Total
5729 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-4257 | 1 Cdatatec | 1 C-data Web Management System | 2025-04-15 | 6.3 Medium |
| A vulnerability was found in C-DATA Web Management System. It has been rated as critical. This issue affects some unknown processing of the file cgi-bin/jumpto.php of the component GET Parameter Handler. The manipulation of the argument hostname leads to argument injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214631. | ||||
| CVE-2022-4515 | 3 Debian, Exuberant Ctags Project, Redhat | 3 Debian Linux, Exuberant Ctags, Enterprise Linux | 2025-04-14 | 7.8 High |
| A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an unsafe way. | ||||
| CVE-2022-40005 | 1 Intelbras | 2 Wifiber 120ac Inmesh, Wifiber 120ac Inmesh Firmware | 2025-04-14 | 8.8 High |
| Intelbras WiFiber 120AC inMesh before 1-1-220826 allows command injection by authenticated users, as demonstrated by the /boaform/formPing6 and /boaform/formTracert URIs for ping and traceroute. | ||||
| CVE-2022-4221 | 1 Asus | 2 Nas-m25, Nas-m25 Firmware | 2025-04-14 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Asus NAS-M25 allows an unauthenticated attacker to inject arbitrary OS commands via unsanitized cookie values.This issue affects NAS-M25: through 1.0.1.7. | ||||
| CVE-2025-28256 | 1 Totolink | 2 A3100r, A3100r Firmware | 2025-04-14 | 9.8 Critical |
| An issue in TOTOLINK A3100R V4.1.2cu.5247_B20211129 allows a remote attacker to execute arbitrary code via the setWebWlanIdx of the file /lib/cste_modules/wireless.so. | ||||
| CVE-2014-3008 | 1 Unitrends | 1 Enterprise Backup | 2025-04-12 | N/A |
| Unitrends Enterprise Backup 7.3.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the comm parameter to recoveryconsole/bpl/snmpd.php. | ||||
| CVE-2014-3007 | 2 Python, Pythonware | 2 Pillow, Python Imaging Library | 2025-04-12 | N/A |
| Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might allow remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors related to CVE-2014-1932, possibly JpegImagePlugin.py. | ||||
| CVE-2015-7253 | 1 Commvault | 1 Edge Server | 2025-04-12 | N/A |
| The Web Console in Commvault Edge Server 10 R2 allows remote attackers to execute arbitrary OS commands via crafted serialized data in a cookie. | ||||
| CVE-2015-4642 | 2 Microsoft, Php | 2 Windows, Php | 2025-04-12 | N/A |
| The escapeshellarg function in ext/standard/exec.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 on Windows allows remote attackers to execute arbitrary OS commands via a crafted string to an application that accepts command-line arguments for a call to the PHP system function. | ||||
| CVE-2013-2642 | 1 Sophos | 2 Web Appliance, Web Appliance Firmware | 2025-04-12 | N/A |
| Sophos Web Appliance before 3.7.8.2 allows (1) remote attackers to execute arbitrary commands via shell metacharacters in the client-ip parameter to the Block page, when using the user_workstation variable in a customized template, and remote authenticated users to execute arbitrary commands via shell metacharacters in the (2) url parameter to the Diagnostic Tools functionality or (3) entries parameter to the Local Site List functionality. | ||||
| CVE-2014-6277 | 1 Gnu | 1 Bash | 2025-04-12 | N/A |
| GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer read and write operations) via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271 and CVE-2014-7169. | ||||
| CVE-2014-8651 | 1 Kde | 2 Kde-workspace, Plasma-desktop | 2025-04-12 | N/A |
| The KDE Clock KCM policykit helper in kde-workspace before 4.11.14 and plasma-desktop before 5.1.1 allows local users to gain privileges via a crafted ntpUtility (ntp utility name) argument. | ||||
| CVE-2015-1388 | 1 Arubanetworks | 1 Arubaos | 2025-04-12 | N/A |
| The "RAP console" feature in ArubaOS 5.x through 6.2.x, 6.3.x before 6.3.1.15, and 6.4.x before 6.4.2.4 on Aruba access points in Remote Access Point (AP) mode allows remote attackers to execute arbitrary commands via unspecified vectors. | ||||
| CVE-2013-5948 | 2 Asus, T-mobile | 3 Rt-ac68u, Rt-ac68u Firmware, Tm-ac1900 | 2025-04-12 | N/A |
| The Network Analysis tab (Main_Analysis_Content.asp) in the ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the Target field (destIP parameter). | ||||
| CVE-2013-7259 | 1 Neo4j | 1 Neo4j | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Neo4J 1.9.2 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary code, as demonstrated by a request to (1) db/data/ext/GremlinPlugin/graphdb/execute_script or (2) db/manage/server/console/. | ||||
| CVE-2015-2265 | 2 Canonical, Linuxfoundation | 2 Ubuntu Linux, Cups-filters | 2025-04-12 | N/A |
| The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707. | ||||
| CVE-2014-4823 | 1 Ibm | 5 Security Access Manager For Mobile 8.0 Firmware, Security Access Manager For Mobile Appliance, Security Access Manager For Web 7.0 Firmware and 2 more | 2025-04-12 | N/A |
| The administration console in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers to inject system commands via unspecified vectors. | ||||
| CVE-2015-5672 | 1 Typemoon | 4 Fate\/hollow Ataraxia, Fate\/stay Night, Fate\/stay Night \+ Hollow Ataraxia Set and 1 more | 2025-04-12 | N/A |
| TYPE-MOON Fate/stay night, Fate/hollow ataraxia, Witch on the Holy Night, and Fate/stay night + hollow ataraxia set allow remote attackers to execute arbitrary OS commands via crafted saved data. | ||||
| CVE-2015-5673 | 1 Isucon | 1 Isucon 5 Qualifier Eventapp | 2025-04-12 | N/A |
| eventapp/lib/gcloud.rb in the ISUCON5 qualifier portal (aka eventapp) web application before 2015-10-30 makes improper popen calls, which allows remote attackers to execute arbitrary commands via an HTTP request that includes shell metacharacters in an argument to a "gcloud compute" command. | ||||
| CVE-2013-2090 | 1 Uplawski | 1 Creme Fraiche | 2025-04-12 | N/A |
| The set_meta_data function in lib/cremefraiche.rb in the Creme Fraiche gem before 0.6.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the file name of an email attachment. NOTE: some of these details are obtained from third party information. | ||||