Total
3396 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-9277 | 1 Mediawiki | 1 Mediawiki | 2025-04-12 | N/A |
| The wfMangleFlashPolicy function in OutputHandler.php in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7 allows remote attackers to conduct PHP object injection attacks via a crafted string containing <cross-domain-policy> in a PHP format request, which causes the string length to change when converting the request to <NOT-cross-domain-policy>. | ||||
| CVE-2016-10107 | 1 Western Digital | 1 Mycloud Nas | 2025-04-12 | N/A |
| Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 index.php page via a modified Cookie header. | ||||
| CVE-2015-3408 | 2 Canonical, Module-signature Project | 2 Ubuntu Linux, Module-signature | 2025-04-12 | N/A |
| Module::Signature before 0.74 allows remote attackers to execute arbitrary shell commands via a crafted SIGNATURE file which is not properly handled when generating checksums from a signed manifest. | ||||
| CVE-2016-0861 | 1 Ge | 1 Ups Snmp Web Adapter Firmware | 2025-04-12 | N/A |
| General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to execute arbitrary commands via unspecified vectors. | ||||
| CVE-2016-9835 | 1 Zikula | 1 Zikula Application Framework | 2025-04-12 | N/A |
| Directory traversal vulnerability in file "jcss.php" in Zikula 1.3.x before 1.3.11 and 1.4.x before 1.4.4 on Windows allows a remote attacker to launch a PHP object injection by uploading a serialized file. | ||||
| CVE-2016-5640 | 1 Crestron | 2 Airmedia Am-100, Airmedia Am-100 Firmware | 2025-04-12 | N/A |
| Directory traversal vulnerability in cgi-bin/rftest.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to execute arbitrary commands via a .. (dot dot) in the ATE_COMMAND parameter. | ||||
| CVE-2015-6613 | 1 Google | 1 Android | 2025-04-12 | N/A |
| Bluetooth in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to send commands to a debugging port, and consequently gain privileges, via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24371736. | ||||
| CVE-2016-7399 | 1 Veritas | 2 Netbackup Appliance, Netbackup Appliance Firmware | 2025-04-12 | N/A |
| scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, 2.7.x through 2.7.3, and 3.0.x allow remote attackers to execute arbitrary commands via shell metacharacters in the hostName parameter to appliancews/getLicense. | ||||
| CVE-2015-8560 | 4 Canonical, Debian, Linuxfoundation and 1 more | 5 Ubuntu Linux, Debian Linux, Cups-filters and 2 more | 2025-04-12 | N/A |
| Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; (semicolon) character in a print job, a different vulnerability than CVE-2015-8327. | ||||
| CVE-2015-8327 | 4 Canonical, Debian, Linuxfoundation and 1 more | 10 Ubuntu Linux, Debian Linux, Cups-filters and 7 more | 2025-04-12 | N/A |
| Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job. | ||||
| CVE-2016-10108 | 1 Western Digital | 1 Mycloud Nas | 2025-04-12 | N/A |
| Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/google_analytics.php URL via a modified arg parameter in the POST data. | ||||
| CVE-2016-6656 | 1 Pivotal Software | 1 Greenplum | 2025-04-12 | N/A |
| An issue was discovered in Pivotal Greenplum before 4.3.10.0. Creation of external tables using GPHDFS protocol has a vulnerability whereby arbitrary commands can be injected into the system. In order to exploit this vulnerability the user must have superuser 'gpadmin' access to the system or have been granted GPHDFS protocol permissions in order to create a GPHDFS external table. | ||||
| CVE-2016-4822 | 1 Corega | 2 Cg-wlbargl, Cg-wlbargl Firmware | 2025-04-12 | 8.0 High |
| Corega CG-WLBARGL devices allow remote authenticated users to execute arbitrary commands via unspecified vectors. | ||||
| CVE-2016-2875 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2025-04-12 | N/A |
| IBM Security QRadar SIEM 7.1.x and 7.2.x before 7.2.7 allows remote authenticated users to execute arbitrary OS commands as root via unspecified vectors. | ||||
| CVE-2016-2396 | 1 Sonicwall | 4 Analyzer, Global Management System, Uma Em5000 and 1 more | 2025-04-12 | N/A |
| The GMS ViewPoint (GMSVP) web application in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote authenticated users to execute arbitrary commands via vectors related to configuration input. | ||||
| CVE-2016-2332 | 1 Systech | 2 Syslink Sl-1000 Modular Gateway, Syslink Sl-1000 Modular Gateway Firmware | 2025-04-12 | N/A |
| flu.cgi in the web interface on SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 allows remote authenticated users to execute arbitrary commands via the 5066 (aka dnsmasq) parameter. | ||||
| CVE-2016-2397 | 1 Sonicwall | 4 Analyzer, Global Management System, Uma Em5000 and 1 more | 2025-04-12 | N/A |
| The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted XML data. | ||||
| CVE-2016-2056 | 2 Debian, Xymon | 2 Debian Linux, Xymon | 2025-04-12 | N/A |
| xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the adduser_name argument in (1) web/useradm.c or (2) web/chpasswd.c. | ||||
| CVE-2015-2746 | 1 Websense | 2 Triton, V-series Appliances | 2025-04-12 | N/A |
| The network diagnostics tool (CommandLineServlet) in the Appliance Manager command line utility (CLU) in Websense TRITON 7.8.3 and V-Series appliances before 7.8.4 Hotfix 02 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the "second" parameter of a command, as demonstrated by the Destination parameter in the ping command. | ||||
| CVE-2016-1388 | 1 Cisco | 3 Network Analysis Module, Prime Network Analysis Module Software, Prime Virtual Network Analysis Module Software | 2025-04-12 | N/A |
| Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) allow remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuy21882. | ||||