Total
3597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-14839 | 1 Lg | 2 N1a1, N1a1 Firmware | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| LG N1A1 NAS 3718.510 is affected by: Remote Command Execution. The impact is: execute arbitrary code (remote). The attack vector is: HTTP POST with parameters. | |||||
| CVE-2018-12465 | 1 Microfocus | 1 Secure Messaging Gateway | 2023-11-07 | 9.0 HIGH | 7.2 HIGH |
| An OS command injection vulnerability in the web administration component of Micro Focus Secure Messaging Gateway (SMG) allows a remote attacker authenticated as a privileged user to execute arbitrary OS commands on the SMG server. This can be exploited in conjunction with CVE-2018-12464 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that used GWAVA product name (i.e. GWAVA 6.5). | |||||
| CVE-2018-11805 | 2 Apache, Debian | 2 Spamassassin, Debian Linux | 2023-11-07 | 7.2 HIGH | 6.7 MEDIUM |
| In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA 3.4.3, we recommend that users should only use update channels or 3rd party .cf files from trusted places. | |||||
| CVE-2018-1000666 | 2 Gig, Openvcloud Project | 2 Jumpscale, Openvcloud | 2023-11-07 | 10.0 HIGH | 9.8 CRITICAL |
| GIG Technology NV JumpScale Portal 7 version before commit 15443122ed2b1cbfd7bdefc048bf106f075becdb contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in method: notifySpaceModification; that can result in Improper validation of parameters results in command execution. This attack appear to be exploitable via Network connectivity, required minimal auth privileges (everyone can register an account). This vulnerability appears to have been fixed in After commit 15443122ed2b1cbfd7bdefc048bf106f075becdb. | |||||
| CVE-2018-1000006 | 2 Atom, Microsoft | 4 Electron, Windows 10, Windows 7 and 1 more | 2023-11-07 | 9.3 HIGH | 8.8 HIGH |
| GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and earlier, 1.6.15 and earlier has a vulnerability in the protocol handler, specifically Electron apps running on Windows 10, 7 or 2008 that register custom protocol handlers can be tricked in arbitrary command execution if the user clicks on a specially crafted URL. This has been fixed in versions 1.8.2-beta.4, 1.7.11, and 1.6.16. | |||||
| CVE-2017-9274 | 1 Opensuse | 1 Obs-service-source Validator | 2023-11-07 | 9.3 HIGH | 7.8 HIGH |
| A shell command injection in the obs-service-source_validator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs. | |||||
| CVE-2017-5330 | 2 Fedoraproject, Kde | 2 Fedora, Ark | 2023-11-07 | 6.8 MEDIUM | 7.8 HIGH |
| ark before 16.12.1 might allow remote attackers to execute arbitrary code via an executable in an archive, related to associated applications. | |||||
| CVE-2017-3936 | 1 Mcafee | 1 Epolicy Orchestrator | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| OS Command Injection vulnerability in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, 5.3.1, 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows attackers to run arbitrary OS commands with limited privileges via not sanitizing the user input data before exporting it into a CSV format output. | |||||
| CVE-2017-14867 | 2 Debian, Git-scm | 2 Debian Linux, Git | 2023-11-07 | 9.0 HIGH | 8.8 HIGH |
| Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support. | |||||
| CVE-2017-12636 | 1 Apache | 1 Couchdb | 2023-11-07 | 9.0 HIGH | 7.2 HIGH |
| CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary shell commands as the CouchDB user, including downloading and executing scripts from the public internet. | |||||
| CVE-2017-1000487 | 2 Debian, Plexus-utils Project | 2 Debian Linux, Plexus-utils | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings. | |||||
| CVE-2016-7844 | 1 Gigaccsecure | 1 Gigacc Office | 2023-11-07 | 6.0 MEDIUM | 5.5 MEDIUM |
| GigaCC OFFICE ver.2.3 and earlier allows remote attackers to execute arbitrary OS commands via specially crafted mail template. | |||||
| CVE-2015-4642 | 2 Microsoft, Php | 2 Windows, Php | 2023-11-07 | 10.0 HIGH | 9.8 CRITICAL |
| The escapeshellarg function in ext/standard/exec.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 on Windows allows remote attackers to execute arbitrary OS commands via a crafted string to an application that accepts command-line arguments for a call to the PHP system function. | |||||
| CVE-2014-9727 | 1 Avm | 1 Fritz\!box | 2023-11-07 | 10.0 HIGH | N/A |
| AVM Fritz!Box allows remote attackers to execute arbitrary commands via shell metacharacters in the var:lang parameter to cgi-bin/webcm. | |||||
| CVE-2014-0593 | 1 Opensuse | 1 Open Build Service | 2023-11-07 | 10.0 HIGH | 9.8 CRITICAL |
| The set_version script as shipped with obs-service-set_version is a source validator for the Open Build Service (OBS). In versions prior to 0.5.3-1.1 this script did not properly sanitize the input provided by the user, allowing for code execution on the executing server. | |||||
| CVE-2013-7285 | 1 Xstream Project | 1 Xstream | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may allow a remote attacker to run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. e.g. JSON. | |||||
| CVE-2013-6041 | 1 Softaculous | 1 Webuzo | 2023-11-07 | 7.5 HIGH | N/A |
| index.php in Softaculous Webuzo before 2.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in a SOFTCookies sid cookie within a login action. | |||||
| CVE-2011-3178 | 1 Opensuse | 1 Open Build Service | 2023-11-07 | 6.5 MEDIUM | 8.8 HIGH |
| In the web ui of the openbuildservice before 2.3.0 a code injection of the project rebuildtimes statistics could be used by authorized attackers to execute shellcode. | |||||
| CVE-2023-46306 | 1 Netmodule | 9 Nb1601, Nb1800, Nb1810 and 6 more | 2023-11-02 | N/A | 6.6 MEDIUM |
| The web administration interface in NetModule Router Software (NRSW) 4.6 before 4.6.0.106 and 4.8 before 4.8.0.101 executes an OS command constructed with unsanitized user input: shell metacharacters in the /admin/gnssAutoAlign.php device_id parameter. This occurs because another thread can be started before the trap that triggers the cleanup function. A successful exploit could allow an authenticated user to execute arbitrary commands with elevated privileges. NOTE: this is different from CVE-2023-0861 and CVE-2023-0862, which were fixed in version 4.6.0.105. | |||||
| CVE-2023-31425 | 1 Broadcom | 1 Fabric Operating System | 2023-11-02 | N/A | 7.8 HIGH |
| A vulnerability in the fosexec command of Brocade Fabric OS after Brocade Fabric OS v9.1.0 and, before Brocade Fabric OS v9.1.1 could allow a local authenticated user to perform privilege escalation to root by breaking the rbash shell. Starting with Fabric OS v9.1.0, “root” account access is disabled. | |||||