Total
4291 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-3431 | 1 Pydio | 1 Pydio | 2024-11-21 | N/A |
| Pydio (formerly AjaXplorer) before 6.0.7 allows remote attackers to execute arbitrary commands via unspecified vectors, aka "Pydio OS Command Injection Vulnerabilities." | ||||
| CVE-2015-2980 | 1 Yodobashi | 1 Yodobashi | 2024-11-21 | N/A |
| The Yodobashi application 1.2.1.0 and earlier for Android allows remote attackers to execute arbitrary Java methods, and consequently obtain sensitive information or execute OS commands, via a crafted HTML document. | ||||
| CVE-2015-2979 | 1 Webservice-dic | 1 Yoyaku | 2024-11-21 | N/A |
| Webservice-DIC yoyaku_v41 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | ||||
| CVE-2015-2955 | 1 Igreks | 3 Milkystep Light, Milkystep Professional, Milkystep Professional Oem | 2024-11-21 | N/A |
| Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. | ||||
| CVE-2015-2845 | 1 Goautodial | 1 Goadmin Ce | 2024-11-21 | N/A |
| The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1421902800 allows remote attackers to execute arbitrary commands via the $type portion of the PATH_INFO. | ||||
| CVE-2015-2844 | 1 Goautodial | 1 Goadmin Ce | 2024-11-21 | N/A |
| The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1420434000 allows remote attackers to execute arbitrary commands via the $action portion of the PATH_INFO. | ||||
| CVE-2015-2280 | 1 Airlink101 | 2 Skyipcam1620w Wireless N Mpeg4 3gpp, Skyipcam1620w Wireless N Mpeg4 3gpp Firmware | 2024-11-21 | N/A |
| snwrite.cgi in AirLink101 SkyIPCam1620W Wireless N MPEG4 3GPP network camera with firmware FW_AIC1620W_1.1.0-12_20120709_r1192.pck allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the mac parameter. | ||||
| CVE-2015-2279 | 1 Airlive | 6 Bu-2015, Bu-2015 Firmware, Bu-3026 and 3 more | 2024-11-21 | N/A |
| cgi_test.cgi in AirLive BU-2015 with firmware 1.03.18, BU-3026 with firmware 1.43, and MD-3025 with firmware 1.81 allows remote attackers to execute arbitrary OS commands via shell metacharacters after an "&" (ampersand) in the write_mac write_pid, write_msn, write_tan, or write_hdv parameter. | ||||
| CVE-2015-2265 | 2 Canonical, Linuxfoundation | 2 Ubuntu Linux, Cups-filters | 2024-11-21 | N/A |
| The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707. | ||||
| CVE-2015-2201 | 2 Arubanetworks, Hp | 2 Airwave, Airwave | 2024-11-21 | 7.2 High |
| Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows VisualRF remote OS command execution and file disclosure by administrative users. | ||||
| CVE-2015-1388 | 1 Arubanetworks | 1 Arubaos | 2024-11-21 | N/A |
| The "RAP console" feature in ArubaOS 5.x through 6.2.x, 6.3.x before 6.3.1.15, and 6.4.x before 6.4.2.4 on Aruba access points in Remote Access Point (AP) mode allows remote attackers to execute arbitrary commands via unspecified vectors. | ||||
| CVE-2015-0977 | 1 Network Vision | 1 Intravue | 2024-11-21 | N/A |
| Network Vision IntraVue before 2.3.0a14 on Windows allows remote attackers to execute arbitrary OS commands via unspecified vectors. | ||||
| CVE-2015-0691 | 1 Cisco | 1 Secure Desktop | 2024-11-21 | N/A |
| A certain Cisco JAR file, as distributed in Cache Cleaner in Cisco Secure Desktop (CSD), allows remote attackers to execute arbitrary commands via a crafted web site, aka Bug ID CSCup83001. | ||||
| CVE-2015-0525 | 1 Emc | 1 Secure Remote Services | 2024-11-21 | N/A |
| The Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | ||||
| CVE-2014-9938 | 2 Git-scm, Redhat | 2 Git, Enterprise Linux | 2024-11-21 | 8.8 High |
| contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution. | ||||
| CVE-2014-9727 | 1 Avm | 1 Fritz\!box | 2024-11-21 | N/A |
| AVM Fritz!Box allows remote attackers to execute arbitrary commands via shell metacharacters in the var:lang parameter to cgi-bin/webcm. | ||||
| CVE-2014-9284 | 1 Buffalotech | 14 Bhr-4grv2, Bhr-4grv2 Firmware, Wex-300 and 11 more | 2024-11-21 | N/A |
| The Buffalo WHR-1166DHP 1.60 and earlier, WSR-600DHP 1.60 and earlier, WHR-600D 1.60 and earlier, WHR-300HP2 1.60 and earlier, WMR-300 1.60 and earlier, WEX-300 1.60 and earlier, and BHR-4GRV2 1.04 and earlier routers allow remote authenticated users to execute arbitrary OS commands via unspecified vectors. | ||||
| CVE-2014-8945 | 1 Piwigo | 1 Lexiglot | 2024-11-21 | 9.8 Critical |
| admin.php?page=projects in Lexiglot through 2014-11-20 allows command injection via username and password fields. | ||||
| CVE-2014-8651 | 1 Kde | 2 Kde-workspace, Plasma-desktop | 2024-11-21 | N/A |
| The KDE Clock KCM policykit helper in kde-workspace before 4.11.14 and plasma-desktop before 5.1.1 allows local users to gain privileges via a crafted ntpUtility (ntp utility name) argument. | ||||
| CVE-2014-8563 | 1 Synacor | 1 Zimbra Collaboration Server | 2024-11-21 | 9.8 Critical |
| Synacor Zimbra Collaboration before 8.0.9 allows plaintext command injection during STARTTLS. | ||||