/A |
| pfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a '|' character in the status_rrd_graph_img.php graph parameter, related to _rrd_graph_img.php. | ||||
| CVE-2016-10541 | 1 Shell-quote Project | 1 Shell-quote | 2024-11-21 | 9.8 Critical |
| The npm module "shell-quote" 1.6.0 and earlier cannot correctly escape ">" and "<" operator used for redirection in shell. Applications that depend on shell-quote may also be vulnerable. A malicious user could perform code injection. | ||||
| CVE-2016-0291 | 1 Ibm | 1 Bigfix Platform | 2024-11-21 | N/A |
| IBM BigFix Platform 9.0, 9.1 before 9.1.8, and 9.2 before 9.2.8 allow remote authenticated users to execute arbitrary commands by leveraging report server access. IBM X-Force ID: 111302. | ||||
| CVE-2015-4117 | 1 Vestacp | 1 Control Panel | 2024-11-21 | N/A |
| Vesta Control Panel before 0.9.8-14 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the backup parameter to list/backup/index.php. | ||||
| CVE-2015-3611 | 1 Fortinet | 1 Fortimanager | 2024-11-21 | 8.8 High |
| A Command Injection vulnerability exists in FortiManager 5.2.1 and earlier and FortiManager 5.0.10 and earlier via unspecified vectors, which could let a malicious user run systems commands when executing a report. | ||||
| CVE-2015-2201 | 2 Arubanetworks, Hp | 2 Airwave, Airwave | 2024-11-21 | 7.2 High |
| Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows VisualRF remote OS command execution and file disclosure by administrative users. | ||||
| CVE-2014-8945 | 1 Piwigo | 1 Lexiglot | 2024-11-21 | 9.8 Critical |
| admin.php?page=projects in Lexiglot through 2014-11-20 allows command injection via username and password fields. | ||||
| CVE-2014-8563 | 1 Synacor | 1 Zimbra Collaboration Server | 2024-11-21 | 9.8 Critical |
| Synacor Zimbra Collaboration before 8.0.9 allows plaintext command injection during STARTTLS. | ||||
| CVE-2014-8126 | 2 Redhat, Wisc | 2 Enterprise Mrg, Htcondor | 2024-11-21 | 8.8 High |
| The scheduler in HTCondor before 8.2.6 allows remote authenticated users to execute arbitrary code. | ||||
| CVE-2014-7844 | 3 Bsd Mailx Project, Debian, Redhat | 9 Bsd Mailx, Debian Linux, Enterprise Linux and 6 more | 2024-11-21 | 7.8 High |
| BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address. | ||||
| CVE-2014-7173 | 1 Farsite | 2 Farlinx X25 Gateway, Farlinx X25 Gateway Firmware | 2024-11-21 | 9.8 Critical |
| FarLinX X25 Gateway through 2014-09-25 allows command injection via shell metacharacters to sysSaveMonitorData.php, fsx25MonProxy.php, syseditdate.php, iframeupload.php, or sysRestoreX25Cplt.php. | ||||
| CVE-2014-4981 | 1 Xorux | 1 Lpar2rrd | 2024-11-21 | 9.8 Critical |
| LPAR2RRD in 3.5 and earlier allows remote attackers to execute arbitrary commands due to insufficient input sanitization of the web GUI parameters. | ||||
| CVE-2014-2727 | 1 Trustwave | 1 Mailmarshal | 2024-11-21 | 9.8 Critical |
| The STARTTLS implementation in MailMarshal before 7.2 allows plaintext command injection. | ||||
| CVE-2014-2650 | 1 Atos | 30 Openscape Desk Phone Ip 35g, Openscape Desk Phone Ip 35g Eco, Openscape Desk Phone Ip 35g Eco Firmware and 27 more | 2024-11-21 | 9.8 Critical |
| Unify OpenStage / OpenScape Desk Phone IP before V3 R3.11.0 SIP has an OS command injection vulnerability in the web based management interface | ||||
| CVE-2014-0593 | 1 Opensuse | 1 Open Build Service | 2024-11-21 | N/A |
| The set_version script as shipped with obs-service-set_version is a source validator for the Open Build Service (OBS). In versions prior to 0.5.3-1.1 this script did not properly sanitize the input provided by the user, allowing for code execution on the executing server. | ||||