Total
5072 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-9091 | 1 Bluecoat | 2 Advanced Secure Gateway, Content Analysis System Software | 2025-04-20 | N/A |
| Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content Analysis System (CAS) 1.3 before 1.3.7.4 are susceptible to an OS command injection vulnerability. An authenticated malicious administrator can execute arbitrary OS commands with elevated system privileges. | ||||
| CVE-2017-2128 | 1 Information-technology Promotion Agency | 1 Introduction To Safe Website Operation | 2025-04-20 | N/A |
| Security guide for website operators allows remote attackers to execute arbitrary OS commands via specially crafted saved data. | ||||
| CVE-2017-15924 | 2 Debian, Shadowsocks | 2 Debian Linux, Shadowsocks-libev | 2025-04-20 | N/A |
| In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic, related to the add_server, build_config, and construct_command_line functions. | ||||
| CVE-2017-2112 | 1 Iodata | 14 Ts-ptcam, Ts-ptcam\/poe, Ts-ptcam\/poe Firmware and 11 more | 2025-04-20 | N/A |
| TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. | ||||
| CVE-2017-2096 | 1 Smalruby | 1 Smalruby-editor | 2025-04-20 | 9.8 Critical |
| smalruby-editor v0.4.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. | ||||
| CVE-2017-16926 | 1 Ohcount Project | 1 Ohcount | 2025-04-20 | N/A |
| Ohcount 3.0.0 is prone to a command injection via specially crafted filenames containing shell metacharacters, which can be exploited by an attacker (providing a source tree for Ohcount processing) to execute arbitrary code as the user running Ohcount. | ||||
| CVE-2017-16641 | 1 Cacti | 1 Cacti | 2025-04-20 | N/A |
| lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php. | ||||
| CVE-2017-15226 | 1 Zyxel | 2 Nbg6716, Nbg6716 Firmware | 2025-04-20 | N/A |
| Zyxel NBG6716 V1.00(AAKG.9)C0 devices allow command injection in the ozkerz component because beginIndex and endIndex are used directly in a popen call. | ||||
| CVE-2017-15103 | 2 Heketi Project, Redhat | 3 Heketi, Enterprise Linux, Storage | 2025-04-20 | N/A |
| A security-check flaw was found in the way the Heketi 5 server API handled user requests. An authenticated Heketi user could send specially crafted requests to the Heketi server, resulting in remote command execution as the user running Heketi server and possibly privilege escalation. | ||||
| CVE-2017-12243 | 1 Cisco | 9 Firepower 4100 Next-generation Firewall Firmware, Firepower 4110 Next-generation Firewall, Firepower 4120 Next-generation Firewall and 6 more | 2025-04-20 | N/A |
| A vulnerability in the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to obtain root shell privileges on the device, aka Command Injection. The vulnerability is due to improper validation of string input in the shell application. An attacker could exploit this vulnerability through the use of malicious commands. A successful exploit could allow the attacker to obtain root shell privileges on the device. Cisco Bug IDs: CSCvf20741, CSCvf60078. | ||||
| CVE-2017-14867 | 2 Debian, Git-scm | 2 Debian Linux, Git | 2025-04-20 | N/A |
| Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support. | ||||
| CVE-2017-1453 | 1 Ibm | 1 Security Access Manager 9.0 Firmware | 2025-04-20 | N/A |
| IBM Security Access Manager Appliance 9.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 128372. | ||||
| CVE-2017-14500 | 1 Newsbeuter | 1 Newsbeuter | 2025-04-20 | N/A |
| Improper Neutralization of Special Elements used in an OS Command in the podcast playback function of Podbeuter in Newsbeuter 0.3 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item with a media enclosure (i.e., a podcast file) that includes shell metacharacters in its filename, related to pb_controller.cpp and queueloader.cpp, a different vulnerability than CVE-2017-12904. | ||||
| CVE-2017-14100 | 1 Digium | 2 Asterisk, Certified Asterisk | 2025-04-20 | N/A |
| In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized command execution is possible. The app_minivm module has an "externnotify" program configuration option that is executed by the MinivmNotify dialplan application. The application uses the caller-id name and number as part of a built string passed to the OS shell for interpretation and execution. Since the caller-id name and number can come from an untrusted source, a crafted caller-id name or number allows an arbitrary shell command injection. | ||||
| CVE-2017-14001 | 1 Digium | 1 Asterisk Gui | 2025-04-20 | N/A |
| An Improper Neutralization of Special Elements used in an OS Command issue was discovered in Digium Asterisk GUI 2.1.0 and prior. An OS command injection vulnerability has been identified that may allow the execution of arbitrary code on the system through the inclusion of OS commands in the URL request of the program. | ||||
| CVE-2017-13713 | 1 Twsz | 2 Wifi Repeater, Wifi Repeater Firmware | 2025-04-20 | N/A |
| T&W WIFI Repeater BE126 allows remote authenticated users to execute arbitrary code via shell metacharacters in the user parameter to cgi-bin/webupg. | ||||
| CVE-2017-11566 | 1 Appsec-labs | 1 Appuse | 2025-04-20 | 7.8 High |
| AppUse 4.0 allows shell command injection via a proxy field. | ||||
| CVE-2017-11395 | 1 Trendmicro | 1 Smart Protection Server | 2025-04-20 | N/A |
| Command injection vulnerability in Trend Micro Smart Protection Server (Standalone) 3.1 and 3.2 server administration UI allows attackers with authenticated access to execute arbitrary code on vulnerable installations. | ||||
| CVE-2017-11381 | 1 Trendmicro | 1 Deep Discovery Director | 2025-04-20 | N/A |
| A command injection vulnerability exists in Trend Micro Deep Discovery Director 1.1 that allows an attacker to restore accounts that can access the pre-configuration console. | ||||
| CVE-2017-11366 | 1 Codiad | 1 Codiad | 2025-04-20 | N/A |
| components/filemanager/class.filemanager.php in Codiad before 2.8.4 is vulnerable to remote command execution because shell commands can be embedded in parameter values, as demonstrated by search_file_type. | ||||