Lucene search
K

1034 matches found

cve
cve
added 2016/04/12 5:0 p.m.56 views

CVE-2016-3654

The CVE concerns PAN-OS device management CLI parsing of an SSH command parameter, allowing authenticated administrators to run arbitrary OS commands with root privileges. Affected PAN-OS versions: 5.0.x before 5.0.18; 5.1.x before 5.1.11; 6.0.x before 6.0.13; 6.1.x before 6.1.10; 7.0.x before 7....

9CVSS7.2AI score0.02585EPSS
Exploits0References1Affected Software1
nvd
nvd
added 2016/03/02 11:59 a.m.17 views

CVE-2016-2278

Schneider Electric Struxureware Building Operations Automation Server AS 1.7 and earlier and AS-P 1.7 and earlier allows remote authenticated administrators to execute arbitrary OS commands by defeating an msh aka Minimal Shell protection mechanism...

9CVSS7.2AI score0.13426EPSS
Exploits7References3
cvelist
cvelist
added 2016/03/02 11:0 a.m.24 views

CVE-2016-2278

Schneider Electric Struxureware Building Operations Automation Server AS 1.7 and earlier and AS-P 1.7 and earlier allows remote authenticated administrators to execute arbitrary OS commands by defeating an msh aka Minimal Shell protection mechanism...

7.2AI score0.13426EPSS
Exploits7References3
packetstorm
packetstorm
added 2016/02/16 12:0 a.m.24 views

phpMyBackupPro 2.5 Shell Upload

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/PHPMYBACKUPPRO-v2.5-FILEUPLOADVULN.txt Vendor: ============================= www.phpmybackuppro.net project site: sourceforge.net/projects/phpmybackup/ Product: ===========================...

7.4AI score
Exploits0
cvelist
cvelist
added 2016/01/30 3:0 p.m.18 views

CVE-2016-1141

KDDI HOME SPOT CUBE devices before 2 allow remote authenticated users to execute arbitrary OS commands via unspecified vectors...

5.6AI score0.01039EPSS
Exploits0References3
cve
cve
added 2016/01/16 2:0 a.m.40 views

CVE-2016-1142

CVE-2016-1142 affects Seeds acmailer. Connected documents confirm an OS command injection (CWE-78) vulnerability in Seeds acmailer prior to 3.8.21 and 3.9.x prior to 3.9.15 Beta, exploitable by an authenticated remote attacker to execute arbitrary commands on the server via unspecified vectors. A...

9.1CVSS9.1AI score0.02411EPSS
Exploits0References3Affected Software1
cve
cve
added 2016/01/02 2:0 a.m.52 views

CVE-2015-5018

CVE-2015-5018 affects IBM Security Access Manager for Web (ISAM) on Web-based appliances: versions 7.0 before FP19, 8.0 before 8.0.1.3 IF3, and 9.0 before 9.0.0.0 IF1 are vulnerable to a command-injection via Local Management Interface (LMI) that enables remote authenticated users to execute arbi...

8.5CVSS7.8AI score0.02745EPSS
Exploits0References4Affected Software3
openvas
openvas
added 2015/11/16 12:0 a.m.36 views

Symantec Endpoint Protection Multiple Vulnerabilities (Nov 2015)

Symantec Endpoint Protection is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

8.5CVSS6.5AI score0.02743EPSS
Exploits0References5
nvd
nvd
added 2015/11/14 3:59 a.m.13 views

CVE-2015-7774

PC-EGG pWebManager before 3.3.10, and before 2.2.2 for PHP 4.x, allows remote authenticated users to execute arbitrary OS commands by leveraging the editor role...

6.5CVSS7.4AI score0.01302EPSS
Exploits0References3
cvelist
cvelist
added 2015/11/14 2:0 a.m.18 views

CVE-2015-7774

PC-EGG pWebManager before 3.3.10, and before 2.2.2 for PHP 4.x, allows remote authenticated users to execute arbitrary OS commands by leveraging the editor role...

7.4AI score0.01302EPSS
Exploits0References3
nvd
nvd
added 2015/11/06 11:59 a.m.17 views

CVE-2015-5672

TYPE-MOON Fate/stay night, Fate/hollow ataraxia, Witch on the Holy Night, and Fate/stay night + hollow ataraxia set allow remote attackers to execute arbitrary OS commands via crafted saved data...

10CVSS7.6AI score0.0372EPSS
Exploits0References3
prion
prion
added 2015/11/04 3:59 a.m.21 views

Design/Logic Flaw

The Web Console in Commvault Edge Server 10 R2 allows remote attackers to execute arbitrary OS commands via crafted serialized data in a cookie...

10CVSS8.1AI score0.04319EPSS
Exploits0References1Affected Software1
cert
cert
added 2015/11/03 12:0 a.m.64 views

Commvault Edge Server deserializes cookie data insecurely

Overview Commvault Edge Server, version 10 R2, deserializes untrusted, user-provided cookie data, resulting in arbitrary OS command execution with the web server's privileges. Description CWE-502: Deserialization of Untrusted Data - CVE-2015-7253Commvault Edge Server, version 10 R2, deserializes...

10CVSS7.7AI score0.04319EPSS
Exploits0References3
cve
cve
added 2015/10/28 10:0 a.m.50 views

CVE-2015-7901

Infinite Automation Mango Automation versions 2.5.x–2.6.0 beta (builds prior to 430) contain an OS command injection vulnerability that can be exploited by an authenticated remote user to execute arbitrary commands. Affected component/issue is demonstrated by public exploit references (e.g., Expl...

6.5CVSS7.3AI score0.03257EPSS
Exploits4References2Affected Software1
cvelist
cvelist
added 2015/10/28 10:0 a.m.28 views

CVE-2015-7901

Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote authenticated users to execute arbitrary OS commands via unspecified vectors...

7.2AI score0.03257EPSS
Exploits4References2
nvd
nvd
added 2015/09/22 3:59 p.m.13 views

CVE-2015-7310

McAfee Enterprise Security Manager ESM, Enterprise Security Manager/Log Manager ESMLM, and Enterprise Security Manager/Receiver ESMREC before 9.3.2MR18, 9.4.x before 9.4.2MR8, and 9.5.x before 9.5.0MR7 allow remote authenticated users to execute arbitrary OS commands via a crafted filename, which...

6.5CVSS7.1AI score0.01127EPSS
Exploits0References2
cvelist
cvelist
added 2015/09/22 3:0 p.m.20 views

CVE-2015-7310

McAfee Enterprise Security Manager ESM, Enterprise Security Manager/Log Manager ESMLM, and Enterprise Security Manager/Receiver ESMREC before 9.3.2MR18, 9.4.x before 9.4.2MR8, and 9.5.x before 9.5.0MR7 allow remote authenticated users to execute arbitrary OS commands via a crafted filename, which...

7.1AI score0.01127EPSS
Exploits0References2
cvelist
cvelist
added 2015/09/02 4:0 p.m.27 views

CVE-2015-4330

A local file script in Cisco TelePresence Video Communication Server VCS Expressway X8.5.2 allows local users to gain privileges for OS command execution via invalid parameters, aka Bug ID CSCuv10556...

6.8AI score0.0054EPSS
Exploits0References2
cve
cve
added 2015/09/02 4:0 p.m.60 views

CVE-2015-4330

Cisco TelePresence Video Communication Server Expressway X8.5.2 contains a local file script vulnerability that lets an authenticated, local attacker gain elevated OS-command execution by supplying invalid parameters to a local script. Root cause is insufficient protection of the local script, en...

6.9CVSS7AI score0.0054EPSS
Exploits0References2Affected Software1
nvd
nvd
added 2015/07/03 10:59 a.m.17 views

CVE-2015-4237

The CLI parser in Cisco NX-OS 4.12E11, 6.211b, 6.212, 7.20ZZ99.1, 7.20ZZ99.3, and 9.11SV13.1.8 on Nexus devices allows local users to execute arbitrary OS commands via crafted characters in a filename, aka Bug IDs CSCuv08491, CSCuv08443, CSCuv08480, CSCuv08448, CSCuu99291, CSCuv08434, and...

4.6CVSS7.2AI score0.00425EPSS
Exploits0References2
Rows per page
Query Builder