Total
3837 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-17888 | 1 Hoytech | 1 Antiweb | 2018-01-17 | 9.0 HIGH | 8.8 HIGH |
| cgi-bin/write.cgi in Anti-Web through 3.8.7, as used on NetBiter / HMS, Ouman EH-net, Alliance System WS100 --> AWU 500, Sauter ERW100F001, Carlo Gavazzi SIU-DLG, AEDILIS SMART-1, SYXTHSENSE WebBiter, ABB SREA, and ASCON DY WebServer devices, allows remote authenticated users to execute arbitrary OS commands via crafted multipart/form-data content, a different vulnerability than CVE-2017-9097. | |||||
| CVE-2012-1795 | 1 Webglimpse | 1 Webglimpse | 2018-01-12 | 7.5 HIGH | N/A |
| webglimpse.cgi in Webglimpse before 2.20.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the query parameter, as exploited in the wild in March 2012. | |||||
| CVE-2016-0634 | 1 Gnu | 1 Bash | 2018-01-05 | 6.0 MEDIUM | 7.5 HIGH |
| The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine. | |||||
| CVE-2014-3121 | 1 Marc Lehmann | 1 Rxvt-unicode | 2017-12-29 | 7.6 HIGH | N/A |
| rxvt-unicode before 9.20 does not properly handle OSC escape sequences, which allows user-assisted remote attackers to manipulate arbitrary X window properties and execute arbitrary commands. | |||||
| CVE-2017-10904 | 1 Qt | 1 Qt | 2017-12-28 | 7.5 HIGH | 9.8 CRITICAL |
| Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2012-2953 | 1 Symantec | 1 Web Gateway | 2017-12-22 | 10.0 HIGH | N/A |
| The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary commands via crafted input to application scripts. | |||||
| CVE-2012-2976 | 1 Symantec | 1 Web Gateway | 2017-12-22 | 10.0 HIGH | N/A |
| The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary shell commands via crafted input to application scripts, related to an "injection" issue. | |||||
| CVE-2017-17055 | 1 Articatech | 1 Artica Proxy | 2017-12-21 | 8.5 HIGH | 9.0 CRITICAL |
| Artica Web Proxy before 3.06.112911 allows remote attackers to execute arbitrary code as root by conducting a cross-site scripting (XSS) attack involving the username-form-id parameter to freeradius.users.php. | |||||
| CVE-2016-1253 | 1 Debian | 2 Debian Linux, Most | 2017-12-20 | 10.0 HIGH | 9.8 CRITICAL |
| The most package in Debian wheezy before 5.0.0a-2.2, in Debian jessie before 5.0.0a-2.3+deb8u1, and in Debian unstable before 5.0.0a-3 allows remote attackers to execute arbitrary commands via shell metacharacters in the name of an LZMA-compressed file. | |||||
| CVE-2017-1000214 | 1 Gitphp Project | 1 Gitphp | 2017-12-19 | 10.0 HIGH | 9.8 CRITICAL |
| GitPHP by xiphux is vulnerable to OS Command Injections | |||||
| CVE-2017-10902 | 1 Princeton | 2 Ptw-wms1, Ptw-wms1 Firmware | 2017-12-12 | 10.0 HIGH | 9.8 CRITICAL |
| PTW-WMS1 firmware version 2.000.012 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2017-16934 | 1 Dbltek | 1 Web Server | 2017-12-11 | 10.0 HIGH | 9.8 CRITICAL |
| The web server on DBL DBLTek devices allows remote attackers to execute arbitrary OS commands by obtaining the admin password via a frame.html?content=/dev/mtdblock/5 request, and then using this password for the HTTP Basic Authentication needed for a change_password.csp request, which supports a "<%%25call system.exec:" string in the passwd parameter. | |||||
| CVE-2017-1000235 | 1 I-librarian | 1 I Librarian | 2017-11-29 | 10.0 HIGH | 9.8 CRITICAL |
| I, Librarian version <=4.6 & 4.7 is vulnerable to OS Command Injection in batchimport.php resulting the web server being fully compromised. | |||||
| CVE-2017-16641 | 1 Cacti | 1 Cacti | 2017-11-28 | 9.0 HIGH | 7.2 HIGH |
| lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php. | |||||
| CVE-2017-9736 | 1 Spip | 1 Spip | 2017-11-04 | 7.5 HIGH | 9.8 CRITICAL |
| SPIP 3.1.x before 3.1.6 and 3.2.x before Beta 3 does not remove shell metacharacters from the host field, allowing a remote attacker to cause remote code execution. | |||||
| CVE-2017-6223 | 1 Ruckus | 2 Zonedirector, Zonedirector Firmware | 2017-10-27 | 9.3 HIGH | 8.8 HIGH |
| Ruckus Wireless Zone Director Controller firmware releases ZD9.9.x, ZD9.10.x, ZD9.13.0.x less than 9.13.0.0.232 contain OS Command Injection vulnerabilities in the ping functionality that could allow local authenticated users to execute arbitrary privileged commands on the underlying operating system. | |||||
| CVE-2005-2368 | 1 Vim Development Group | 1 Vim | 2017-10-11 | 9.3 HIGH | N/A |
| vim 6.3 before 6.3.082, with modelines enabled, allows external user-assisted attackers to execute arbitrary commands via shell metacharacters in the (1) glob or (2) expand commands of a foldexpr expression for calculating fold levels. | |||||
| CVE-2009-1916 | 1 Gscripts | 1 Dns Tools | 2017-09-29 | 10.0 HIGH | N/A |
| dig.php in GScripts.net DNS Tools allows remote attackers to execute arbitrary commands via shell metacharacters in the ns parameter. | |||||
| CVE-2008-6235 | 1 Vim | 1 Vim | 2017-09-29 | 9.3 HIGH | N/A |
| The Netrw plugin (netrw.vim) in Vim 7.0 and 7.1 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a filename used by the (1) "D" (delete) command or (2) b:netrw_curdir variable, as demonstrated using the netrw.v4 and netrw.v5 test cases. | |||||
| CVE-2008-6669 | 1 Dirk Bartley | 1 Nweb2fax | 2017-09-29 | 7.5 HIGH | N/A |
| viewrq.php in nweb2fax 0.2.7 and earlier allows remote attackers to execute arbitrary code via shell metacharacters in the var_filename parameter in a (1) tif or (2) pdf format action. | |||||