Total
2410 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-10762 | 1 Automattic | 1 Camptix Event Ticketing | 2024-11-21 | N/A |
| The CampTix Event Ticketing plugin before 1.5 for WordPress allows CSV injection when the export tool is used. | ||||
| CVE-2016-10760 | 1 Seowonintech | 8 Swr-300a, Swr-300a Firmware, Swr-300b and 5 more | 2024-11-21 | N/A |
| On Seowon Intech routers, there is a Command Injection vulnerability in diagnostic.cgi via shell metacharacters in the ping_ipaddr parameter. | ||||
| CVE-2016-10729 | 3 Debian, Redhat, Zmanda | 3 Debian Linux, Enterprise Linux, Amanda | 2024-11-21 | N/A |
| An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. The "runtar" setuid root binary does not check for additional arguments supplied after --create, allowing users to manipulate commands and perform command injection as root. | ||||
| CVE-2016-10541 | 1 Shell-quote Project | 1 Shell-quote | 2024-11-21 | 9.8 Critical |
| The npm module "shell-quote" 1.6.0 and earlier cannot correctly escape ">" and "<" operator used for redirection in shell. Applications that depend on shell-quote may also be vulnerable. A malicious user could perform code injection. | ||||
| CVE-2016-1000282 | 1 Haraka Project | 1 Haraka | 2024-11-21 | N/A |
| Haraka version 2.8.8 and earlier comes with a plugin for processing attachments for zip files. Versions 2.8.8 and earlier can be vulnerable to command injection. | ||||
| CVE-2016-0324 | 1 Ibm | 1 Security Identity Manager Virtual Appliance | 2024-11-21 | N/A |
| IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote authenticated users to execute arbitrary code with administrator privileges via unspecified vectors. IBM X-Force ID: 111640. | ||||
| CVE-2015-20107 | 4 Fedoraproject, Netapp, Python and 1 more | 7 Fedora, Active Iq Unified Manager, Ontap Select Deploy Administration Utility and 4 more | 2024-11-21 | 7.6 High |
| In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9 | ||||
| CVE-2015-1877 | 2 Debian, Freedesktop | 2 Debian Linux, Xdg-utils | 2024-11-21 | 8.8 High |
| The open_generic_xdg_mime function in xdg-open in xdg-utils 1.1.0 rc1 in Debian, when using dash, does not properly handle local variables, which allows remote attackers to execute arbitrary commands via a crafted file. | ||||
| CVE-2015-10096 | 1 Irc Twitter Announcer Bot Project | 1 Irc Twitter Announcer Bot | 2024-11-21 | 5 Medium |
| A vulnerability, which was classified as critical, was found in Zarthus IRC Twitter Announcer Bot up to 1.1.0. This affects the function get_tweets of the file lib/twitterbot/plugins/twitter_announcer.rb. The manipulation of the argument tweet leads to command injection. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 1.1.1 is able to address this issue. The patch is named 6b1941b7fc2c70e1f40981b43c84a2c20cc12bd3. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-223383. | ||||
| CVE-2014-8888 | 1 Dlink | 2 Dir-815, Dir-815 Firmware | 2024-11-21 | N/A |
| The remote administration interface in D-Link DIR-815 devices with firmware before 2.03.B02 allows remote attackers to execute arbitrary commands via vectors related to an "HTTP command injection issue." | ||||
| CVE-2014-6633 | 1 Tryton | 1 Tryton | 2024-11-21 | N/A |
| The safe_eval function in trytond in Tryton before 2.4.15, 2.6.x before 2.6.14, 2.8.x before 2.8.11, 3.0.x before 3.0.7, and 3.2.x before 3.2.3 allows remote authenticated users to execute arbitrary commands via shell metacharacters in (1) the collection.domain in the webdav module or (2) the formula field in the price_list module. | ||||
| CVE-2014-6120 | 1 Ibm | 2 Rational Appscan Source, Security Appscan Source | 2024-11-21 | N/A |
| IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through 8.5.0.1 and Security AppScan Source 8.6 through 8.6.0.2, 8.7 through 8.7.0.1, 8.8, 9.0 through 9.0.0.1, and 9.0.1 allow remote attackers to execute arbitrary commands on the installation server via unspecified vectors. IBM X-Force ID: 96721. | ||||
| CVE-2014-5470 | 2024-11-21 | 9.8 Critical | ||
| Actual Analyzer through 2014-08-29 allows code execution via shell metacharacters because untrusted input is used for part of the input data passed to an eval operation. | ||||
| CVE-2014-5220 | 2 Mdadm Project, Opensuse | 2 Mdadm, Opensuse | 2024-11-21 | N/A |
| The mdcheck script of the mdadm package for openSUSE 13.2 prior to version 3.3.1-5.14.1 does not properly sanitize device names, which allows local attackers to execute arbitrary commands as root. | ||||
| CVE-2014-5014 | 1 Tinywebgallery | 1 Wordpress Flash Uploader | 2024-11-21 | N/A |
| The WordPress Flash Uploader plugin before 3.1.3 for WordPress allows remote attackers to execute arbitrary commands via vectors related to invalid characters in image_magic_path. | ||||
| CVE-2014-4982 | 1 Xorux | 1 Lpar2rrd | 2024-11-21 | 9.8 Critical |
| LPAR2RRD ≤ 4.53 and ≤ 3.5 has arbitrary command injection on the application server. | ||||
| CVE-2014-3114 | 1 Ezpz-one-click-backup Project | 1 Ezpz-one-click-backup | 2024-11-21 | N/A |
| The EZPZ One Click Backup (ezpz-one-click-backup) plugin 12.03.10 and earlier for WordPress allows remote attackers to execute arbitrary commands via the cmd parameter to functions/ezpz-archive-cmd.php. | ||||
| CVE-2014-1834 | 1 Echor Project | 1 Echor | 2024-11-21 | N/A |
| The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to inject arbitrary code by adding a semi-colon in their username or password. | ||||
| CVE-2014-10075 | 1 Karo Project | 1 Karo | 2024-11-21 | N/A |
| The karo gem 2.3.8 for Ruby allows Remote command injection via the host field. | ||||
| CVE-2013-7471 | 1 Dlink | 10 Dir-300, Dir-300 Firmware, Dir-600 and 7 more | 2024-11-21 | 9.8 Critical |
| An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request. | ||||