ReportizFlow
Filtered by vendor
Subscriptions
Total
5750 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-5322 | 1 Microsoft | 1 Visual Foxpro | 2026-04-23 | N/A |
| Insecure method vulnerability in the FPOLE.OCX 6.0.8450.0 ActiveX control in Microsoft Visual FoxPro 6.0 allows remote attackers to execute arbitrary programs by specifying them as an argument to the FoxDoCmd function. | ||||
| CVE-2008-2475 | 1 Ebay | 1 Enhanced Picture Uploader Activex Control | 2026-04-23 | N/A |
| eBay Enhanced Picture Uploader ActiveX control (EPUWALcontrol.dll) before 1.0.27 allows remote attackers to execute arbitrary commands via the PictureUrls property. | ||||
| CVE-2008-7158 | 1 Numarasoftware | 1 Footprints | 2026-04-23 | N/A |
| Numara FootPrints 7.5a through 7.5a1 and 8.0 through 8.0a allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) transcriptFile parameter to MRcgi/MRchat.pl or (2) LOADFILE parameter to MRcgi/MRABLoad2.pl. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-6669 | 1 Dirk Bartley | 1 Nweb2fax | 2026-04-23 | N/A |
| viewrq.php in nweb2fax 0.2.7 and earlier allows remote attackers to execute arbitrary code via shell metacharacters in the var_filename parameter in a (1) tif or (2) pdf format action. | ||||
| CVE-2009-3233 | 1 Cameron Morland | 1 Changetrack | 2026-04-23 | N/A |
| changetrack 4.3 allows local users to execute arbitrary commands via CRLF sequences and shell metacharacters in a filename in a directory that is checked by changetrack. | ||||
| CVE-2008-4690 | 2 Lynx, Redhat | 2 Lynx, Enterprise Linux | 2026-04-23 | N/A |
| lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx is configured as a URL handler, allows remote attackers to execute arbitrary commands via a crafted lynxcgi: URL, a related issue to CVE-2005-2929. NOTE: this might only be a vulnerability in limited deployments that have defined a lynxcgi: handler. | ||||
| CVE-2008-5718 | 1 Netatalk | 1 Netatalk | 2026-04-23 | N/A |
| The papd daemon in Netatalk before 2.0.4-beta2, when using certain variables in a pipe command for the print file, allows remote attackers to execute arbitrary commands via shell metacharacters in a print request, as demonstrated using a crafted Title. | ||||
| CVE-2007-4041 | 2 Microsoft, Mozilla | 4 Internet Explorer, Windows 2003 Server, Windows Xp and 1 more | 2026-04-23 | N/A |
| Multiple argument injection vulnerabilities in Mozilla Firefox 2.0.0.5 and 3.0alpha allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670. | ||||
| CVE-2007-4673 | 1 Apple | 1 Quicktime | 2026-04-23 | N/A |
| Argument injection vulnerability in Apple QuickTime 7.2 for Windows XP SP2 and Vista allows remote attackers to execute arbitrary commands via a URL in the qtnext field in a crafted QTL file. NOTE: this issue may be related to CVE-2006-4965 or CVE-2007-5045. | ||||
| CVE-2009-2288 | 1 Nagios | 1 Nagios | 2026-04-23 | N/A |
| statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) ping or (2) Traceroute parameters. | ||||
| CVE-2008-6554 | 1 Aztech | 1 Adsl2\/2\+4-port Router | 2026-04-23 | N/A |
| cgi-bin/script in Aztech ADSL2/2+ 4-port router 3.7.0 build 070426 allows remote attackers to execute arbitrary commands via shell metacharacters in the query string. | ||||
| CVE-2009-4498 | 1 Zabbix | 1 Zabbix | 2026-04-23 | N/A |
| The node_process_command function in Zabbix Server before 1.8 allows remote attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2008-4636 | 3 Novell, Opensuse, Suse | 7 Linux Desktop, Open Enterprise Server, Opensuse and 4 more | 2026-04-23 | N/A |
| yast2-backup 2.14.2 through 2.16.6 on SUSE Linux and Novell Linux allows local users to gain privileges via shell metacharacters in filenames used by the backup process. | ||||
| CVE-2009-2011 | 2 Dxstudio, Mozilla | 2 Dx Studio Player, Firefox | 2026-04-23 | N/A |
| Worldweaver DX Studio Player 3.0.29.0, 3.0.22.0, 3.0.12.0, and probably other versions before 3.0.29.1, when used as a plug-in for Firefox, does not restrict access to the shell.execute JavaScript API method, which allows remote attackers to execute arbitrary commands via a .dxstudio file that invokes this method. | ||||
| CVE-2008-5516 | 3 Git, Git-scm, Rpath | 3 Git, Git, Linux | 2026-04-23 | N/A |
| The web interface in git (gitweb) 1.5.x before 1.5.5 allows remote attackers to execute arbitrary commands via shell metacharacters related to git_search. | ||||
| CVE-2009-1916 | 1 Gscripts | 1 Dns Tools | 2026-04-23 | N/A |
| dig.php in GScripts.net DNS Tools allows remote attackers to execute arbitrary commands via shell metacharacters in the ns parameter. | ||||
| CVE-2009-0848 | 1 Opensuse | 1 Opensuse | 2026-04-23 | N/A |
| Untrusted search path vulnerability in GTK2 in OpenSUSE 11.0 and 11.1 allows local users to execute arbitrary code via a Trojan horse GTK module in an unspecified "relative search path." | ||||
| CVE-2009-0854 | 1 Dash | 1 Dash | 2026-04-23 | N/A |
| Untrusted search path vulnerability in dash 0.5.4, when used as a login shell, allows local users to execute arbitrary code via a Trojan horse .profile file in the current working directory. | ||||
| CVE-2008-6235 | 2 Redhat, Vim | 2 Enterprise Linux, Vim | 2026-04-23 | N/A |
| The Netrw plugin (netrw.vim) in Vim 7.0 and 7.1 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a filename used by the (1) "D" (delete) command or (2) b:netrw_curdir variable, as demonstrated using the netrw.v4 and netrw.v5 test cases. | ||||
| CVE-2008-4796 | 4 Debian, Nagios, Snoopy Project and 1 more | 4 Debian Linux, Nagios, Snoopy and 1 more | 2026-04-23 | N/A |
| The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote attackers to execute arbitrary commands via shell metacharacters in https URLs. | ||||