Total
3673 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-7175 | 1 Nfsen | 1 Nfsen | 2017-07-13 | 9.0 HIGH | 9.9 CRITICAL |
| NfSen before 1.3.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the customfmt parameter (aka the "Custom output format" field). | |||||
| CVE-2017-6606 | 1 Cisco | 1 Ios Xe | 2017-07-12 | 6.9 MEDIUM | 6.4 MEDIUM |
| A vulnerability in a startup script of Cisco IOS XE Software could allow an unauthenticated attacker with physical access to the targeted system to execute arbitrary commands on the underlying operating system with the privileges of the root user. More Information: CSCuz06639 CSCuz42122. Known Affected Releases: 15.6(1.1)S 16.1.2 16.2.0 15.2(1)E. Known Fixed Releases: Denali-16.1.3 16.2(1.8) 16.1(2.61) 15.6(2)SP 15.6(2)S1 15.6(1)S2 15.5(3)S3a 15.5(3)S3 15.5(2)S4 15.5(1)S4 15.4(3)S6a 15.4(3)S6 15.3(3)S8a 15.3(3)S8 15.2(5)E 15.2(4)E3 15.2(3)E5 15.0(2)SQD3 15.0(1.9.2)SQD3 3.9(0)E. | |||||
| CVE-2017-6597 | 1 Cisco | 2 Firepower Extensible Operating System, Unified Computing System | 2017-07-12 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in the local-mgmt CLI command of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb61394 CSCvb86816. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1658) 2.0(1.115). | |||||
| CVE-2002-1660 | 1 Jelsoft | 1 Vbulletin | 2017-07-11 | 7.5 HIGH | N/A |
| calendar.php in vBulletin before 2.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the command parameter. | |||||
| CVE-2017-6712 | 1 Cisco | 1 Elastic Services Controller | 2017-07-08 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability in certain commands of Cisco Elastic Services Controller could allow an authenticated, remote attacker to elevate privileges to root and run dangerous commands on the server. The vulnerability occurs because a "tomcat" user on the system can run certain shell commands, allowing the user to overwrite any file on the filesystem and elevate privileges to root. This vulnerability affects Cisco Elastic Services Controller prior to releases 2.3.1.434 and 2.3.2. Cisco Bug IDs: CSCvc76634. | |||||
| CVE-2017-6707 | 1 Cisco | 1 Staros | 2017-07-08 | 7.2 HIGH | 8.2 HIGH |
| A vulnerability in the CLI command-parsing code of the Cisco StarOS operating system for Cisco ASR 5000 Series 11.0 through 21.0, 5500 Series, and 5700 Series devices and Cisco Virtualized Packet Core (VPC) Software could allow an authenticated, local attacker to break from the StarOS CLI of an affected system and execute arbitrary shell commands as a Linux root user on the system, aka Command Injection. The vulnerability exists because the affected operating system does not sufficiently sanitize commands before inserting them into Linux shell commands. An attacker could exploit this vulnerability by submitting a crafted CLI command for execution in a Linux shell command as a root user. Cisco Bug IDs: CSCvc69329, CSCvc72930. | |||||
| CVE-2016-1000216 | 1 Ruckus | 1 Wireless H500 | 2017-07-07 | 9.0 HIGH | 8.8 HIGH |
| Ruckus Wireless H500 web management interface authenticated command injection | |||||
| CVE-2016-6631 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-01 | 8.5 HIGH | 7.5 HIGH |
| An issue was discovered in phpMyAdmin. A user can execute a remote code execution attack against a server when phpMyAdmin is being run as a CGI application. Under certain server configurations, a user can pass a query string which is executed as a command-line argument by the file generator_plugin.sh. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | |||||
| CVE-2015-8557 | 2 Canonical, Pygments | 2 Ubuntu Linux, Pygments | 2017-07-01 | 9.3 HIGH | 9.0 CRITICAL |
| The FontManager._get_nix_font_path function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name. | |||||
| CVE-2017-6683 | 1 Cisco | 1 Elastic Services Controller | 2017-06-23 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability in the esc_listener.py script of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to execute arbitrary commands as the tomcat user on an affected system, aka an Authentication Request Processing Arbitrary Command Execution Vulnerability. More Information: CSCvc76642. Known Affected Releases: 2.2(9.76). | |||||
| CVE-2017-6682 | 1 Cisco | 1 Elastic Services Controller | 2017-06-23 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to run arbitrary commands as the Linux tomcat user on an affected system. More Information: CSCvc76620. Known Affected Releases: 2.2(9.76). | |||||
| CVE-2016-7819 | 1 Iodata | 4 Ts-wrla, Ts-wrla Firmware, Ts-wrlp and 1 more | 2017-06-16 | 9.0 HIGH | 7.2 HIGH |
| I-O DATA DEVICE TS-WRLP firmware version 1.01.02 and earlier and TS-WRLA firmware version 1.01.02 and earlier allows an attacker with administrator rights to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2016-7806 | 1 Iodata | 2 Wfs-sr01, Wfs-sr01 Firmware | 2017-06-15 | 10.0 HIGH | 9.8 CRITICAL |
| I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2017-8768 | 1 Atlassian | 1 Sourcetree | 2017-05-17 | 10.0 HIGH | 9.8 CRITICAL |
| Atlassian SourceTree v2.5c and prior are affected by a command injection in the handling of the sourcetree:// scheme. It will lead to arbitrary OS command execution with a URL substring of sourcetree://cloneRepo/ext:: or sourcetree://checkoutRef/ext:: followed by the command. The Atlassian ID number is SRCTREE-4632. | |||||
| CVE-2017-2112 | 1 Iodata | 14 Ts-ptcam, Ts-ptcam\/poe, Ts-ptcam\/poe Firmware and 11 more | 2017-05-11 | 8.3 HIGH | 8.8 HIGH |
| TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2017-2152 | 1 Buffalo Inc | 2 Wnc01wh, Wnc01wh Firmware | 2017-05-06 | 5.2 MEDIUM | 6.8 MEDIUM |
| WNC01WH firmware 1.0.0.9 and earlier allows authenticated attackers to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2017-2128 | 1 Information-technology Promotion Agency | 1 Introduction To Safe Website Operation | 2017-05-05 | 6.8 MEDIUM | 8.8 HIGH |
| Security guide for website operators allows remote attackers to execute arbitrary OS commands via specially crafted saved data. | |||||
| CVE-2017-2141 | 1 Iodata | 2 Wn-g300r3, Wn-g300r3 Firmware | 2017-05-05 | 9.0 HIGH | 7.2 HIGH |
| WN-G300R3 firmware 1.03 and earlier allows attackers with administrator rights to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2016-5313 | 1 Symantec | 1 Web Gateway | 2017-04-20 | 9.0 HIGH | 8.8 HIGH |
| Symantec Web Gateway (SWG) before 5.2.5 allows remote authenticated users to execute arbitrary OS commands. | |||||
| CVE-2017-6884 | 1 Zyxel | 2 Emg2926, Emg2926 Firmware | 2017-04-12 | 9.0 HIGH | 8.8 HIGH |
| A command injection vulnerability was discovered on the Zyxel EMG2926 home router with firmware V1.00(AAQT.4)b8. The vulnerability is located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute arbitrary commands on the router, such as the ping_ip parameter to the expert/maintenance/diagnostic/nslookup URI. | |||||