Total
3673 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-1468 | 1 Cisco | 1 Telepresence Video Communication Server | 2017-08-16 | 6.5 MEDIUM | 8.8 HIGH |
| The administrative web interface in Cisco TelePresence Video Communication Server Expressway X8.5.2 allows remote authenticated users to execute arbitrary commands via crafted fields, aka Bug ID CSCuv12531. | |||||
| CVE-2017-12581 | 1 Electron | 1 Electron | 2017-08-14 | 9.3 HIGH | 8.1 HIGH |
| GitHub Electron before 1.6.8 allows remote command execution because of a nodeIntegration bypass vulnerability. This also affects all applications that bundle Electron code equivalent to 1.6.8 or earlier. Bypassing the Same Origin Policy (SOP) is a precondition; however, recent Electron versions do not have strict SOP enforcement. Combining an SOP bypass with a privileged URL internally used by Electron, it was possible to execute native Node.js primitives in order to run OS commands on the user's host. Specifically, a chrome-devtools://devtools/bundled/inspector.html window could be used to eval a Node.js child_process.execFile API call. | |||||
| CVE-2017-2281 | 1 Iodata | 2 Wn-ax1167gr, Wn-ax1167gr Firmware | 2017-08-08 | 8.3 HIGH | 8.8 HIGH |
| WN-AX1167GR firmware version 3.00 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2008-4304 | 1 Phpcollab | 1 Phpcollab | 2017-08-08 | 10.0 HIGH | N/A |
| general/login.php in phpCollab 2.5 rc3 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified input related to the SSL_CLIENT_CERT environment variable. NOTE: in some environments, SSL_CLIENT_CERT always has a base64-encoded string value, which may impose constraints on injection for typical shells. | |||||
| CVE-2008-3076 | 1 Vim | 1 Vim | 2017-08-08 | 9.3 HIGH | N/A |
| The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within the (1) mz and (2) mc commands, as demonstrated by the netrw.v2 and netrw.v3 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. | |||||
| CVE-2017-11318 | 1 Cobiansoft | 1 Cobian Backup | 2017-08-07 | 6.8 MEDIUM | 8.1 HIGH |
| Cobian Backup 11 client allows man-in-the-middle attackers to add and execute new backup tasks when the master server is spoofed. In addition, the attacker can execute system commands remotely by abusing pre-backup events. | |||||
| CVE-2016-6414 | 1 Cisco | 1 Ios | 2017-07-30 | 7.2 HIGH | 7.8 HIGH |
| iox in Cisco IOS, possibly 15.6 and earlier, and IOS XE, possibly 3.18 and earlier, allows local users to execute arbitrary IOx Linux commands on the guest OS via crafted iox command-line options, aka Bug ID CSCuz59223. | |||||
| CVE-2016-6373 | 1 Cisco | 1 Cloud Services Platform 2100 | 2017-07-30 | 9.0 HIGH | 7.2 HIGH |
| The web-based GUI in Cisco Cloud Services Platform (CSP) 2100 2.0 allows remote authenticated administrators to execute arbitrary OS commands as root via crafted platform commands, aka Bug ID CSCva00541. | |||||
| CVE-2016-1482 | 1 Cisco | 1 Webex Meetings Server | 2017-07-30 | 9.3 HIGH | 8.1 HIGH |
| Cisco WebEx Meetings Server 2.6 allows remote attackers to execute arbitrary commands by injecting these commands into an application script, aka Bug ID CSCuy83130. | |||||
| CVE-2016-6459 | 1 Cisco | 1 Telepresence Tc Software | 2017-07-29 | 4.9 MEDIUM | 5.5 MEDIUM |
| Cisco TelePresence endpoints running either CE or TC software contain a vulnerability that could allow an authenticated, local attacker to execute a local shell command injection. More Information: CSCvb25010. Known Affected Releases: 8.1.x. Known Fixed Releases: 6.3.4 7.3.7 8.2.2 8.3.0. | |||||
| CVE-2007-4673 | 1 Apple | 1 Quicktime | 2017-07-29 | 9.3 HIGH | N/A |
| Argument injection vulnerability in Apple QuickTime 7.2 for Windows XP SP2 and Vista allows remote attackers to execute arbitrary commands via a URL in the qtnext field in a crafted QTL file. NOTE: this issue may be related to CVE-2006-4965 or CVE-2007-5045. | |||||
| CVE-2006-6427 | 1 Xerox | 1 Workcentre | 2017-07-29 | 7.5 HIGH | N/A |
| The Web User Interface in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows remote attackers to execute arbitrary commands via unspecified vectors involving "command injection" in (1) the TCP/IP hostname, (2) Scan-to-mailbox folder names, and (3) certain parameters in the Microsoft Networking configuration. NOTE: vector 1 might be the same as CVE-2006-5290. | |||||
| CVE-2004-2732 | 1 Netbilling | 1 Netbilling | 2017-07-29 | 4.3 MEDIUM | N/A |
| nbmember.cgi in Netbilling 2.0 allows remote attackers to obtain sensitive information via the cmd=test option, which can be leveraged to determine the access key. | |||||
| CVE-2017-1318 | 1 Ibm | 1 Mq Appliance | 2017-07-28 | 9.0 HIGH | 8.8 HIGH |
| IBM MQ Appliance 8.0 and 9.0 could allow an authenticated messaging administrator to execute arbitrary commands on the system, caused by command execution. IBM X-Force ID: 125730. | |||||
| CVE-2017-2275 | 1 Sony | 2 Wg-c10, Wg-c10 Firmware | 2017-07-26 | 9.0 HIGH | 7.2 HIGH |
| WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2017-3796 | 1 Cisco | 1 Webex Meetings Server | 2017-07-26 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute predetermined shell commands on other hosts. More Information: CSCuz03353. Known Affected Releases: 2.6. | |||||
| CVE-2017-1253 | 1 Ibm | 1 Security Guardium | 2017-07-17 | 6.5 MEDIUM | 9.9 CRITICAL |
| IBM Security Guardium 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 124633. | |||||
| CVE-2017-2183 | 1 Kddi | 2 Home Spot Cube 2, Home Spot Cube 2 Firmware | 2017-07-14 | 5.2 MEDIUM | 8.0 HIGH |
| HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via Clock Settings. | |||||
| CVE-2017-2185 | 1 Kddi | 2 Home Spot Cube 2, Home Spot Cube 2 Firmware | 2017-07-14 | 5.2 MEDIUM | 8.8 HIGH |
| HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via WebUI. | |||||
| CVE-2017-2237 | 1 Toshiba | 4 Hem-gw16a, Hem-gw16a Firmware, Hem-gw26a and 1 more | 2017-07-14 | 10.0 HIGH | 9.8 CRITICAL |
| Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. | |||||