Filtered by CWE-78
Total 6109 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2013-1362 2 Nagios, Opensuse 2 Remote Plug In Executor, Opensuse 2025-04-11 N/A
Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor (NRPE) before 2.14 might allow remote attackers to execute arbitrary shell commands via "$()" shell metacharacters, which are processed by bash.
CVE-2013-5530 1 Cisco 1 Identity Services Engine Software 2025-04-11 N/A
The web framework in Cisco Identity Services Engine (ISE) 1.0 and 1.1.0 before 1.1.0.665-5, 1.1.1 before 1.1.1.268-7, 1.1.2 before 1.1.2.145-10, 1.1.3 before 1.1.3.124-7, 1.1.4 before 1.1.4.218-7, and 1.2 before 1.2.0.899-2 allows remote authenticated users to execute arbitrary commands via a crafted session on TCP port 443, aka Bug ID CSCuh81511.
CVE-2011-0372 1 Cisco 7 Telepresence System 1000, Telepresence System 1100, Telepresence System 1300 Series and 4 more 2025-04-11 N/A
The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote attackers to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCtb31640.
CVE-2011-0378 1 Cisco 7 Telepresence System 1000, Telepresence System 1100, Telepresence System 1300 Series and 4 more 2025-04-11 N/A
The XML-RPC implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote attackers to execute arbitrary commands via a TCP request, related to a "command injection vulnerability," aka Bug ID CSCtb52587.
CVE-2011-0381 1 Cisco 1 Telepresence Manager 2025-04-11 N/A
Cisco TelePresence Manager 1.2.x through 1.6.x allows remote attackers to perform unspecified actions and consequently execute arbitrary code via a crafted request to the Java RMI interface, related to a "command injection vulnerability," aka Bug ID CSCtf97085.
CVE-2011-0373 1 Cisco 7 Telepresence System 1000, Telepresence System 1100, Telepresence System 1300 Series and 4 more 2025-04-11 N/A
The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCtb31685.
CVE-2011-0456 1 Otrs 1 Otrs 2025-04-11 N/A
webscript.pl in Open Ticket Request System (OTRS) 2.3.4 and earlier allows remote attackers to execute arbitrary commands via unspecified vectors, related to a "command injection vulnerability."
CVE-2011-1904 1 Proofpoint 2 Messaging Security Gateway, Protection Server 2025-04-11 N/A
An unspecified function in the web interface in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allows remote attackers to execute arbitrary commands via unknown vectors, related to a "command injection" issue.
CVE-2012-6593 1 Paloaltonetworks 1 Pan-os 2025-04-11 N/A
Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.4 allows remote attackers to execute arbitrary commands via unspecified vectors, aka Ref ID 30088.
CVE-2011-4002 1 Mawashimono 1 Nikki 2025-04-11 N/A
HP no Mawashimono Nikki 6.6 and earlier allows remote attackers to execute arbitrary commands via unspecified vectors, related to a "command injection vulnerability."
CVE-2013-4983 1 Sophos 2 Web Appliance, Web Appliance Firmware 2025-04-11 N/A
The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to end-user/index.php.
CVE-2012-6591 1 Paloaltonetworks 1 Pan-os 2025-04-11 N/A
The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.5 allows remote authenticated administrators to execute arbitrary commands via unspecified vectors, aka Ref ID 31116.
CVE-2012-6602 1 Paloaltonetworks 1 Pan-os 2025-04-11 N/A
The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.4 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 30122.
CVE-2013-4984 1 Sophos 1 Web Appliance 2025-04-11 N/A
The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows local users to gain privileges via shell metacharacters in the second argument.
CVE-2013-6881 1 Cru-inc 2 Ditto Forensic Fieldstation, Ditto Forensic Fieldstation Firmware 2025-04-11 N/A
CRU Ditto Forensic FieldStation with firmware before 2013Oct15a allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) sector size or (2) skip count fields for the forensic imaging task.
CVE-2009-4644 1 Accellion 1 Secure File Transfer Appliance 2025-04-11 N/A
Accellion Secure File Transfer Appliance before 8_0_105 allows remote authenticated administrators to bypass the restricted shell and execute arbitrary commands via shell metacharacters to the ping command, as demonstrated by modifying the cli program.
CVE-2012-6601 1 Paloaltonetworks 1 Pan-os 2025-04-11 N/A
The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.12, 4.0.x before 4.0.10, and 4.1.x before 4.1.4 allows remote attackers to execute arbitrary code via unspecified vectors, aka Ref ID 36983.
CVE-2012-6592 1 Paloaltonetworks 1 Pan-os 2025-04-11 N/A
Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.5 allows remote attackers to execute arbitrary commands via unspecified vectors, aka Ref ID 31091.
CVE-2012-1795 1 Webglimpse 1 Webglimpse 2025-04-11 N/A
webglimpse.cgi in Webglimpse before 2.20.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the query parameter, as exploited in the wild in March 2012.
CVE-2010-0418 1 Chumby 2 Chumby Classic, Chumby One 2025-04-11 N/A
The web interface in chumby one before 1.0.4 and chumby classic before 1.7.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a request.