Total
2590 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2015-4930 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2025-04-12 | N/A |
IBM QRadar SIEM 7.1 MR2 before Patch 11 IF02 and 7.2.x before 7.2.5 Patch 4 allows remote authenticated users to execute arbitrary commands with root privileges by leveraging admin access. | ||||
CVE-2015-3678 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
AppleThunderboltEDMService in Apple OS X before 10.10.4 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified Thunderbolt commands. | ||||
CVE-2015-7545 | 4 Canonical, Git Project, Opensuse and 1 more | 6 Ubuntu Linux, Git, Opensuse and 3 more | 2025-04-12 | N/A |
The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in a (a) .gitmodules file or (b) unknown other sources in a submodule. | ||||
CVE-2015-7541 | 1 Colorscore Project | 1 Colorscore | 2025-04-12 | N/A |
The initialize method in the Histogram class in lib/colorscore/histogram.rb in the colorscore gem before 0.0.5 for Ruby allows context-dependent attackers to execute arbitrary code via shell metacharacters in the (1) image_path, (2) colors, or (3) depth variable. | ||||
CVE-2015-8560 | 4 Canonical, Debian, Linuxfoundation and 1 more | 5 Ubuntu Linux, Debian Linux, Cups-filters and 2 more | 2025-04-12 | N/A |
Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; (semicolon) character in a print job, a different vulnerability than CVE-2015-8327. | ||||
CVE-2015-2746 | 1 Websense | 2 Triton, V-series Appliances | 2025-04-12 | N/A |
The network diagnostics tool (CommandLineServlet) in the Appliance Manager command line utility (CLU) in Websense TRITON 7.8.3 and V-Series appliances before 7.8.4 Hotfix 02 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the "second" parameter of a command, as demonstrated by the Destination parameter in the ping command. | ||||
CVE-2015-2208 | 1 Avinu | 1 Phpmoadmin | 2025-04-12 | N/A |
The saveObject function in moadmin.php in phpMoAdmin 1.1.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the object parameter. | ||||
CVE-2015-1986 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2025-04-12 | N/A |
The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2015-1938. | ||||
CVE-2016-10045 | 3 Joomla, Phpmailer Project, Wordpress | 3 Joomla\!, Phpmailer, Wordpress | 2025-04-12 | 9.8 Critical |
The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-10033. | ||||
CVE-2015-1938 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2025-04-12 | N/A |
The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2015-1986. | ||||
CVE-2016-2397 | 1 Sonicwall | 4 Analyzer, Global Management System, Uma Em5000 and 1 more | 2025-04-12 | N/A |
The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted XML data. | ||||
CVE-2015-1949 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2025-04-12 | N/A |
The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to execute arbitrary commands with SYSTEM privileges via unspecified vectors. | ||||
CVE-2015-1815 | 3 Fedoraproject, Redhat, Selinux | 3 Fedora, Enterprise Linux, Setroubleshoot | 2025-04-12 | N/A |
The get_rpm_nvr_by_file_path_temporary function in util.py in setroubleshoot before 3.2.22 allows remote attackers to execute arbitrary commands via shell metacharacters in a file name. | ||||
CVE-2015-0934 | 1 Sharelatex | 1 Sharelatex | 2025-04-12 | N/A |
Common LaTeX Service Interface (CLSI) before 0.1.3, as used in ShareLaTeX before 0.1.3, allows remote authenticated users to execute arbitrary code via ` (backtick) characters in a filename. | ||||
CVE-2015-2846 | 1 Bittorrent | 1 Sync | 2025-04-12 | N/A |
BitTorrent Sync allows remote attackers to execute arbitrary commands via a crafted btsync: link. | ||||
CVE-2015-0857 | 2 Debian, Tardiff Project | 2 Debian Linux, Tardiff | 2025-04-12 | N/A |
Cool Projects TarDiff allows remote attackers to execute arbitrary commands via shell metacharacters in the name of a (1) tar file or (2) file within a tar file. | ||||
CVE-2015-0778 | 3 Fedoraproject, Opensuse, Suse | 3 Fedora, Opensuse, Opensuse Osc | 2025-04-12 | N/A |
osc before 0.151.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a _service file. | ||||
CVE-2016-3081 | 2 Apache, Oracle | 2 Struts, Siebel E-billing | 2025-04-12 | N/A |
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to chained expressions. | ||||
CVE-2014-4336 | 1 Linuxfoundation | 1 Cups-filters | 2025-04-12 | N/A |
The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the host name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707. | ||||
CVE-2014-1905 | 1 Videowhisper | 1 Videowhisper Live Streaming Integration | 2025-04-12 | N/A |
Unrestricted file upload vulnerability in ls/vw_snapshots.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a double extension, and then accessing the file via a direct request to a wp-content/plugins/videowhisper-live-streaming-integration/ls/snapshots/ pathname, as demonstrated by a .php.jpg filename. |