ReportizFlow
Filtered by vendor
Subscriptions
Total
5432 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-1297 | 1 Cisco | 1 Application Control Engine Software | 2025-04-12 | N/A |
| The Device Manager GUI in Cisco Application Control Engine (ACE) 4710 A5 before A5(3.1) allows remote authenticated users to bypass intended RBAC restrictions and execute arbitrary CLI commands with admin privileges via an unspecified parameter in a POST request, aka Bug ID CSCul84801. | ||||
| CVE-2014-0233 | 1 Redhat | 1 Openshift | 2025-04-12 | N/A |
| Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced by a cartridge using the file: URI scheme. | ||||
| CVE-2014-9727 | 1 Avm | 1 Fritz\!box | 2025-04-12 | N/A |
| AVM Fritz!Box allows remote attackers to execute arbitrary commands via shell metacharacters in the var:lang parameter to cgi-bin/webcm. | ||||
| CVE-2016-3655 | 1 Paloaltonetworks | 1 Pan-os | 2025-04-12 | N/A |
| The management web interface in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5 allows remote attackers to execute arbitrary OS commands via an unspecified API call. | ||||
| CVE-2014-8387 | 1 Advantech | 2 Eki-6340, Eki-6340 Firmware | 2025-04-12 | N/A |
| cgi/utility.cgi in Advantech EKI-6340 2.05 Wi-Fi Mesh Access Point allows remote authenticated users to execute arbitrary commands via shell metacharacters in the pinghost parameter to ping.cgi. | ||||
| CVE-2015-4642 | 2 Microsoft, Php | 2 Windows, Php | 2025-04-12 | N/A |
| The escapeshellarg function in ext/standard/exec.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 on Windows allows remote attackers to execute arbitrary OS commands via a crafted string to an application that accepts command-line arguments for a call to the PHP system function. | ||||
| CVE-2014-5502 | 1 Cyberoam | 1 Cyberoam Os | 2025-04-12 | N/A |
| The Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote authenticated users to inject arbitrary commands via a (1) checkcert_key, (2) webclient_portal_settings, (3) sslvpn_liveuser_delete, or (4) ccc_flush_sql_file opcode. | ||||
| CVE-2014-0886 | 1 Ibm | 1 Lotus Protector For Mail Security | 2025-04-12 | N/A |
| The Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to bypass intended access restrictions and execute arbitrary commands via unspecified vectors. | ||||
| CVE-2015-6298 | 1 Cisco | 1 Web Security Appliance | 2025-04-12 | N/A |
| The admin web interface in Cisco AsyncOS 8.x before 8.0.8-113, 8.1.x and 8.5.x before 8.5.3-051, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance (WSA) devices allows remote authenticated users to obtain root privileges via crafted certificate-generation arguments, aka Bug ID CSCus83445. | ||||
| CVE-2013-7259 | 1 Neo4j | 1 Neo4j | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Neo4J 1.9.2 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary code, as demonstrated by a request to (1) db/data/ext/GremlinPlugin/graphdb/execute_script or (2) db/manage/server/console/. | ||||
| CVE-2015-4237 | 1 Cisco | 38 Mds 9100, Mds 9140, Mds 9500 and 35 more | 2025-04-12 | N/A |
| The CLI parser in Cisco NX-OS 4.1(2)E1(1), 6.2(11b), 6.2(12), 7.2(0)ZZ(99.1), 7.2(0)ZZ(99.3), and 9.1(1)SV1(3.1.8) on Nexus devices allows local users to execute arbitrary OS commands via crafted characters in a filename, aka Bug IDs CSCuv08491, CSCuv08443, CSCuv08480, CSCuv08448, CSCuu99291, CSCuv08434, and CSCuv08436. | ||||
| CVE-2015-8151 | 1 Symantec | 1 Encryption Management Server | 2025-04-12 | N/A |
| Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote authenticated users to execute arbitrary OS commands by leveraging console administrator access. | ||||
| CVE-2014-6434 | 1 Gopro | 2 Gopro Hero, Gopro Hero Firmware | 2025-04-12 | N/A |
| gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary commands via a the (1) a1 or (2) a2 parameter in a restart action. | ||||
| CVE-2015-0977 | 1 Network Vision | 1 Intravue | 2025-04-12 | N/A |
| Network Vision IntraVue before 2.3.0a14 on Windows allows remote attackers to execute arbitrary OS commands via unspecified vectors. | ||||
| CVE-2016-6414 | 1 Cisco | 1 Ios | 2025-04-12 | N/A |
| iox in Cisco IOS, possibly 15.6 and earlier, and IOS XE, possibly 3.18 and earlier, allows local users to execute arbitrary IOx Linux commands on the guest OS via crafted iox command-line options, aka Bug ID CSCuz59223. | ||||
| CVE-2015-2844 | 1 Goautodial | 1 Goadmin Ce | 2025-04-12 | N/A |
| The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1420434000 allows remote attackers to execute arbitrary commands via the $action portion of the PATH_INFO. | ||||
| CVE-2016-1352 | 1 Cisco | 1 Unified Computing System Central Software | 2025-04-12 | N/A |
| Cisco Unified Computing System (UCS) Central Software 1.3(1b) and earlier allows remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuv33856. | ||||
| CVE-2016-6147 | 1 Sap | 1 Trex | 2025-04-12 | N/A |
| An unspecified interface in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands with SIDadm privileges via unspecified vectors, aka SAP Security Note 2234226. | ||||
| CVE-2014-2565 | 1 Bluecoat | 2 Content Analysis System, Content Analysis System Software | 2025-04-12 | N/A |
| The commandline interface in Blue Coat Content Analysis System (CAS) 1.1 before 1.1.4.2 allows remote administrators to execute arbitrary commands via unspecified vectors, related to "command injection." | ||||
| CVE-2016-1468 | 1 Cisco | 1 Telepresence Video Communication Server | 2025-04-12 | N/A |
| The administrative web interface in Cisco TelePresence Video Communication Server Expressway X8.5.2 allows remote authenticated users to execute arbitrary commands via crafted fields, aka Bug ID CSCuv12531. | ||||