Filtered by CWE-78
Total 6108 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2016-4853 1 Akabei Soft2 1 Happy Wardrobe 2025-04-12 N/A
AKABEi SOFT2 games allow remote attackers to execute arbitrary OS commands via crafted saved data, as demonstrated by Happy Wardrobe.
CVE-2013-5948 2 Asus, T-mobile 3 Rt-ac68u, Rt-ac68u Firmware, Tm-ac1900 2025-04-12 N/A
The Network Analysis tab (Main_Analysis_Content.asp) in the ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the Target field (destIP parameter).
CVE-2014-3085 1 Ibm 2 Global Console Manager 16 Firmware, Global Console Manager 32 Firmware 2025-04-12 N/A
systest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the lpres parameter.
CVE-2016-4965 1 Fortinet 1 Fortiwan 2025-04-12 N/A
Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users with access to the nslookup functionality to execute arbitrary commands with root privileges via the graph parameter to diagnosis_control.php.
CVE-2015-6008 1 Refbase 1 Refbase 2025-04-12 N/A
install.php in Web Reference Database (aka refbase) through 0.9.6 allows remote attackers to execute arbitrary commands via the adminPassword parameter, a different issue than CVE-2015-7381.
CVE-2015-4279 1 Cisco 1 Unified Computing System 2025-04-12 N/A
The Manager component in Cisco Unified Computing System (UCS) 2.2(3b) on B Blade Server devices allows local users to gain privileges for executing arbitrary CLI commands by leveraging access to the subordinate fabric interconnect, aka Bug ID CSCut32778.
CVE-2014-9284 1 Buffalotech 14 Bhr-4grv2, Bhr-4grv2 Firmware, Wex-300 and 11 more 2025-04-12 N/A
The Buffalo WHR-1166DHP 1.60 and earlier, WSR-600DHP 1.60 and earlier, WHR-600D 1.60 and earlier, WHR-300HP2 1.60 and earlier, WMR-300 1.60 and earlier, WEX-300 1.60 and earlier, and BHR-4GRV2 1.04 and earlier routers allow remote authenticated users to execute arbitrary OS commands via unspecified vectors.
CVE-2014-2707 1 Linuxfoundation 1 Cups-filters 2025-04-12 N/A
cups-browsed in cups-filters 1.0.41 before 1.0.51 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the (1) model or (2) PDL, related to "System V interface scripts generated for queues."
CVE-2016-1000216 1 Ruckus 1 Wireless H500 2025-04-12 N/A
Ruckus Wireless H500 web management interface authenticated command injection
CVE-2014-3358 1 Cisco 2 Ios, Ios Xe 2025-04-12 N/A
Memory leak in Cisco IOS 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.3.xSE before 3.3.2SE, 3.3.xXO before 3.3.1XO, 3.5.xE before 3.5.2E, and 3.11.xS before 3.11.1S allows remote attackers to cause a denial of service (memory consumption, and interface queue wedge or device reload) via malformed mDNS packets, aka Bug ID CSCuj58950.
CVE-2012-1166 1 Canonical 2 Ltsp Display Manager, Ubuntu Linux 2025-04-12 N/A
The default keybindings for wwm in LTSP Display Manager (ldm) 2.2.x before 2.2.7 allow remote attackers to execute arbitrary commands via the KP_RETURN keybinding, which launches a terminal window.
CVE-2016-1352 1 Cisco 1 Unified Computing System Central Software 2025-04-12 N/A
Cisco Unified Computing System (UCS) Central Software 1.3(1b) and earlier allows remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuv33856.
CVE-2015-4956 1 Ibm 1 Qradar Security Information And Event Manager 2025-04-12 N/A
The Web UI in IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 allows remote authenticated users to execute unspecified OS commands via unknown vectors.
CVE-2014-4326 1 Elastic 1 Logstash 2025-04-12 N/A
Elasticsearch Logstash 1.0.14 through 1.4.x before 1.4.2 allows remote attackers to execute arbitrary commands via a crafted event in (1) zabbix.rb or (2) nagios_nsca.rb in outputs/.
CVE-2015-4330 1 Cisco 1 Telepresence Video Communication Server Software 2025-04-12 N/A
A local file script in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges for OS command execution via invalid parameters, aka Bug ID CSCuv10556.
CVE-2015-0977 1 Network Vision 1 Intravue 2025-04-12 N/A
Network Vision IntraVue before 2.3.0a14 on Windows allows remote attackers to execute arbitrary OS commands via unspecified vectors.
CVE-2015-0691 1 Cisco 1 Secure Desktop 2025-04-12 N/A
A certain Cisco JAR file, as distributed in Cache Cleaner in Cisco Secure Desktop (CSD), allows remote attackers to execute arbitrary commands via a crafted web site, aka Bug ID CSCup83001.
CVE-2016-1482 1 Cisco 1 Webex Meetings Server 2025-04-12 N/A
Cisco WebEx Meetings Server 2.6 allows remote attackers to execute arbitrary commands by injecting these commands into an application script, aka Bug ID CSCuy83130.
CVE-2016-3655 1 Paloaltonetworks 1 Pan-os 2025-04-12 N/A
The management web interface in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5 allows remote attackers to execute arbitrary OS commands via an unspecified API call.
CVE-2016-1320 1 Cisco 1 Prime Collaboration 2025-04-12 N/A
The CLI in Cisco Prime Collaboration 9.0 and 11.0 allows local users to execute arbitrary OS commands as root by leveraging administrator privileges, aka Bug ID CSCux69286.