Total
4026 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-0659 | 1 Cisco | 6 Rvs4000, Rvs4000 Firmware, Wap4410n and 3 more | 2024-08-06 | N/A |
| The Cisco WAP4410N access point with firmware through 2.0.6.1, WRVS4400N router with firmware 1.x through 1.1.13 and 2.x through 2.0.2.1, and RVS4000 router with firmware through 2.0.3.2 allow remote attackers to read credential and configuration data, and execute arbitrary commands, via requests to the test interface on TCP port 32764, aka Bug IDs CSCum37566, CSCum43693, CSCum43700, and CSCum43685. | ||||
| CVE-2014-0359 | 1 Xangati | 2 Xangati Software Release, Xangati Xnr | 2024-08-06 | N/A |
| Xangati XSR before 11 and XNR before 7 allows remote attackers to execute arbitrary commands via shell metacharacters in a gui_input_test.pl params parameter to servlet/Installer. | ||||
| CVE-2014-0356 | 1 Zyxel | 2 N300 Netusb Nbg-419n, N300 Netusb Nbg-419n Firmware | 2024-08-06 | N/A |
| The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 allows remote attackers to execute arbitrary code via shell metacharacters in input to the (1) detectWeather, (2) set_language, (3) SystemCommand, or (4) NTPSyncWithHost function in management.c, or a (5) SET COUNTRY, (6) SET WLAN SSID, (7) SET WLAN CHANNEL, (8) SET WLAN STATUS, or (9) SET WLAN COUNTRY udps command. | ||||
| CVE-2014-0233 | 1 Redhat | 1 Openshift | 2024-08-06 | N/A |
| Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced by a cartridge using the file: URI scheme. | ||||
| CVE-2014-0162 | 2 Openstack, Redhat | 3 Icehouse, Image Registry And Delivery Service \(glance\), Openstack | 2024-08-06 | N/A |
| The Sheepdog backend in OpenStack Image Registry and Delivery Service (Glance) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote authenticated users with permission to insert or modify an image to execute arbitrary commands via a crafted location. | ||||
| CVE-2014-0163 | 1 Redhat | 1 Openshift | 2024-08-06 | 8.8 High |
| Openshift has shell command injection flaws due to unsanitized data being passed into shell commands. | ||||
| CVE-2014-0156 | 1 Manageiq | 1 Awesomespawn | 2024-08-06 | 9.8 Critical |
| Awesome spawn contains OS command injection vulnerability, which allows execution of additional commands passed to Awesome spawn as arguments. If untrusted input was included in command arguments, attacker could use this flaw to execute arbitrary command. | ||||
| CVE-2014-0007 | 2 Redhat, Theforeman | 4 Openstack, Satellite, Satellite Capsule and 1 more | 2024-08-06 | N/A |
| The Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter to tftp/fetch_boot_file. | ||||
| CVE-2015-8557 | 2 Canonical, Pygments | 2 Ubuntu Linux, Pygments | 2024-08-06 | N/A |
| The FontManager._get_nix_font_path function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name. | ||||
| CVE-2015-8151 | 1 Symantec | 1 Encryption Management Server | 2024-08-06 | N/A |
| Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote authenticated users to execute arbitrary OS commands by leveraging console administrator access. | ||||
| CVE-2015-8024 | 1 Mcafee | 1 Mcafee Enterprise Security Manager | 2024-08-06 | N/A |
| McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), and Enterprise Security Manager/Receiver (ESMREC) 9.3.x before 9.3.2MR19, 9.4.x before 9.4.2MR9, and 9.5.x before 9.5.0MR8, when configured to use Active Directory or LDAP authentication sources, allow remote attackers to bypass authentication by logging in with the username "NGCP|NGCP|NGCP;" and any password. | ||||
| CVE-2015-7901 | 1 Infinite Automation Systems | 1 Mango Automation | 2024-08-06 | N/A |
| Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote authenticated users to execute arbitrary OS commands via unspecified vectors. | ||||
| CVE-2015-7769 | 1 Basercms | 1 Basercms | 2024-08-06 | N/A |
| baserCMS 3.0.2 through 3.0.8 allows remote authenticated users to execute arbitrary OS commands via unspecified vectors. | ||||
| CVE-2015-7774 | 2 Pc-egg, Php | 2 Pwebmanager, Php | 2024-08-06 | N/A |
| PC-EGG pWebManager before 3.3.10, and before 2.2.2 for PHP 4.x, allows remote authenticated users to execute arbitrary OS commands by leveraging the editor role. | ||||
| CVE-2015-7698 | 1 Owncloud | 2 Owncloud, Smb | 2024-08-06 | N/A |
| icewind1991 SMB before 1.0.3 allows remote authenticated users to execute arbitrary SMB commands via shell metacharacters in the user argument in the (1) listShares function in Server.php or the (2) connect or (3) read function in Share.php. | ||||
| CVE-2015-7611 | 1 Apache | 1 James Server | 2024-08-06 | N/A |
| Apache James Server 2.3.2, when configured with file-based user repositories, allows attackers to execute arbitrary system commands via unspecified vectors. | ||||
| CVE-2015-7426 | 1 Ibm | 2 Spectrum Protect For Virtual Environments, Spectrum Protect Snapshot | 2024-08-06 | N/A |
| The Data Protection extension in the VMware GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 7.1 before 7.1.3.0 and Tivoli Storage FlashCopy Manager for VMware (aka Spectrum Protect Snapshot) 4.1 before 4.1.3.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | ||||
| CVE-2015-7310 | 1 Mcafee | 3 Enterprise Security Manager, Enterprise Security Manager\/log Manager, Enterprise Security Manager\/receiver | 2024-08-06 | N/A |
| McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), and Enterprise Security Manager/Receiver (ESMREC) before 9.3.2MR18, 9.4.x before 9.4.2MR8, and 9.5.x before 9.5.0MR7 allow remote authenticated users to execute arbitrary OS commands via a crafted filename, which is not properly handled when downloading the file. | ||||
| CVE-2015-7253 | 1 Commvault | 1 Edge Server | 2024-08-06 | N/A |
| The Web Console in Commvault Edge Server 10 R2 allows remote attackers to execute arbitrary OS commands via crafted serialized data in a cookie. | ||||
| CVE-2015-6554 | 1 Symantec | 1 Endpoint Protection Manager | 2024-08-06 | N/A |
| Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 allows remote attackers to execute arbitrary OS commands via crafted data. | ||||