Total
5430 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-7698 | 1 Owncloud | 2 Owncloud, Smb | 2025-04-12 | N/A |
| icewind1991 SMB before 1.0.3 allows remote authenticated users to execute arbitrary SMB commands via shell metacharacters in the user argument in the (1) listShares function in Server.php or the (2) connect or (3) read function in Share.php. | ||||
| CVE-2015-6298 | 1 Cisco | 1 Web Security Appliance | 2025-04-12 | N/A |
| The admin web interface in Cisco AsyncOS 8.x before 8.0.8-113, 8.1.x and 8.5.x before 8.5.3-051, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance (WSA) devices allows remote authenticated users to obtain root privileges via crafted certificate-generation arguments, aka Bug ID CSCus83445. | ||||
| CVE-2015-6435 | 1 Cisco | 2 Firepower Extensible Operating System, Unified Computing System | 2025-04-12 | N/A |
| An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS) Manager before 2.2(4b), 2.2(5) before 2.2(5a), and 3.0 before 3.0(2e) allows remote attackers to execute arbitrary shell commands via a crafted HTTP request, aka Bug ID CSCur90888. | ||||
| CVE-2015-6380 | 1 Cisco | 1 Firepower Extensible Operating System | 2025-04-12 | N/A |
| An unspecified script in the web interface in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote authenticated users to execute arbitrary OS commands via crafted parameters, aka Bug ID CSCux10622. | ||||
| CVE-2015-2980 | 1 Yodobashi | 1 Yodobashi | 2025-04-12 | N/A |
| The Yodobashi application 1.2.1.0 and earlier for Android allows remote attackers to execute arbitrary Java methods, and consequently obtain sensitive information or execute OS commands, via a crafted HTML document. | ||||
| CVE-2015-2979 | 1 Webservice-dic | 1 Yoyaku | 2025-04-12 | N/A |
| Webservice-DIC yoyaku_v41 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | ||||
| CVE-2015-5690 | 1 Symantec | 1 Web Gateway | 2025-04-12 | N/A |
| The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to bypass intended access restrictions and execute arbitrary commands by leveraging a "redirect." | ||||
| CVE-2014-9284 | 1 Buffalotech | 14 Bhr-4grv2, Bhr-4grv2 Firmware, Wex-300 and 11 more | 2025-04-12 | N/A |
| The Buffalo WHR-1166DHP 1.60 and earlier, WSR-600DHP 1.60 and earlier, WHR-600D 1.60 and earlier, WHR-300HP2 1.60 and earlier, WMR-300 1.60 and earlier, WEX-300 1.60 and earlier, and BHR-4GRV2 1.04 and earlier routers allow remote authenticated users to execute arbitrary OS commands via unspecified vectors. | ||||
| CVE-2015-4956 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2025-04-12 | N/A |
| The Web UI in IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 allows remote authenticated users to execute unspecified OS commands via unknown vectors. | ||||
| CVE-2015-4718 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | N/A |
| The external SMB storage driver in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 allows remote authenticated users to execute arbitrary SMB commands via a ; (semicolon) character in a file. | ||||
| CVE-2015-4279 | 1 Cisco | 1 Unified Computing System | 2025-04-12 | N/A |
| The Manager component in Cisco Unified Computing System (UCS) 2.2(3b) on B Blade Server devices allows local users to gain privileges for executing arbitrary CLI commands by leveraging access to the subordinate fabric interconnect, aka Bug ID CSCut32778. | ||||
| CVE-2014-2707 | 1 Linuxfoundation | 1 Cups-filters | 2025-04-12 | N/A |
| cups-browsed in cups-filters 1.0.41 before 1.0.51 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the (1) model or (2) PDL, related to "System V interface scripts generated for queues." | ||||
| CVE-2015-4244 | 1 Cisco | 1 Asr 5000 Series Software | 2025-04-12 | N/A |
| The boot implementation on Cisco ASR 5000 and 5500 devices with software 14.0 allows local users to execute arbitrary Linux commands by leveraging administrative privileges for storage of these commands in a Compact Flash (CF) file, aka Bug ID CSCuu75278. | ||||
| CVE-2015-4183 | 1 Cisco | 1 Unified Computing System | 2025-04-12 | N/A |
| Cisco UCS Central Software 1.2(1a) allows local users to gain privileges for OS command execution via a crafted CLI parameter, aka Bug ID CSCut32795. | ||||
| CVE-2015-2955 | 1 Igreks | 3 Milkystep Light, Milkystep Professional, Milkystep Professional Oem | 2025-04-12 | N/A |
| Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. | ||||
| CVE-2015-2844 | 1 Goautodial | 1 Goadmin Ce | 2025-04-12 | N/A |
| The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1420434000 allows remote attackers to execute arbitrary commands via the $action portion of the PATH_INFO. | ||||
| CVE-2014-3121 | 1 Marc Lehmann | 1 Rxvt-unicode | 2025-04-12 | N/A |
| rxvt-unicode before 9.20 does not properly handle OSC escape sequences, which allows user-assisted remote attackers to manipulate arbitrary X window properties and execute arbitrary commands. | ||||
| CVE-2014-9727 | 1 Avm | 1 Fritz\!box | 2025-04-12 | N/A |
| AVM Fritz!Box allows remote attackers to execute arbitrary commands via shell metacharacters in the var:lang parameter to cgi-bin/webcm. | ||||
| CVE-2015-4186 | 1 Cisco | 1 Virtualization Experience Client 6000 Series Firmware | 2025-04-12 | N/A |
| The diagnostics subsystem in the administrative web interface on Cisco Virtualization Experience (aka VXC) Client 6215 devices with firmware 11.2(27.4) allows local users to gain privileges for OS command execution via a crafted option value, aka Bug ID CSCug54412. | ||||
| CVE-2014-0007 | 2 Redhat, Theforeman | 4 Openstack, Satellite, Satellite Capsule and 1 more | 2025-04-12 | N/A |
| The Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter to tftp/fetch_boot_file. | ||||