CVE-2012-3074

An unspecified API on Cisco TelePresence Immersive Endpoint Devices before 1.9.1 allows remote attackers to execute arbitrary commands by leveraging certain adjacency and sending a malformed request on TCP port 61460, aka Bug ID CSCtz38382...

CVE-2018-20767

An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is authenticated remote command execution...

CVE-2017-14118

In the EyesOfNetwork web interface aka eonweb 5.1-0, module\toolall\tools\interface.php does not properly restrict exec calls, which allows remote attackers to execute arbitrary commands via shell metacharacters in the hostlist parameter to module/toolall/selecttool.php...

CVE-2011-2657

Directory traversal vulnerability in the LaunchProcess function in the LaunchHelp.HelpLauncher.1 ActiveX control in LaunchHelp.dll in AdminStudio in Novell ZENworks Configuration Management ZCM 10.2, 10.3, and 11 SP1 allows remote attackers to execute arbitrary commands via a pathname in the firs...

CVE-2012-2516

An ActiveX control in KeyHelp.ocx in KeyWorks KeyHelp Module aka the HTML Help component, as used in GE Intelligent Platforms Proficy Historian 3.1, 3.5, 4.0, and 4.5; Proficy HMI/SCADA iFIX 5.0 and 5.1; Proficy Pulse 1.0; Proficy Batch Execution 5.6; SI7 I/O Driver 7.20 through 7.42; and other...

CVE-2017-17888

cgi-bin/write.cgi in Anti-Web through 3.8.7, as used on NetBiter / HMS, Ouman EH-net, Alliance System WS100 -- AWU 500, Sauter ERW100F001, Carlo Gavazzi SIU-DLG, AEDILIS SMART-1, SYXTHSENSE WebBiter, ABB SREA, and ASCON DY WebServer devices, allows remote authenticated users to execute arbitrary ...

CVE-2010-5317

Multiple SQL injection vulnerabilities in index.php in SweetRice CMS before 0.6.7.1 allow remote attackers to execute arbitrary SQL commands via 1 the filename parameter in an attachment action, 2 the post parameter in a showcomment action, 3 the sys-name parameter in an rssfeed action, or 4 the...

CVE-2013-4983

The getreferers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to end-user/index.php...

CVE-2017-16641

lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the pathrrdtool parameter in an action=save request to settings.php...

CVE-2011-5308

Multiple SQL injection vulnerabilities in cdnvote-post.php in the cdnvote plugin before 0.4.2 for WordPress allow remote attackers to execute arbitrary SQL commands via the 1 cdnvotepostid or 2 cdnvotepoint parameter...

CVE-2017-16674

Datto Windows Agent allows unauthenticated remote command execution via a modified command in conjunction with CVE-2017-16673 exploitation, aka an attack with a malformed primary whitelisted command and a secondary non-whitelisted command. This affects Datto Windows Agent DWA 1.0.5.0 and earlier...

CVE-2010-5059

SQL injection vulnerability in index.php in CMScout 2.0.8 allows remote attackers to execute arbitrary SQL commands via the album parameter in a photos action...

CVE-2013-3508

html/System-Files.php in the System File Overview feature in the NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to execute arbitrary commands via vectors involving file editing...

CVE-2010-4997

SQL injection vulnerability in index.php in OlyKit Swoopo Clone 2010 allows remote attackers to execute arbitrary SQL commands via the id parameter in a product action...

CVE-2010-4986

SQL injection vulnerability in detail.php in Simple Document Management System SDMS allows remote attackers to execute arbitrary SQL commands via the docid parameter...

CVE-2012-5345

Buffer overflow in the Remote command server Rcmd.bat in IpTools aka Tiny TCP/IP server 0.1.4 allows remote attackers to cause a denial of service crash via a long string to TCP port 23...

CVE-2010-4898

SQL injection vulnerability in the Gantry comgantry component 3.0.10 for Joomla! allows remote attackers to execute arbitrary SQL commands via the moduleid parameter to index.php...

CVE-2013-7380

The Etherpad Lite epimageconvert Plugin has a Remote Command Injection Vulnerability...

CVE-2015-2201

Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows VisualRF remote OS command execution and file disclosure by administrative users...

CVE-2010-4720

SQL injection vulnerability in the JExtensions JE Auto comjeauto component before 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to the view item page...