Total
4026 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-2612 | 1 Huawei | 2 E587, E587 Firmware | 2024-08-06 | 9.8 Critical |
| Command-injection vulnerability in Huawei E587 3G Mobile Hotspot 11.203.27 allows remote attackers to execute arbitrary shell commands with root privileges due to an error in the Web UI. | ||||
| CVE-2013-2512 | 1 Ftpd Project | 1 Ftpd | 2024-08-06 | 9.8 Critical |
| The ftpd gem 0.2.1 for Ruby allows remote attackers to execute arbitrary OS commands via shell metacharacters in a LIST or NLST command argument within FTP protocol traffic. | ||||
| CVE-2013-2090 | 1 Uplawski | 1 Creme Fraiche | 2024-08-06 | N/A |
| The set_meta_data function in lib/cremefraiche.rb in the Creme Fraiche gem before 0.6.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the file name of an email attachment. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2013-2095 | 1 Openshift-origin-controller Project | 1 Openshift-origin-controller | 2024-08-06 | 9.8 Critical |
| rubygem-openshift-origin-controller: API can be used to create applications via cartridge_cache.rb URI.prase() to perform command injection | ||||
| CVE-2013-2060 | 1 Redhat | 1 Openshift | 2024-08-06 | 9.8 Critical |
| The download_from_url function in OpenShift Origin allows remote attackers to execute arbitrary commands via shell metacharacters in the URL of a request to download a cart. | ||||
| CVE-2013-2024 | 2 Call-cc, Debian | 2 Chicken, Debian Linux | 2024-08-06 | 8.8 High |
| OS command injection vulnerability in the "qs" procedure from the "utils" module in Chicken before 4.9.0. | ||||
| CVE-2013-1933 | 2 Documentcloud, Ruby-lang | 2 Karteek-docsplit, Ruby | 2024-08-06 | N/A |
| The extract_from_ocr function in lib/docsplit/text_extractor.rb in the Karteek Docsplit (karteek-docsplit) gem 0.5.4 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a PDF filename. | ||||
| CVE-2013-1668 | 1 Coscms | 1 Coscms | 2024-08-06 | N/A |
| The uploadFile function in upload/index.php in CosCMS before 1.822 allows remote administrators to execute arbitrary commands via shell metacharacters in the name of an uploaded file. | ||||
| CVE-2013-1599 | 1 Dlink | 34 Dcs-1100, Dcs-1100 Firmware, Dcs-1100l and 31 more | 2024-08-06 | 9.8 Critical |
| A Command Injection vulnerability exists in the /var/www/cgi-bin/rtpd.cgi script in D-Link IP Cameras DCS-3411/3430 firmware 1.02, DCS-5605/5635 1.01, DCS-1100L/1130L 1.04, DCS-1100/1130 1.03, DCS-1100/1130 1.04_US, DCS-2102/2121 1.05_RU, DCS-3410 1.02, DCS-5230 1.02, DCS-5230L 1.02, DCS-6410 1.00, DCS-7410 1.00, DCS-7510 1.00, and WCS-1100 1.02, which could let a remote malicious user execute arbitrary commands through the camera’s web interface. | ||||
| CVE-2013-1616 | 1 Symantec | 3 Web Gateway, Web Gateway Appliance 8450, Web Gateway Appliance 8490 | 2024-08-06 | N/A |
| The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote attackers to execute arbitrary commands by injecting a command into an application script. | ||||
| CVE-2013-1598 | 1 Vivotek | 2 Pt7135, Pt7135 Firmware | 2024-08-06 | 8.8 High |
| A Command Injection vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via the system.ntp parameter to the farseer.out binary file, which cold let a malicious user execute arbitrary code. | ||||
| CVE-2013-1362 | 2 Nagios, Opensuse | 2 Remote Plug In Executor, Opensuse | 2024-08-06 | N/A |
| Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor (NRPE) before 2.14 might allow remote attackers to execute arbitrary shell commands via "$()" shell metacharacters, which are processed by bash. | ||||
| CVE-2013-0928 | 1 Emc | 1 Alphastor | 2024-08-06 | N/A |
| The NetWorker command processor in rrobotd.exe in the Device Manager in EMC AlphaStor 4.0 before build 800 allows remote attackers to execute arbitrary commands via a DCP "run command" operation. | ||||
| CVE-2013-0517 | 1 Ibm | 1 Sterling External Authentication Server | 2024-08-06 | 7.8 High |
| A Command Execution Vulnerability exists in IBM Sterling External Authentication Server 2.2.0, 2.3.01, 2.4.0, and 2.4.1 via an unspecified OS command, which could let a local malicious user execute arbitrary code. | ||||
| CVE-2014-9938 | 2 Git-scm, Redhat | 2 Git, Enterprise Linux | 2024-08-06 | 8.8 High |
| contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution. | ||||
| CVE-2014-9284 | 1 Buffalotech | 14 Bhr-4grv2, Bhr-4grv2 Firmware, Wex-300 and 11 more | 2024-08-06 | N/A |
| The Buffalo WHR-1166DHP 1.60 and earlier, WSR-600DHP 1.60 and earlier, WHR-600D 1.60 and earlier, WHR-300HP2 1.60 and earlier, WMR-300 1.60 and earlier, WEX-300 1.60 and earlier, and BHR-4GRV2 1.04 and earlier routers allow remote authenticated users to execute arbitrary OS commands via unspecified vectors. | ||||
| CVE-2014-8945 | 1 Piwigo | 1 Lexiglot | 2024-08-06 | 9.8 Critical |
| admin.php?page=projects in Lexiglot through 2014-11-20 allows command injection via username and password fields. | ||||
| CVE-2014-8651 | 1 Kde | 2 Kde-workspace, Plasma-desktop | 2024-08-06 | N/A |
| The KDE Clock KCM policykit helper in kde-workspace before 4.11.14 and plasma-desktop before 5.1.1 allows local users to gain privileges via a crafted ntpUtility (ntp utility name) argument. | ||||
| CVE-2014-8563 | 1 Synacor | 1 Zimbra Collaboration Server | 2024-08-06 | 9.8 Critical |
| Synacor Zimbra Collaboration before 8.0.9 allows plaintext command injection during STARTTLS. | ||||
| CVE-2014-8334 | 1 Wp-dbmanager Project | 1 Wp-dbmanager | 2024-08-06 | N/A |
| The WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) $backup['filepath'] (aka "Path to Backup:" field) or (2) $backup['mysqldumppath'] variable. | ||||