Total
5172 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6554 | 1 Aztech | 1 Adsl2\/2\+4-port Router | 2025-04-09 | 10.0 HIGH | N/A |
| cgi-bin/script in Aztech ADSL2/2+ 4-port router 3.7.0 build 070426 allows remote attackers to execute arbitrary commands via shell metacharacters in the query string. | |||||
| CVE-2008-7125 | 1 Ariadne-cms | 1 Ariadne Cms | 2025-04-09 | 9.0 HIGH | N/A |
| pphoto in Ariadne before 2.6 allows remote authenticated users with certain privileges to execute arbitrary shell commands via vectors related to PINP programs and the annotate command. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-3233 | 1 Cameron Morland | 1 Changetrack | 2025-04-09 | 7.2 HIGH | N/A |
| changetrack 4.3 allows local users to execute arbitrary commands via CRLF sequences and shell metacharacters in a filename in a directory that is checked by changetrack. | |||||
| CVE-2008-4304 | 1 Phpcollab | 1 Phpcollab | 2025-04-09 | 10.0 HIGH | N/A |
| general/login.php in phpCollab 2.5 rc3 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified input related to the SSL_CLIENT_CERT environment variable. NOTE: in some environments, SSL_CLIENT_CERT always has a base64-encoded string value, which may impose constraints on injection for typical shells. | |||||
| CVE-2007-4041 | 2 Microsoft, Mozilla | 4 Internet Explorer, Windows 2003 Server, Windows Xp and 1 more | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple argument injection vulnerabilities in Mozilla Firefox 2.0.0.5 and 3.0alpha allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670. | |||||
| CVE-2008-2575 | 2 Fedoraproject, Jcoppens | 2 Fedora, Cbrpager | 2025-04-09 | 6.8 MEDIUM | N/A |
| cbrPager before 0.9.17 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a (1) ZIP (aka .cbz) or (2) RAR (aka .cbr) archive filename. | |||||
| CVE-2009-0848 | 1 Opensuse | 1 Opensuse | 2025-04-09 | 4.4 MEDIUM | N/A |
| Untrusted search path vulnerability in GTK2 in OpenSUSE 11.0 and 11.1 allows local users to execute arbitrary code via a Trojan horse GTK module in an unspecified "relative search path." | |||||
| CVE-2008-6235 | 1 Vim | 1 Vim | 2025-04-09 | 9.3 HIGH | N/A |
| The Netrw plugin (netrw.vim) in Vim 7.0 and 7.1 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a filename used by the (1) "D" (delete) command or (2) b:netrw_curdir variable, as demonstrated using the netrw.v4 and netrw.v5 test cases. | |||||
| CVE-2008-4796 | 4 Debian, Nagios, Snoopy Project and 1 more | 4 Debian Linux, Nagios, Snoopy and 1 more | 2025-04-09 | 10.0 HIGH | N/A |
| The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote attackers to execute arbitrary commands via shell metacharacters in https URLs. | |||||
| CVE-2006-6427 | 1 Xerox | 1 Workcentre | 2025-04-09 | 7.5 HIGH | N/A |
| The Web User Interface in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows remote attackers to execute arbitrary commands via unspecified vectors involving "command injection" in (1) the TCP/IP hostname, (2) Scan-to-mailbox folder names, and (3) certain parameters in the Microsoft Networking configuration. NOTE: vector 1 might be the same as CVE-2006-5290. | |||||
| CVE-2008-6669 | 1 Dirk Bartley | 1 Nweb2fax | 2025-04-09 | 7.5 HIGH | N/A |
| viewrq.php in nweb2fax 0.2.7 and earlier allows remote attackers to execute arbitrary code via shell metacharacters in the var_filename parameter in a (1) tif or (2) pdf format action. | |||||
| CVE-2007-4673 | 1 Apple | 1 Quicktime | 2025-04-09 | 9.3 HIGH | N/A |
| Argument injection vulnerability in Apple QuickTime 7.2 for Windows XP SP2 and Vista allows remote attackers to execute arbitrary commands via a URL in the qtnext field in a crafted QTL file. NOTE: this issue may be related to CVE-2006-4965 or CVE-2007-5045. | |||||
| CVE-2007-4560 | 1 Clam Anti-virus | 1 Clamav | 2025-04-09 | 7.6 HIGH | N/A |
| clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the "recipient field of sendmail." | |||||
| CVE-2008-1115 | 1 Sun | 1 Solaris | 2025-04-09 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in Sun Solaris 8 directory functions allows local users to cause a denial of service (panic) via an unspecified sequence of system calls or commands. | |||||
| CVE-2009-0854 | 1 Dash | 1 Dash | 2025-04-09 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in dash 0.5.4, when used as a login shell, allows local users to execute arbitrary code via a Trojan horse .profile file in the current working directory. | |||||
| CVE-2008-2475 | 1 Ebay | 1 Enhanced Picture Uploader Activex Control | 2025-04-09 | 9.3 HIGH | N/A |
| eBay Enhanced Picture Uploader ActiveX control (EPUWALcontrol.dll) before 1.0.27 allows remote attackers to execute arbitrary commands via the PictureUrls property. | |||||
| CVE-2009-4498 | 1 Zabbix | 1 Zabbix | 2025-04-09 | 6.8 MEDIUM | N/A |
| The node_process_command function in Zabbix Server before 1.8 allows remote attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2008-4636 | 3 Novell, Opensuse, Suse | 7 Linux Desktop, Open Enterprise Server, Opensuse and 4 more | 2025-04-09 | 7.2 HIGH | N/A |
| yast2-backup 2.14.2 through 2.16.6 on SUSE Linux and Novell Linux allows local users to gain privileges via shell metacharacters in filenames used by the backup process. | |||||
| CVE-2009-2288 | 1 Nagios | 1 Nagios | 2025-04-09 | 7.5 HIGH | N/A |
| statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) ping or (2) Traceroute parameters. | |||||
| CVE-2007-4891 | 1 Microsoft | 1 Visual Studio | 2025-04-09 | 6.8 MEDIUM | N/A |
| A certain ActiveX control in PDWizard.ocx 6.0.0.9782 and earlier in Microsoft Visual Studio 6.0 exposes dangerous (1) StartProcess, (2) SyncShell, (3) SaveAs, (4) CABDefaultURL, (5) CABFileName, and (6) CABRunFile methods, which allows remote attackers to execute arbitrary programs and have other impacts, as demonstrated using absolute pathnames in arguments to StartProcess and SyncShell. | |||||