Total
2086 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-5080 | 1 Citrix | 2 Netscaler Application Delivery Controller Firmware, Netscaler Gateway Firmware | 2024-08-06 | N/A |
| The Management Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before 10.1.132.8, 10.5 before Build 56.15, and 10.5.e before Build 56.1505.e allows remote authenticated users to execute arbitrary shell commands via shell metacharacters in the filter parameter to rapi/ipsec_logs. | ||||
| CVE-2015-4974 | 1 Ibm | 2 General Parallel File System, Spectrum Scale | 2024-08-06 | N/A |
| IBM General Parallel File System (GPFS) 3.5.x before 3.5.0.27 and 4.1.x before 4.1.1.2 and Spectrum Scale 4.1.1.x before 4.1.1.2 allow local users to obtain root privileges for command execution via unspecified vectors. | ||||
| CVE-2015-4930 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-08-06 | N/A |
| IBM QRadar SIEM 7.1 MR2 before Patch 11 IF02 and 7.2.x before 7.2.5 Patch 4 allows remote authenticated users to execute arbitrary commands with root privileges by leveraging admin access. | ||||
| CVE-2015-5003 | 1 Ibm | 1 Tivoli Monitoring | 2024-08-06 | N/A |
| The portal in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 before FP7 allows remote authenticated users to execute arbitrary commands by leveraging Take Action view authority and providing crafted input. | ||||
| CVE-2015-5011 | 1 Ibm | 2 Integration Bus, Websphere Message Broker | 2024-08-06 | N/A |
| IBM WebSphere Message Broker 8 before 8.0.0.6 and Integration Bus 9 before 9.0.0.4 do not check authorization for MQSISTARTMSGFLOW and MQSISTOPMSGFLOW commands, which allows local users to bypass intended access restrictions, and start or stop a service, by issuing a command. | ||||
| CVE-2015-4525 | 1 Emc | 1 Isilon Onefs | 2024-08-06 | N/A |
| The log-gather implementation in the web administration interface in EMC Isilon OneFS 6.5.x.x through 7.1.1.x before 7.1.1.5 and 7.2.0.x before 7.2.0.2 allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors. | ||||
| CVE-2015-4336 | 1 Xcloner | 1 Xcloner | 2024-08-06 | N/A |
| cloner.functions.php in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to execute arbitrary commands via a file containing filenames with shell metacharacters, as demonstrated by using the backup comments feature to create the file. | ||||
| CVE-2015-4035 | 2 Redhat, Tukaani | 2 Enterprise Linux, Xz | 2024-08-06 | N/A |
| scripts/xzgrep.in in xzgrep 5.2.x before 5.2.0, before 5.0.0 does not properly process file names containing semicolons, which allows remote attackers to execute arbitrary code by having a user run xzgrep on a crafted file name. | ||||
| CVE-2015-4046 | 1 Alienvault | 1 Open Source Security Information Management | 2024-08-06 | N/A |
| The asset discovery scanner in AlienVault OSSIM before 5.0.1 allows remote authenticated users to execute arbitrary commands via the assets array parameter to netscan/do_scan.php. | ||||
| CVE-2015-3716 | 1 Apple | 1 Mac Os X | 2024-08-06 | N/A |
| Spotlight in Apple OS X before 10.10.4 allows attackers to execute arbitrary commands via a crafted name of a photo file within the local photo library. | ||||
| CVE-2015-3678 | 1 Apple | 1 Mac Os X | 2024-08-06 | N/A |
| AppleThunderboltEDMService in Apple OS X before 10.10.4 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified Thunderbolt commands. | ||||
| CVE-2015-3441 | 1 Genexia | 1 Drgos | 2024-08-06 | N/A |
| The Parental Control panel in Genexis devices with DRGOS before 1.14.1 allows remote authenticated users to execute arbitrary CLI commands via the (1) start_hour, (2) start_minute, (3) end_hour, (4) end_minute, or (5) hostname parameter. | ||||
| CVE-2015-3409 | 2 Canonical, Module-signature Project | 2 Ubuntu Linux, Module-signature | 2024-08-06 | N/A |
| Untrusted search path vulnerability in Module::Signature before 0.75 allows local users to gain privileges via a Trojan horse module under the current working directory, as demonstrated by a Trojan horse Text::Diff module. | ||||
| CVE-2015-3408 | 2 Canonical, Module-signature Project | 2 Ubuntu Linux, Module-signature | 2024-08-06 | N/A |
| Module::Signature before 0.74 allows remote attackers to execute arbitrary shell commands via a crafted SIGNATURE file which is not properly handled when generating checksums from a signed manifest. | ||||
| CVE-2015-2857 | 1 Accellion | 1 File Transfer Appliance | 2024-08-06 | 9.8 Critical |
| Accellion File Transfer Appliance before FTA_9_11_210 allows remote attackers to execute arbitrary code via shell metacharacters in the oauth_token parameter. | ||||
| CVE-2015-2846 | 1 Bittorrent | 1 Sync | 2024-08-06 | N/A |
| BitTorrent Sync allows remote attackers to execute arbitrary commands via a crafted btsync: link. | ||||
| CVE-2015-2746 | 1 Websense | 2 Triton, V-series Appliances | 2024-08-06 | N/A |
| The network diagnostics tool (CommandLineServlet) in the Appliance Manager command line utility (CLU) in Websense TRITON 7.8.3 and V-Series appliances before 7.8.4 Hotfix 02 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the "second" parameter of a command, as demonstrated by the Destination parameter in the ping command. | ||||
| CVE-2015-2208 | 1 Avinu | 1 Phpmoadmin | 2024-08-06 | N/A |
| The saveObject function in moadmin.php in phpMoAdmin 1.1.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the object parameter. | ||||
| CVE-2015-2210 | 1 Epicor | 1 Crs Retail Store | 2024-08-06 | N/A |
| The help window in Epicor CRS Retail Store before 3.2.03.01.008 allows local users to execute arbitrary code by injecting Javascript into the window source to create a button that spawns a command shell. | ||||
| CVE-2015-2265 | 2 Canonical, Linuxfoundation | 2 Ubuntu Linux, Cups-filters | 2024-08-06 | N/A |
| The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707. | ||||