Lucene search
+L

1885 matches found

vulnrichment
vulnrichment
added 2012/07/10 9:0 p.m.8 views

CVE-2012-0175

The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted name for a 1 file or 2 directory, aka "Command Injection Vulnerability."...

8.9AI score0.2621EPSS
Exploits0References3
nvd
nvd
added 2012/07/05 3:23 a.m.24 views

CVE-2012-2516

An ActiveX control in KeyHelp.ocx in KeyWorks KeyHelp Module aka the HTML Help component, as used in GE Intelligent Platforms Proficy Historian 3.1, 3.5, 4.0, and 4.5; Proficy HMI/SCADA iFIX 5.0 and 5.1; Proficy Pulse 1.0; Proficy Batch Execution 5.6; SI7 I/O Driver 7.20 through 7.42; and other...

9.3CVSS7.6AI score0.39711EPSS
Exploits9References2
cve
cve
added 2012/07/05 1:0 a.m.203 views

CVE-2012-2516

The CVE-2012-2516 issue is an ActiveX-based command-injection vulnerability in KeyHelp.ocx of GE Intelligent Platforms’ KeyWorks KeyHelp module, affecting Proficy Historian (3.1, 3.5, 4.0, 4.5), Proficy HMI/SCADA – iFIX (5.0, 5.1), Proficy Pulse 1.0, Proficy Batch Execution 5.6, and SI7 I/O Drive...

9.3CVSS7.7AI score0.39711EPSS
Exploits9References2Affected Software5
nessus
nessus
added 2012/07/05 12:0 a.m.47 views

Basilic diff.php Command Injection

Basilic, a bibliography server for research laboratories, has a command injection vulnerability. Input to the file parameter of diff.php is not properly sanitized. A remote, unauthenticated attacker could exploit this to execute arbitrary shell commands. %NASLMINLEVEL 70300 C Tenable Network...

7.5CVSS5.9AI score0.65321EPSS
Exploits3References2
paloalto
paloalto
added 2012/04/27 11:30 p.m.11 views

Command Injection Vulnerability

A vulnerability exists whereby an unauthenticated user can inject commands as root on the device. Ref 31091 This vulnerability can result in arbitrary command execution, and can result in total compromise of the device. This issue affects PAN-OS 4.0.4 and earlier; PAN-OS 3.1.9 and earlier. Work...

10CVSS7.8AI score0.04074EPSS
Exploits0References1
prion
prion
added 2012/03/22 10:17 a.m.16 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in saveRestore.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 604G.GS00100, also distributed as the Dell ML6000 tape library with firmware before A20-00 590G.GS00100, allows remote attackers to hijack the authentication of use...

6CVSS8.1AI score0.01062EPSS
Exploits0References7Affected Software7
cvelist
cvelist
added 2012/03/22 10:0 a.m.27 views

CVE-2012-1843

Cross-site request forgery CSRF vulnerability in saveRestore.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 604G.GS00100, also distributed as the Dell ML6000 tape library with firmware before A20-00 590G.GS00100, allows remote attackers to hijack the authentication of use...

7.6AI score0.01062EPSS
Exploits0References7
exploitdb
exploitdb
added 2011/08/19 12:0 a.m.33 views

Symantec System Center Alert Management System - 'hndlrsvc.exe' Arbitrary Command Execution (Metasploit)

$Id: amshndlrsvc.rb 13591 2011-08-19 18:35:29Z mc $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...

7.4AI score
Exploits0
openvas
openvas
added 2011/03/25 12:0 a.m.26 views

Kerio Products 'STARTTLS' Plaintext Command Injection Vulnerability

The host is running Kerio Mail Server/Connect and is prone to plaintext command injection vulnerability. OpenVAS Vulnerability Test $Id: secpodkerioproductsstarttlscmdinjvuln.nasl 7029 2017-08-31 11:51:40Z teissa $ Kerio Products 'STARTTLS' Plaintext Command Injection Vulnerability Authors: Soora...

6.8CVSS0.4AI score0.02471EPSS
Exploits0References2
osv
osv
added 2011/03/11 5:55 p.m.8 views

CVE-2011-0456

webscript.pl in Open Ticket Request System OTRS 2.3.4 and earlier allows remote attackers to execute arbitrary commands via unspecified vectors, related to a "command injection vulnerability."...

8.1AI score
Exploits0References4
cve
cve
added 2010/11/22 7:0 p.m.61 views

CVE-2010-3037

CVE-2010-3037 affects Cisco Unified Videoconferencing (UVC) products (5110/5115 Linux; 3545, 5230 VxWorks; 3527 PRI Gateway; 3522 BRI Gateway; 3515 MCU). The flaw is a remote command-injection in the web interface via the /goform/websXMLAdminRequestCgi.cgi, allowing an authenticated administrator...

8.5CVSS7.9AI score0.02934EPSS
Exploits0References5Affected Software4
openvas
openvas
added 2010/11/11 12:0 a.m.94 views

phpThumb < 1.7.9 Command Injection Vulnerability

phpThumb is prone to a command injection vulnerability. Copyright C 2010 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you c...

6.8CVSS7.1AI score0.01746EPSS
Exploits3References2
prion
prion
added 2010/10/19 8:0 p.m.23 views

Command injection

FTPServer.py in pyftpdlib before 0.2.0 allows remote attackers to cause a denial of service via a long command...

5CVSS6.9AI score0.01447EPSS
Exploits0References4Affected Software1
openvas
openvas
added 2010/01/13 12:0 a.m.34 views

Cherokee Terminal Escape Sequence in Logs Command Injection Vulnerability

Cherokee is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in logfiles. Attackers can exploit this issue to execute arbitrary commands in a terminal. Cherokee 0.99.30 and prior are vulnerable. OpenVAS Vulnerability Test $Id: cherokee37715.na...

5CVSS0.3AI score0.0962EPSS
Exploits2References3
jvn
jvn
added 2009/07/31 12:0 a.m.19 views

JVN#80436657 Webservice-DIC yoyaku_v41 vulnerable to command injection

yoyakuv41 from Webservice-DIC is a software to manage conference room reservations. yoyakuv41 contains a command injection vulnerability. Impact An arbitrary command could be executed with the privilege of the server where yoyakuv41 runs. Solution Update the Software Update to the latest version...

7.6AI score
Exploits0
cve
cve
added 2009/05/16 6:0 p.m.59 views

CVE-2009-1656

The CVE-2009-1656 entry pertains to Xerox WorkCentre/WorkCentre Pro devices: models 232, 238, 245, 255, 265, 275 and 5632, 5638, 5645, 5655, 5665, 5675, 5687, 7655, 7656, 7675. Documented issue: a remote command-injection vulnerability in the device web server that allows arbitrary commands to be...

10CVSS8.2AI score0.03589EPSS
Exploits0References7Affected Software1
cvelist
cvelist
added 2009/05/16 6:0 p.m.19 views

CVE-2009-1656

Xerox WorkCentre and WorkCentre Pro 232, 238, 245, 255, 265, 275; and WorkCentre 5632, 5638, 5645, 5655, 5665, 5675, 5687, 7655, 7656, and 7675 allows remote attackers to execute arbitrary commands via unknown attack vectors, aka "command injection vulnerability."...

7.9AI score0.03589EPSS
Exploits0References7
osv
osv
added 2008/09/02 3:41 p.m.8 views

CVE-2008-3882

Unspecified "Command Injection" vulnerability in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary commands via 1 the executeFilter function in zmhtmlviewevents.php and 2 the runstate parameter to zmhtmlviewstate.php...

7.5AI score
Exploits0References4
osv
osv
added 2008/09/02 12:0 a.m.11 views

DTSA-164-1 newsbeuter - command injection

Bulletin has no description...

6.8CVSS6.3AI score0.01823EPSS
Exploits0
seebug
seebug
added 2008/07/17 12:0 a.m.29 views

Afuse 'afuse.c' SHELL命令注入漏洞

BUGTRAQ ID: 30245 CVE ID:CVE-2008-2232 CNCVE ID:CNCVE-20082232 Afuse是一款类似autofs工具的文件系统自动挂接程序。 Afuse不正确处理命令行参数,本地攻击者可以利用漏洞以高特权执行任意命令。 afuse接收如下形式的命令行: afuse /path -o mounttemplate="mount-script %m %r" \ unmounttemplate="unmount-script %m %r"...

4.6CVSS6.3AI score0.00357EPSS
Exploits2
Rows per page
Query Builder