Total
4757 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-6600 | 1 Paloaltonetworks | 1 Pan-os | 2025-04-11 | N/A |
| The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1.x before 4.1.2 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 34502. | ||||
| CVE-2012-6599 | 1 Paloaltonetworks | 1 Pan-os | 2025-04-11 | N/A |
| The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 and 4.1.x before 4.1.1 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 33476. | ||||
| CVE-2009-4644 | 1 Accellion | 1 Secure File Transfer Appliance | 2025-04-11 | N/A |
| Accellion Secure File Transfer Appliance before 8_0_105 allows remote authenticated administrators to bypass the restricted shell and execute arbitrary commands via shell metacharacters to the ping command, as demonstrated by modifying the cli program. | ||||
| CVE-2010-0418 | 1 Chumby | 2 Chumby Classic, Chumby One | 2025-04-11 | N/A |
| The web interface in chumby one before 1.0.4 and chumby classic before 1.7.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a request. | ||||
| CVE-2010-1423 | 1 Oracle | 2 Jdk, Jre | 2025-04-11 | N/A |
| Argument injection vulnerability in the URI handler in (a) Java NPAPI plugin and (b) Java Deployment Toolkit in Java 6 Update 10, 19, and other versions, when running on Windows and possibly on Linux, allows remote attackers to execute arbitrary code via the (1) -J or (2) -XXaltjvm argument to javaws.exe, which is processed by the launch method. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2012-2986 | 1 Hp | 2 San\/iq, Virtual San Appliance | 2025-04-11 | N/A |
| lhn/public/network/ping in HP SAN/iQ 9.5 on the HP Virtual SAN Appliance allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) first, (2) third, or (3) fourth parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4361. | ||||
| CVE-2010-3753 | 2 Redhat, Xelerance | 2 Enterprise Linux, Openswan | 2025-04-11 | N/A |
| programs/pluto/xauth.c in the client in Openswan 2.6.26 through 2.6.28 allows remote authenticated gateways to execute arbitrary commands via shell metacharacters in the cisco_banner (aka server_banner) field, a different vulnerability than CVE-2010-3308. | ||||
| CVE-2010-3757 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2025-04-11 | N/A |
| Format string vulnerability in the _Eventlog function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 allows remote attackers to execute arbitrary code via format string specifiers located after a | (pipe) character in a string. NOTE: this might overlap CVE-2010-3059. | ||||
| CVE-2011-0378 | 1 Cisco | 7 Telepresence System 1000, Telepresence System 1100, Telepresence System 1300 Series and 4 more | 2025-04-11 | N/A |
| The XML-RPC implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote attackers to execute arbitrary commands via a TCP request, related to a "command injection vulnerability," aka Bug ID CSCtb52587. | ||||
| CVE-2012-6598 | 1 Paloaltonetworks | 1 Pan-os | 2025-04-11 | N/A |
| The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 33080. | ||||
| CVE-2013-1947 | 2 Kelly D. Redding, Ruby-lang | 2 Kelredd-pruview, Ruby | 2025-04-11 | N/A |
| kelredd-pruview gem 0.3.8 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument to (1) document.rb, (2) video.rb, or (3) video_image.rb. | ||||
| CVE-2013-1933 | 2 Documentcloud, Ruby-lang | 2 Karteek-docsplit, Ruby | 2025-04-11 | N/A |
| The extract_from_ocr function in lib/docsplit/text_extractor.rb in the Karteek Docsplit (karteek-docsplit) gem 0.5.4 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a PDF filename. | ||||
| CVE-2013-1362 | 2 Nagios, Opensuse | 2 Remote Plug In Executor, Opensuse | 2025-04-11 | N/A |
| Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor (NRPE) before 2.14 might allow remote attackers to execute arbitrary shell commands via "$()" shell metacharacters, which are processed by bash. | ||||
| CVE-2013-0804 | 1 Novell | 1 Groupwise | 2025-04-11 | N/A |
| The client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference) via unspecified vectors. | ||||
| CVE-2010-1132 | 1 Georg Greve | 1 Spamassassin Milter Plugin | 2025-04-11 | N/A |
| The mlfi_envrcpt function in spamass-milter.cpp in SpamAssassin Milter Plugin 0.3.1, when using the expand option, allows remote attackers to execute arbitrary system commands via shell metacharacters in the RCPT TO field of an email message. | ||||
| CVE-2012-6605 | 1 Paloaltonetworks | 1 Pan-os | 2025-04-11 | N/A |
| The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.11 and 4.0.x before 4.0.9 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka Ref ID 34896. | ||||
| CVE-2012-6604 | 1 Paloaltonetworks | 1 Pan-os | 2025-04-11 | N/A |
| The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.11 and 4.0.x before 4.0.9 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka Ref ID 35249. | ||||
| CVE-2012-1795 | 1 Webglimpse | 1 Webglimpse | 2025-04-11 | N/A |
| webglimpse.cgi in Webglimpse before 2.20.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the query parameter, as exploited in the wild in March 2012. | ||||
| CVE-2012-4011 | 1 Cybozu | 1 Kunai | 2025-04-11 | N/A |
| The Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site. | ||||
| CVE-2012-2516 | 1 Ge | 5 Intelligent Platforms Proficy Batch Execution, Intelligent Platforms Proficy Historian, Intelligent Platforms Proficy Hmi\/scada Ifix and 2 more | 2025-04-11 | N/A |
| An ActiveX control in KeyHelp.ocx in KeyWorks KeyHelp Module (aka the HTML Help component), as used in GE Intelligent Platforms Proficy Historian 3.1, 3.5, 4.0, and 4.5; Proficy HMI/SCADA iFIX 5.0 and 5.1; Proficy Pulse 1.0; Proficy Batch Execution 5.6; SI7 I/O Driver 7.20 through 7.42; and other products, allows remote attackers to execute arbitrary commands via crafted input, related to a "command injection vulnerability." | ||||