| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Iris 3.8 before build 1548, as used in Xpient point of sale (POS) systems, allows remote attackers to execute arbitrary commands via a crafted request to TCP port 7510, as demonstrated by opening the cash drawer. |
| A Command Injection vulnerability exists in Zavio IP Cameras through 1.6.3 in the General.Time.NTP.Server parameter to the sub_C8C8 function of the binary /opt/cgi/view/param, which could let a remove malicious user execute arbitrary code. |
| A Command Injection vulnerability exists in Zavio IP Cameras through 1.6.3 via the ap parameter to /cgi-bin/mft/wireless_mft.cgi, which could let a remote malicious user execute arbitrary code. |
| The flash_tool gem through 0.6.0 for Ruby allows command execution via shell metacharacters in the name of a downloaded file. |
| The ftpd gem 0.2.1 for Ruby allows remote attackers to execute arbitrary OS commands via shell metacharacters in a LIST or NLST command argument within FTP protocol traffic. |
| Cryptocat before 2.0.22: Cryptocat.random() Function Array Key has Entropy Weakness |
| Cryptocat before 2.0.22 has Arbitrary Code Execution on Firefox Conversation Overview |
| The Login Security module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal allows attackers to bypass intended restrictions via a crafted username. |
| python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass |
| python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass |
| Monkey HTTP Daemon: broken user name authentication |
| rubygem-openshift-origin-controller: API can be used to create applications via cartridge_cache.rb URI.prase() to perform command injection |
| Dolibarr ERP/CRM 3.3.1 does not properly validate user input in viewimage.php and barcode.lib.php which allows remote attackers to execute arbitrary commands. |
| SQL injection vulnerability in Dolibarr ERP/CRM 3.3.1 allows remote attackers to execute arbitrary SQL commands via the 'pays' parameter in fiche.php. |
| The download_from_url function in OpenShift Origin allows remote attackers to execute arbitrary commands via shell metacharacters in the URL of a request to download a cart. |
| YaBB through 2.5.2: 'guestlanguage' Cookie Parameter Local File Include Vulnerability |
| WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability |
| A flaw was found in StarWind iSCSI target. StarWind service does not limit client connections and allocates memory on each connection attempt. An attacker could create a denial of service state by trying to connect a non-existent target multiple times. This affects iSCSI SAN (Windows Native) Version 6.0, build 2013-01-16. |
| Elemin allows remote attackers to upload and execute arbitrary PHP code via the Themify framework (before 1.2.2) wp-content/themes/elemin/themify/themify-ajax.php file. |
| yum does not properly handle bad metadata, which allows an attacker to cause a denial of service and possibly have other unspecified impact via a Trojan horse file in the metadata of a remote repository. |
