Total
2086 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-5008 | 3 Debian, Redhat, Snoopy | 3 Debian Linux, Openstack, Snoopy | 2024-08-06 | N/A |
| Snoopy allows remote attackers to execute arbitrary commands. | ||||
| CVE-2014-5014 | 1 Tinywebgallery | 1 Wordpress Flash Uploader | 2024-08-06 | N/A |
| The WordPress Flash Uploader plugin before 3.1.3 for WordPress allows remote attackers to execute arbitrary commands via vectors related to invalid characters in image_magic_path. | ||||
| CVE-2014-4677 | 1 Gpgtools | 1 Libmacgpg | 2024-08-06 | N/A |
| The installPackage function in the installerHelper subcomponent in Libmacgpg in GPG Suite before 2015.06 allows local users to execute arbitrary commands with root privileges via shell metacharacters in the xmlPath argument. | ||||
| CVE-2014-4336 | 1 Linuxfoundation | 1 Cups-filters | 2024-08-06 | N/A |
| The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the host name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707. | ||||
| CVE-2014-3741 | 1 Node-printer Project | 1 Node-printer | 2024-08-06 | N/A |
| The printDirect function in lib/printer.js in the node-printer module 0.0.1 and earlier for Node.js allows remote attackers to execute arbitrary commands via unspecified characters in the lpr command. | ||||
| CVE-2014-3556 | 1 F5 | 1 Nginx | 2024-08-06 | N/A |
| The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. | ||||
| CVE-2014-3593 | 2 Redhat, Scientificlinux | 2 Enterprise Linux, Luci | 2024-08-06 | N/A |
| Eval injection vulnerability in luci 0.26.0 allows remote authenticated users with certain permissions to execute arbitrary Python code via a crafted cluster configuration. | ||||
| CVE-2014-3524 | 2 Apache, Libreoffice | 2 Openoffice, Libreoffice | 2024-08-06 | N/A |
| Apache OpenOffice before 4.1.1 allows remote attackers to execute arbitrary commands and possibly have other unspecified impact via a crafted Calc spreadsheet. | ||||
| CVE-2014-3114 | 1 Ezpz-one-click-backup Project | 1 Ezpz-one-click-backup | 2024-08-06 | N/A |
| The EZPZ One Click Backup (ezpz-one-click-backup) plugin 12.03.10 and earlier for WordPress allows remote attackers to execute arbitrary commands via the cmd parameter to functions/ezpz-archive-cmd.php. | ||||
| CVE-2014-1905 | 1 Videowhisper | 1 Videowhisper Live Streaming Integration | 2024-08-06 | N/A |
| Unrestricted file upload vulnerability in ls/vw_snapshots.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a double extension, and then accessing the file via a direct request to a wp-content/plugins/videowhisper-live-streaming-integration/ls/snapshots/ pathname, as demonstrated by a .php.jpg filename. | ||||
| CVE-2014-1834 | 1 Echor Project | 1 Echor | 2024-08-06 | N/A |
| The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to inject arbitrary code by adding a semi-colon in their username or password. | ||||
| CVE-2014-1203 | 1 Eyou | 1 Eyou | 2024-08-06 | 9.8 Critical |
| The get_login_ip_config_file function in Eyou Mail System before 3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to admin/domain/ip_login_set/d_ip_login_get.php. | ||||
| CVE-2015-20107 | 4 Fedoraproject, Netapp, Python and 1 more | 7 Fedora, Active Iq Unified Manager, Ontap Select Deploy Administration Utility and 4 more | 2024-08-06 | 7.6 High |
| In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9 | ||||
| CVE-2015-10096 | 1 Irc Twitter Announcer Bot Project | 1 Irc Twitter Announcer Bot | 2024-08-06 | 5 Medium |
| A vulnerability, which was classified as critical, was found in Zarthus IRC Twitter Announcer Bot up to 1.1.0. This affects the function get_tweets of the file lib/twitterbot/plugins/twitter_announcer.rb. The manipulation of the argument tweet leads to command injection. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 1.1.1 is able to address this issue. The patch is named 6b1941b7fc2c70e1f40981b43c84a2c20cc12bd3. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-223383. | ||||
| CVE-2015-20108 | 1 Onelogin | 1 Ruby-saml | 2024-08-06 | 9.8 Critical |
| xml_security.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used. | ||||
| CVE-2015-8971 | 2 Debian, Enlightenment | 2 Debian Linux, Terminology | 2024-08-06 | 7.8 High |
| Terminology 0.7.0 allows remote attackers to execute arbitrary commands via escape sequences that modify the window title and then are written to the terminal, a similar issue to CVE-2003-0063. | ||||
| CVE-2015-9059 | 1 Picocom Project | 1 Picocom | 2024-08-06 | N/A |
| picocom before 2.0 has a command injection vulnerability in the 'send and receive file' command because the command line is executed by /bin/sh unsafely. | ||||
| CVE-2015-8988 | 1 Mcafee | 1 Epo Deep Command | 2024-08-06 | N/A |
| Unquoted executable path vulnerability in Client Management and Gateway components in McAfee (now Intel Security) ePO Deep Command (eDC) 2.2 and 2.1 allows authenticated users to execute a command of their choice via dropping a malicious file for the path. | ||||
| CVE-2015-8969 | 1 Squareup | 1 Git-fastclone | 2024-08-06 | 9.8 Critical |
| git-fastclone before 1.0.5 passes user modifiable strings directly to a shell command. An attacker can execute malicious commands by modifying the strings that are passed as arguments to "cd " and "git clone " commands in the library. | ||||
| CVE-2015-8968 | 1 Squareup | 1 Git-fastclone | 2024-08-06 | 8.8 High |
| git-fastclone before 1.0.1 permits arbitrary shell command execution from .gitmodules. If an attacker can instruct a user to run a recursive clone from a repository they control, they can get a client to run an arbitrary shell command. Alternately, if an attacker can MITM an unencrypted git clone, they could exploit this. The ext command will be run if the repository is recursively cloned or if submodules are updated. This attack works when cloning both local and remote repositories. | ||||