Total
209 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0985 | 2 Openpkg, Php | 2 Openpkg, Php | 2024-02-13 | 7.5 HIGH | N/A |
| Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands. | |||||
| CVE-2001-0667 | 1 Microsoft | 1 Internet Explorer | 2024-02-13 | 7.5 HIGH | N/A |
| Internet Explorer 6 and earlier, when used with the Telnet client in Services for Unix (SFU) 2.0, allows remote attackers to execute commands by spawning Telnet with a log file option on the command line and writing arbitrary code into an executable file which is later executed, aka a new variant of the Telnet Invocation vulnerability as described in CVE-2001-0150. | |||||
| CVE-2001-0150 | 1 Microsoft | 1 Internet Explorer | 2024-02-13 | 5.1 MEDIUM | N/A |
| Internet Explorer 5.5 and earlier executes Telnet sessions using command line arguments that are specified by the web site, which could allow remote attackers to execute arbitrary commands if the IE client is using the Telnet client provided in Services for Unix (SFU) 2.0, which creates session transcripts. | |||||
| CVE-1999-0113 | 1 Ibm | 1 Aix | 2024-02-13 | 10.0 HIGH | N/A |
| Some implementations of rlogin allow root access if given a -froot parameter. | |||||
| CVE-2006-1865 | 1 Beagle Project | 1 Beagle | 2024-02-13 | 7.5 HIGH | N/A |
| Argument injection vulnerability in Beagle before 0.2.5 allows attackers to execute arbitrary commands via crafted filenames that inject command line arguments when Beagle launches external helper applications while indexing. | |||||
| CVE-2005-4699 | 1 Kimihia | 1 Tellme | 2024-02-13 | 6.4 MEDIUM | N/A |
| Argument injection vulnerability in TellMe 1.2 and earlier allows remote attackers to modify command line arguments for the Whois program and obtain sensitive information via "--" style options in the q_Host parameter. | |||||
| CVE-2004-0480 | 1 Ibm | 1 Lotus Notes | 2024-02-13 | 10.0 HIGH | N/A |
| Argument injection vulnerability in IBM Lotus Notes 6.0.3 and 6.5 allows remote attackers to execute arbitrary code via a notes: URI that uses a UNC network share pathname to provide an alternate notes.ini configuration file to notes.exe. | |||||
| CVE-2004-0489 | 1 Apple | 1 Mac Os X | 2024-02-13 | 7.6 HIGH | N/A |
| Argument injection vulnerability in the SSH URI handler for Safari on Mac OS 10.3.3 and earlier allows remote attackers to (1) execute arbitrary code via the ProxyCommand option or (2) conduct port forwarding via the -R option. | |||||
| CVE-2006-2056 | 1 Microsoft | 2 Internet Explorer, Windows Xp | 2024-02-13 | 5.0 MEDIUM | N/A |
| Argument injection vulnerability in Internet Explorer 6 for Windows XP SP2 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API. | |||||
| CVE-2006-2057 | 1 Mozilla | 1 Firefox | 2024-02-13 | 5.0 MEDIUM | N/A |
| Argument injection vulnerability in Mozilla Firefox 1.0.6 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API. | |||||
| CVE-2006-2058 | 1 Avantbrowser | 1 Avant Browser | 2024-02-13 | 5.0 MEDIUM | N/A |
| Argument injection vulnerability in Avant Browser 10.1 Build 17 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API. | |||||
| CVE-2006-2055 | 1 Microsoft | 1 Outlook | 2024-02-13 | 5.0 MEDIUM | N/A |
| Argument injection vulnerability in Microsoft Outlook 2003 SP1 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API. | |||||
| CVE-2006-6597 | 1 Hilgraeve | 1 Hyperaccess | 2024-02-13 | 6.8 MEDIUM | N/A |
| Argument injection vulnerability in HyperAccess 8.4 allows user-assisted remote attackers to execute arbitrary vbscript and commands via the /r option in a telnet:// URI, which is configured to use hawin32.exe. | |||||
| CVE-2006-4692 | 1 Microsoft | 2 Windows Server 2003, Windows Xp | 2024-02-13 | 5.1 MEDIUM | N/A |
| Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a "/" (slash) character in the filename of the Command Line property, followed by a valid file extension, which causes the command before the slash to be executed, aka "Object Packager Dialogue Spoofing Vulnerability." | |||||
| CVE-2006-3015 | 1 Winscp | 1 Winscp | 2024-02-13 | 7.1 HIGH | N/A |
| Argument injection vulnerability in WinSCP 3.8.1 build 328 allows remote attackers to upload or download arbitrary files via encoded spaces and double-quote characters in a scp or sftp URI. | |||||
| CVE-2006-2312 | 2 Microsoft, Skype | 2 Windows, Skype | 2024-02-13 | 2.6 LOW | N/A |
| Argument injection vulnerability in the URI handler in Skype 2.0.*.104 and 2.5.*.0 through 2.5.*.78 for Windows allows remote authorized attackers to download arbitrary files via a URL that contains certain command-line switches. | |||||
| CVE-2024-20287 | 1 Cisco | 2 Wap371, Wap371 Firmware | 2024-02-02 | N/A | 7.2 HIGH |
| A vulnerability in the web-based management interface of the Cisco WAP371 Wireless-AC/N Dual Radio Access Point (AP) with Single Point Setup could allow an authenticated, remote attacker to perform command injection attacks against an affected device. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit this vulnerability, the attacker must have valid administrative credentials for the device. | |||||
| CVE-2023-20260 | 1 Cisco | 2 Evolved Programmable Network Manager, Prime Infrastructure | 2024-02-02 | N/A | 6.7 MEDIUM |
| A vulnerability in the application CLI of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager could allow an authenticated, local attacker to gain escalated privileges. This vulnerability is due to improper processing of command line arguments to application scripts. An attacker could exploit this vulnerability by issuing a command on the CLI with malicious options. A successful exploit could allow the attacker to gain the escalated privileges of the root user on the underlying operating system. | |||||
| CVE-2024-23731 | 1 Embedchain | 1 Embedchain | 2024-01-26 | N/A | 9.8 CRITICAL |
| The OpenAPI loader in Embedchain before 0.1.57 allows attackers to execute arbitrary code, related to the openapi.py yaml.load function argument. | |||||
| CVE-2023-20224 | 1 Cisco | 1 Thousandeyes Enterprise Agent | 2024-01-25 | N/A | 7.8 HIGH |
| A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type, could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to insufficient input validation of user-supplied CLI arguments. An attacker could exploit this vulnerability by authenticating to an affected device and using crafted commands at the prompt. A successful exploit could allow the attacker to execute arbitrary commands as root. The attacker must have valid credentials on the affected device. | |||||