CVE-2014-8661

The SAP CRM Internet Sales module allows remote attackers to execute arbitrary commands via unspecified vectors...

CVE-2017-14705

DenyAll WAF before 6.4.1 allows unauthenticated remote command execution via TCP port 3001 because shell metacharacters can be inserted into the type parameter to the tailDateFile function in /webservices/stream/tail.php. An iToken authentication parameter is required but can be obtained by...

CVE-2017-8051

Tenable Appliance 3.5 - 4.4.0, and possibly prior versions, contains a flaw in the simpleupload.py script in the Web UI. Through the manipulation of the tnsappliancesessionuser parameter, a remote attacker can inject arbitrary commands...

CVE-2013-7392

Gitlist allows remote attackers to execute arbitrary commands via shell metacharacters in a file name to Source/...

CVE-2013-2512

The ftpd gem 0.2.1 for Ruby allows remote attackers to execute arbitrary OS commands via shell metacharacters in a LIST or NLST command argument within FTP protocol traffic...

CVE-2012-5973

CA XCOM Data Transport r11.0 and r11.5 on UNIX and Linux allows remote attackers to execute arbitrary commands via a crafted request...

CVE-2013-4096

ServerAdmin/TestTelnetConnection.jsp in DS3 Authentication Server allows remote authenticated users to execute arbitrary commands via shell metacharacters in the HOSTNAME field...

CVE-2014-10075

The karo gem 2.3.8 for Ruby allows Remote command injection via the host field...

CVE-2014-5092

Status2k allows Remote Command Execution in admin/options/editpl.php...

CVE-2012-4981

Toshiba ConfigFree 8.0.38 has a CF7 File Remote Command Execution Vulnerability...

CVE-2010-2446

Rbot Reaction plugin allows command execution...

CVE-2019-17059

A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS before 10.6.6 MR-6 allows remote attackers to execute arbitrary commands via the Web Admin and SSL VPN consoles...

CVE-2013-5697

SQL injection vulnerability in modaccounting.c in the modaccounting module 0.5 and earlier for Apache allows remote attackers to execute arbitrary SQL commands via a Host header...

CVE-2013-1111

The Cisco ATA 187 Analog Telephone Adaptor with firmware 9.2.1.0 and 9.2.3.1 before ES build 4 does not properly implement access control, which allows remote attackers to execute operating-system commands via vectors involving a session on TCP port 7870, aka Bug ID CSCtz67038...

CVE-2017-14119

In the EyesOfNetwork web interface aka eonweb 5.1-0, module\toolall\tools\snmpwalk.php does not properly restrict popen calls, which allows remote attackers to execute arbitrary commands via shell metacharacters in a parameter...

CVE-2011-4047

The Dell KACE K2000 System Deployment Appliance allows remote attackers to execute arbitrary commands by leveraging database write access...

CVE-2014-2850

The network interface configuration page netinterface in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address parameter...

CVE-2012-4361

lhn/public/network/ping in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance allows remote authenticated users to execute arbitrary commands via shell metacharacters in the second parameter...

CVE-2012-6298

Unspecified vulnerability in CA IdentityMinder r12.0 through CR16, r12.5 before SP15, and r12.6 GA allows remote attackers to execute arbitrary commands or modify data via unknown vectors...

CVE-2013-4095

plain/actionsets.html in the SecureSphere Operations Manager SOM Management Server in Imperva SecureSphere 9.0.0.5 allows remote authenticated users to execute arbitrary commands via a task with a command.value field in conjunction with an arguments.value field...