CVE-2010-5189

Blue Coat ProxySG before SGOS 4.3.4.1, 5.x before SGOS 5.4.5.1, 5.5 before SGOS 5.5.4.1, and 6.x before SGOS 6.1.1.1 allows remote authenticated users to execute arbitrary CLI commands by leveraging read-only administrator privileges and establishing an HTTPS session...

CVE-2012-4108

The fabric-interconnect component in Cisco Unified Computing System UCS allows local users to gain privileges and execute arbitrary operating-system commands via crafted parameters to a file-related command, aka Bug ID CSCtq86554...

CVE-2025-44880

A command injection vulnerability in the component /cgi-bin/adm.cgi of Wavlink WL-WN579A3 v1.0 allows attackers to execute arbitrary commands via a crafted input...

CVE-2006-2217

SQL injection vulnerability in index.php in Invision Power Board allows remote attackers to execute arbitrary SQL commands via the pid parameter in a reputation action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2009-4162

Unspecified vulnerability in the DB Integration wfqbe extension 1.3.1 and earlier for TYPO3 allows local users to execute arbitrary commands via unspecified vectors...

CVE-2009-2776

SQL injection vulnerability in showresult.asp in Smart ASP Survey allows remote attackers to execute arbitrary SQL commands via the catid parameter...

CVE-2002-2047

The file preview functionality in Sketch 0.6.12 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of an encapsulated Postscript EPS file...

CVE-2002-2040

The 1 phrafx and 2 phgrafx-startup programs in QNX realtime operating system RTOS 4.25 and 6.1.0 do not properly drop privileges before executing the system command, which allows local users to execute arbitrary commands by modifying the PATH environment variable to reference a malicious crttrap...

CVE-2009-0622

Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A21.2 and Cisco ACE 4710 Application Control Engine Appliance before A18a allows remote authenticated users to execute arbitrary operating-system commands through a command...

CVE-1999-0255

Buffer overflow in ircd allows arbitrary command execution...

CVE-1999-0146

The campas CGI program provided with some NCSA web servers allows an attacker to execute arbitrary commands via encoded carriage return characters in the query string, as demonstrated by reading the password file...

CVE-1999-0766

The Microsoft Java Virtual Machine allows a malicious Java applet to execute arbitrary commands outside of the sandbox environment...

CVE-1999-0551

HP OpenMail can be misconfigured to allow users to run arbitrary commands using malicious print requests...

CVE-2025-4008

The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C. This web interface exposes an endpoint that is vulnerable to command injection. Remote...

CVE-2025-27804

Several OS command injection vulnerabilities exist in the device firmware in the /var/salia/mqtt.php script. By publishing a specially crafted message to a certain MQTT topic arbitrary OS commands can be executed with root permissions...

CVE-2025-48415

CVE-2025-48415 affects the eCharge Hardy Barth cPH2 and cPP2 charging stations. A USB backdoor feature can be triggered by attaching a USB drive containing specially crafted salia.ini files. The INI can specify multiple commands that attackers could use to export or modify device configuration, e...

The vulnerability of the software for managing VMware vCenter Server’s virtual infrastructure lies in the lack of measures taken to neutralize special elements used in the operating system commands, allowing attackers to execute arbitrary commands.

The vulnerability of the software for managing VMware vCenter Server lies in the lack of measures taken to neutralize the special elements used in the operating system’s command set. Exploiting this vulnerability can allow an attacker to execute arbitrary commands...

PT-2025-22344

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. Description A USB backdoor feature can be triggered by attaching a USB drive containing specially crafted salia.ini files. These files can contain commands that an attacker could exploit to export or modi...

TOTOLINK A3002R Command Injection Vulnerability

TOTOLINK A3002R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A3002R suffers from a command injection vulnerability that stems from the FUN00459fdc function failing to properly filter constructed command special characters, commands, etc. The vulnerability can be...

VMware vCenter Server 安全漏洞

VMware vCenter Server is a suite of server and virtualization management software from VMware. The software provides a centralized platform for managing VMware vSphere environments, automating the implementation and delivery of virtual infrastructures. A security vulnerability exists in VMware...