Total
3877 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2012-6595 | 1 Paloaltonetworks | 1 Pan-os | 2024-08-06 | N/A |
The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1.x before 4.1.2 allows remote authenticated administrators to execute arbitrary commands via unspecified vectors, aka Ref ID 34595. | ||||
CVE-2012-6591 | 1 Paloaltonetworks | 1 Pan-os | 2024-08-06 | N/A |
The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.5 allows remote authenticated administrators to execute arbitrary commands via unspecified vectors, aka Ref ID 31116. | ||||
CVE-2012-6600 | 1 Paloaltonetworks | 1 Pan-os | 2024-08-06 | N/A |
The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1.x before 4.1.2 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 34502. | ||||
CVE-2012-6592 | 1 Paloaltonetworks | 1 Pan-os | 2024-08-06 | N/A |
Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.5 allows remote attackers to execute arbitrary commands via unspecified vectors, aka Ref ID 31091. | ||||
CVE-2012-6601 | 1 Paloaltonetworks | 1 Pan-os | 2024-08-06 | N/A |
The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.12, 4.0.x before 4.0.10, and 4.1.x before 4.1.4 allows remote attackers to execute arbitrary code via unspecified vectors, aka Ref ID 36983. | ||||
CVE-2012-5878 | 1 Bulbsecurity | 1 Smartphone Pentest Framework | 2024-08-06 | 9.8 Critical |
Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostingPath parameter to (1) SEAttack.pl or (2) CSAttack.pl in frameworkgui/ or the (3) appURLPath parameter to frameworkgui/attachMobileModem.pl. | ||||
CVE-2012-5693 | 1 Bulbsecurity | 1 Smartphone Pentest Framework | 2024-08-06 | 8.8 High |
Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddressTB parameter to (1) remoteAttack.pl or (2) guessPassword.pl in frameworkgui/; the filename parameter to (3) CSAttack.pl or (4) SEAttack.pl in frameworkgui/; the phNo2Attack parameter to (5) CSAttack.pl or (6) SEAttack.pl in frameworkgui/; the (7) platformDD2 parameter to frameworkgui/SEAttack.pl; the (8) agentURLPath or (9) agentControlKey parameter to frameworkgui/attach2agents.pl; or the (10) controlKey parameter to frameworkgui/attachMobileModem.pl. NOTE: The hostingPath parameter to CSAttack.pl and SEAttack.pl vectors and the appURLPath parameter to attachMobileModem.pl vector are covered by CVE-2012-5878. | ||||
CVE-2012-5646 | 1 Redhat | 2 Openshift, Openshift Origin | 2024-08-06 | N/A |
node-util/www/html/restorer.php in the Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to execute arbitrary commands via a crafted uuid in the PATH_INFO. | ||||
CVE-2012-4981 | 1 Toshiba | 1 Configfree | 2024-08-06 | 8.8 High |
Toshiba ConfigFree 8.0.38 has a CF7 File Remote Command Execution Vulnerability | ||||
CVE-2012-4177 | 1 Ubi | 1 Uplay Pc | 2024-08-06 | N/A |
The web browser plugin for Ubisoft Uplay PC before 2.0.4 allows remote attackers to execute arbitrary programs via the -orbit_exe_path command line argument. | ||||
CVE-2012-4075 | 1 Cisco | 1 Nx-os | 2024-08-06 | N/A |
Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in unspecified command parameters, aka Bug IDs CSCtf19827 and CSCtf27788. | ||||
CVE-2024-7467 | 1 Raisecom | 8 Msg1200, Msg1200 Firmware, Msg2100e and 5 more | 2024-08-06 | 6.3 Medium |
A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90 and classified as critical. Affected by this issue is the function sslvpn_config_mod of the file /vpn/list_ip_network.php of the component Web Interface. The manipulation of the argument template/stylenum leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273560. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
CVE-2024-7470 | 1 Raisecom | 8 Msg1200, Msg1200 Firmware, Msg2100e and 5 more | 2024-08-06 | 6.3 Medium |
A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. It has been rated as critical. This issue affects the function sslvpn_config_mod of the file /vpn/vpn_template_style.php of the component Web Interface. The manipulation of the argument template/stylenum leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273563. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
CVE-2012-3366 | 1 Anl | 1 Bcfg2 | 2024-08-06 | N/A |
The Trigger plugin in bcfg2 1.2.x before 1.2.3 allows remote attackers with root access to the client to execute arbitrary commands via shell metacharacters in the UUID field to the server process (bcfg2-server). | ||||
CVE-2012-2976 | 1 Symantec | 1 Web Gateway | 2024-08-06 | N/A |
The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary shell commands via crafted input to application scripts, related to an "injection" issue. | ||||
CVE-2012-3001 | 1 Mutiny | 1 Standard | 2024-08-06 | N/A |
Mutiny Standard before 4.5-1.12 allows remote attackers to execute arbitrary commands via the network-interface menu, related to a "command injection vulnerability." | ||||
CVE-2012-2953 | 1 Symantec | 1 Web Gateway | 2024-08-06 | N/A |
The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary commands via crafted input to application scripts. | ||||
CVE-2012-2607 | 1 Johnsoncontrols | 2 Network Controller, Network Controller Firmware | 2024-08-06 | N/A |
The Johnson Controls CK721-A controller with firmware before SSM4388_03.1.0.14_BB allows remote attackers to perform arbitrary actions via crafted packets to TCP port 41014 (aka the download port). | ||||
CVE-2012-2395 | 2 Michael Dehaan, Redhat | 2 Cobbler, Network Satellite | 2024-08-06 | N/A |
Incomplete blacklist vulnerability in action_power.py in Cobbler 2.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) username or (2) password fields to the power_system method in the xmlrpc API. | ||||
CVE-2012-2140 | 2 Cloudforms Cloudengine, Rubygems | 2 1, Mail Gem | 2024-08-06 | N/A |
The Mail gem before 2.4.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) sendmail or (2) exim delivery. |