1034 matches found
CVE-2016-3654
The CVE concerns PAN-OS device management CLI parsing of an SSH command parameter, allowing authenticated administrators to run arbitrary OS commands with root privileges. Affected PAN-OS versions: 5.0.x before 5.0.18; 5.1.x before 5.1.11; 6.0.x before 6.0.13; 6.1.x before 6.1.10; 7.0.x before 7....
CVE-2016-2278
Schneider Electric Struxureware Building Operations Automation Server AS 1.7 and earlier and AS-P 1.7 and earlier allows remote authenticated administrators to execute arbitrary OS commands by defeating an msh aka Minimal Shell protection mechanism...
CVE-2016-2278
Schneider Electric Struxureware Building Operations Automation Server AS 1.7 and earlier and AS-P 1.7 and earlier allows remote authenticated administrators to execute arbitrary OS commands by defeating an msh aka Minimal Shell protection mechanism...
phpMyBackupPro 2.5 Shell Upload
Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/PHPMYBACKUPPRO-v2.5-FILEUPLOADVULN.txt Vendor: ============================= www.phpmybackuppro.net project site: sourceforge.net/projects/phpmybackup/ Product: ===========================...
CVE-2016-1141
KDDI HOME SPOT CUBE devices before 2 allow remote authenticated users to execute arbitrary OS commands via unspecified vectors...
CVE-2016-1142
CVE-2016-1142 affects Seeds acmailer. Connected documents confirm an OS command injection (CWE-78) vulnerability in Seeds acmailer prior to 3.8.21 and 3.9.x prior to 3.9.15 Beta, exploitable by an authenticated remote attacker to execute arbitrary commands on the server via unspecified vectors. A...
CVE-2015-5018
CVE-2015-5018 affects IBM Security Access Manager for Web (ISAM) on Web-based appliances: versions 7.0 before FP19, 8.0 before 8.0.1.3 IF3, and 9.0 before 9.0.0.0 IF1 are vulnerable to a command-injection via Local Management Interface (LMI) that enables remote authenticated users to execute arbi...
Symantec Endpoint Protection Multiple Vulnerabilities (Nov 2015)
Symantec Endpoint Protection is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2015-7774
PC-EGG pWebManager before 3.3.10, and before 2.2.2 for PHP 4.x, allows remote authenticated users to execute arbitrary OS commands by leveraging the editor role...
CVE-2015-7774
PC-EGG pWebManager before 3.3.10, and before 2.2.2 for PHP 4.x, allows remote authenticated users to execute arbitrary OS commands by leveraging the editor role...
CVE-2015-5672
TYPE-MOON Fate/stay night, Fate/hollow ataraxia, Witch on the Holy Night, and Fate/stay night + hollow ataraxia set allow remote attackers to execute arbitrary OS commands via crafted saved data...
Design/Logic Flaw
The Web Console in Commvault Edge Server 10 R2 allows remote attackers to execute arbitrary OS commands via crafted serialized data in a cookie...
Commvault Edge Server deserializes cookie data insecurely
Overview Commvault Edge Server, version 10 R2, deserializes untrusted, user-provided cookie data, resulting in arbitrary OS command execution with the web server's privileges. Description CWE-502: Deserialization of Untrusted Data - CVE-2015-7253Commvault Edge Server, version 10 R2, deserializes...
CVE-2015-7901
Infinite Automation Mango Automation versions 2.5.x–2.6.0 beta (builds prior to 430) contain an OS command injection vulnerability that can be exploited by an authenticated remote user to execute arbitrary commands. Affected component/issue is demonstrated by public exploit references (e.g., Expl...
CVE-2015-7901
Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote authenticated users to execute arbitrary OS commands via unspecified vectors...
CVE-2015-7310
McAfee Enterprise Security Manager ESM, Enterprise Security Manager/Log Manager ESMLM, and Enterprise Security Manager/Receiver ESMREC before 9.3.2MR18, 9.4.x before 9.4.2MR8, and 9.5.x before 9.5.0MR7 allow remote authenticated users to execute arbitrary OS commands via a crafted filename, which...
CVE-2015-7310
McAfee Enterprise Security Manager ESM, Enterprise Security Manager/Log Manager ESMLM, and Enterprise Security Manager/Receiver ESMREC before 9.3.2MR18, 9.4.x before 9.4.2MR8, and 9.5.x before 9.5.0MR7 allow remote authenticated users to execute arbitrary OS commands via a crafted filename, which...
CVE-2015-4330
A local file script in Cisco TelePresence Video Communication Server VCS Expressway X8.5.2 allows local users to gain privileges for OS command execution via invalid parameters, aka Bug ID CSCuv10556...
CVE-2015-4330
Cisco TelePresence Video Communication Server Expressway X8.5.2 contains a local file script vulnerability that lets an authenticated, local attacker gain elevated OS-command execution by supplying invalid parameters to a local script. Root cause is insufficient protection of the local script, en...
CVE-2015-4237
The CLI parser in Cisco NX-OS 4.12E11, 6.211b, 6.212, 7.20ZZ99.1, 7.20ZZ99.3, and 9.11SV13.1.8 on Nexus devices allows local users to execute arbitrary OS commands via crafted characters in a filename, aka Bug IDs CSCuv08491, CSCuv08443, CSCuv08480, CSCuv08448, CSCuu99291, CSCuv08434, and...