Total
4964 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-0412 | 1 Systemtap | 1 Systemtap | 2025-04-11 | N/A |
| stap-server in SystemTap 1.1 does not properly restrict the value of the -B (aka BUILD) option, which allows attackers to have an unspecified impact via vectors associated with executing the make program, a different vulnerability than CVE-2009-4273. | ||||
| CVE-2013-2617 | 1 Curl Project | 1 Curl | 2025-04-11 | N/A |
| lib/curl.rb in the Curl Gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL. | ||||
| CVE-2011-1018 | 2 Logwatch, Redhat | 2 Logwatch, Enterprise Linux | 2025-04-11 | N/A |
| logwatch.pl in Logwatch 7.3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in a log file name, as demonstrated via a crafted username to a Samba server. | ||||
| CVE-2011-4502 | 4 Canyon-tech, Edimax, Sitecom and 1 more | 12 Cn-wf512, Cn-wf512 Router Firmware, Cn-wf514 and 9 more | 2025-04-11 | N/A |
| The UPnP IGD implementation in Edimax EdiLinux on the Edimax BR-6104K with firmware before 3.25, Edimax 6114Wg, Canyon-Tech CN-WF512 with firmware 1.83, Canyon-Tech CN-WF514 with firmware 2.08, Sitecom WL-153 with firmware before 1.39, and Sweex LB000021 with firmware 3.15 allows remote attackers to execute arbitrary commands via shell metacharacters. | ||||
| CVE-2013-3365 | 1 Trendnet | 1 Tew-812dru | 2025-04-11 | N/A |
| TRENDnet TEW-812DRU router allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) wan network prefix to internet/ipv6.asp; (2) remote port to adm/management.asp; (3) pptp username, (4) pptp password, (5) ip, (6) gateway, (7) l2tp username, or (8) l2tp password to internet/wan.asp; (9) NtpDstStart, (10) NtpDstEnd, or (11) NtpDstOffset to adm/time.asp; or (12) device url to adm/management.asp. NOTE: vectors 9, 10, and 11 can be exploited by unauthenticated remote attackers by leveraging CVE-2013-3098. | ||||
| CVE-2013-2578 | 1 Tp-link | 5 Lm Firmware, Tl-sc3130, Tl-sc3130g and 2 more | 2025-04-11 | N/A |
| cgi-bin/admin/servetest in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the ServerName parameter and (2) other unspecified parameters. | ||||
| CVE-2011-0381 | 1 Cisco | 1 Telepresence Manager | 2025-04-11 | N/A |
| Cisco TelePresence Manager 1.2.x through 1.6.x allows remote attackers to perform unspecified actions and consequently execute arbitrary code via a crafted request to the Java RMI interface, related to a "command injection vulnerability," aka Bug ID CSCtf97085. | ||||
| CVE-2012-4108 | 1 Cisco | 1 Unified Computing System | 2025-04-11 | N/A |
| The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges and execute arbitrary operating-system commands via crafted parameters to a file-related command, aka Bug ID CSCtq86554. | ||||
| CVE-2013-7104 | 1 Mcafee | 1 Email Gateway | 2025-04-11 | N/A |
| McAfee Email Gateway 7.6 allows remote authenticated administrators to execute arbitrary commands by specifying them in the value attribute in a (1) Command or (2) Script XML element. NOTE: this issue can be combined with CVE-2013-7092 to allow remote attackers to execute commands. | ||||
| CVE-2013-3444 | 1 Cisco | 8 Application And Content Networking System Software, Enterprise Content Delivery Network Software, Internet Streamer Content Delivery System and 5 more | 2025-04-11 | N/A |
| The web framework in Cisco WAAS Software before 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and 5.2.x before 5.2.1; Cisco ACNS Software 4.x and 5.x before 5.5.29.2; Cisco ECDS Software 2.x before 2.5.6; Cisco CDS-IS Software 2.x before 2.6.3.b50 and 3.1.x before 3.1.2b54; Cisco VDS-IS Software 3.2.x before 3.2.1.b9; Cisco VDS-SB Software 1.x before 1.1.0-b96; Cisco VDS-OE Software 1.x before 1.0.1; and Cisco VDS-OS Software 1.x in central-management mode allows remote authenticated users to execute arbitrary commands by appending crafted strings to values in GUI fields, aka Bug IDs CSCug40609, CSCug48855, CSCug48921, CSCug48872, CSCuh21103, CSCuh21020, and CSCug56790. | ||||
| CVE-2013-7103 | 1 Mcafee | 1 Email Gateway | 2025-04-11 | N/A |
| McAfee Email Gateway 7.6 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the value attribute in a (1) TestFile XML element or the (2) hostname. NOTE: this issue can be combined with CVE-2013-7092 to allow remote attackers to execute commands. | ||||
| CVE-2013-5667 | 1 Thecus | 2 N8800 Nas Server, N8800 Nas Server Firmware | 2025-04-11 | N/A |
| The Thecus NAS server N8800 with firmware 5.03.01 allows remote attackers to execute arbitrary commands via a get_userid action with shell metacharacters in the username parameter. | ||||
| CVE-2013-4781 | 1 Siemens | 2 Enterprise Openscape Branch, Openscape Session Border Controller | 2025-04-11 | N/A |
| core/getLog.php on the Siemens Enterprise OpenScape Branch appliance and OpenScape Session Border Controller (SBC) before 2 R0.32.0, and 7 before 7 R1.7.0, allows remote attackers to execute arbitrary commands via unspecified vectors. | ||||
| CVE-2013-4457 | 1 Thoughtbot | 1 Cocaine | 2025-04-11 | N/A |
| The Cocaine gem 0.4.0 through 0.5.2 for Ruby allows context-dependent attackers to execute arbitrary commands via a crafted has object, related to recursive variable interpolation. | ||||
| CVE-2013-5703 | 1 Draytek | 2 Vigor 2700 Router, Vigor 2700 Router Firmware | 2025-04-11 | N/A |
| The DrayTek Vigor 2700 router 2.8.3 allows remote attackers to execute arbitrary JavaScript code, and modify settings or the DNS cache, via a crafted SSID value that is not properly handled during insertion into the sWlessSurvey value in variables.js. | ||||
| CVE-2013-1616 | 1 Symantec | 3 Web Gateway, Web Gateway Appliance 8450, Web Gateway Appliance 8490 | 2025-04-11 | N/A |
| The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote attackers to execute arbitrary commands by injecting a command into an application script. | ||||
| CVE-2013-1362 | 2 Nagios, Opensuse | 2 Remote Plug In Executor, Opensuse | 2025-04-11 | N/A |
| Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor (NRPE) before 2.14 might allow remote attackers to execute arbitrary shell commands via "$()" shell metacharacters, which are processed by bash. | ||||
| CVE-2013-0928 | 1 Emc | 1 Alphastor | 2025-04-11 | N/A |
| The NetWorker command processor in rrobotd.exe in the Device Manager in EMC AlphaStor 4.0 before build 800 allows remote attackers to execute arbitrary commands via a DCP "run command" operation. | ||||
| CVE-2012-2140 | 2 Cloudforms Cloudengine, Rubygems | 2 1, Mail Gem | 2025-04-11 | N/A |
| The Mail gem before 2.4.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) sendmail or (2) exim delivery. | ||||
| CVE-2012-6602 | 1 Paloaltonetworks | 1 Pan-os | 2025-04-11 | N/A |
| The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.4 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 30122. | ||||