Apache Struts 2 ParametersInterceptor OGNL Command Injection

Added: 03/26/2012 CVE: CVE-2011-3923 BID: 51628 OSVDB: 78109 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem...

Cisco Prime Infrastructure Health Monitor tar file directory traversal

Added: 11/25/2019 CVE: CVE-2019-1821 BID: 108339 Background Cisco Prime Infrastructure is a management system of wireless and wired networks. Problem A vulnerability in Cisco Prime Infrastructure Health Monitor allows a remote attacker to execute arbitrary commands by uploading a specially crafte...

PHP CGI Query String Parameters Command Execution

Added: 05/15/2012 CVE: CVE-2012-1823 BID: 53388 OSVDB: 81633 Background PHP is a widely used general-purpose scripting language that is especially suited for Web development. Problem When configured as a CGI script aka php-cgi, PHP does not properly handle query string parameters which are passed...

ShellShock DHCP Server

Added: 11/20/2014 CVE: CVE-2014-6271 BID: 70103 OSVDB: 112004 Background Bash is vulnerable to command injection using environment variables. When an application takes user input and uses setenv a malicious actor is able to execute commands on the target in the security context of the running...

PHP CGI Query String Parameters Command Execution

Added: 05/15/2012 CVE: CVE-2012-1823 BID: 53388 OSVDB: 81633 Background PHP is a widely used general-purpose scripting language that is especially suited for Web development. Problem When configured as a CGI script aka php-cgi, PHP does not properly handle query string parameters which are passed...

Microsoft SQL Server spreplwritetovarbin Buffer Overflow

Added: 04/29/2009 CVE: CVE-2008-5416 BID: 32710 OSVDB: 50917 Background Microsoft SQL Server is a database server package for Windows platforms. Problem A buffer overflow vulnerability in the spreplwritetovarbin stored procedure allows remote, authenticated attackers to execute arbitrary commands...

Zimbra Collaboration Suite mboximport path traversal

Added: 08/30/2022 Background Zimbra Collaboration Suite is an email, calendar, and collaboration solution for enterprises. Problem A path traversal vulnerability in the mboximport function could allow a remote attacker to create arbitrary JSP files within the web document root, leading to command...

Zyxel Firewall SetWanPortSt command injection

Added: 05/20/2022 Background Zyxel Firewalls are a business solution providing protection from malware and unauthorized access. Problem Zyxel USG FLEX, ATP series, and VPN series firewalls are affected by a vulnerability in the SetWanPortSt command which could allow an attacker to inject arbitrar...

WingFTP username null byte command execution

Added: 07/02/2025 Background Wing FTP Server is free FTP server software for Windows, Linux, and Mac OS. Problem A command injection vulnerability allows a remote unauthenticated attacker to execute arbitrary commands by sending a username with a null byte in a login request. Resolution Upgrade t...

Red Hat JBoss Enterprise Application Platform Remoting Unified Invoker command execution

Added: 07/18/2022 Background Red Hat JBoss Enterprise Application Platform is an open source platform for highly transactional, web-scale Java applications. Problem A remote, unauthenticated attacker can execute arbitary commands on the server by sending a specially crafted serialized object to t...

Atlassian Crowd pdkinstall arbitrary plugin installation

Added: 12/22/2020 Background Atlassian Crowd is a single sign-on solution for Atlassian products. Problem Atlassian Crowd and Crowd Data Center incorrectly enabled the pdkinstall development plugin, allowing attackers to install arbitrary plugins, leading to remote code execution. Resolution...

Samsung iPOLiS Device Manager ReadConfigValue vulnerability

Added: 04/27/2015 CVE: CVE-2015-0555 OSVDB: 118668 Background Samsung iPOLiS Device Manager is software for managing network devices. It comes with an ActiveX control called XnsSdkDeviceIpInstaller.ocx. Problem A buffer overflow vulnerability in the ReadConfigValue and WriteConfigValue methods in...

Apple QuickTime TeXML Style Element Buffer Overflow

Added: 12/24/2012 CVE: CVE-2012-3752 BID: 56557 OSVDB: 87087 Background QuickTime is a media player for Windows and Mac OS platforms. Problem Apple QuickTime 7.7.2 and earlier is vulnerable to remote code execution due to a failure to perform appropriate boundary checking. A remote attacker who...

Apache Struts forced OGNL evaluation

Added: 02/03/2021 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Struts uses Object-Graph Navigation Language OGNL to...

FreeFTPd user name buffer overflow

Added: 12/08/2005 CVE: CVE-2005-3683 BID: 15457 OSVDB: 20909 Background FreeFTPd is a free FTP/FTPS/SFTP server for Windows platforms. Problem An unauthenticated remote attacker could execute arbitrary commands by sending a long, specially crafted argument to the USER command. Resolution Upgrade ...

Ivanti EPMM remote code execution

Added: 02/02/2026 CVE: CVE-2026-1281 Background Ivanti Endpoint Manager Mobile, formerly MobileIron Core, is a security and Unified Endpoint Management UEM tool. Problem A command injection vulnerability in Ivanti EPMM could allow an unauthenticated attacker to execute arbitrary commands by sendi...

Oracle MD2 component SDO_CODE_SIZE buffer overflow

Added: 12/18/2006 CVE: CVE-2004-1774 BID: 10871 OSVDB: 9867 Background Oracle Database is a relational database solution available for multiple platforms. Problem A buffer overflow in the SDOCODESIZE function in the MD2 component of Oracle Database allows remote attackers to execute arbitrary...

Atlassian Confluence Server OGNL injection

Added: 06/06/2022 Background Atlassian Confluence is a collaboration and knowledge management application. Problem Atlassian Confluence has an OGNL injection vulnerability that could allow an unauthenticated user to execute arbitrary code on a Confluence Server. Resolution Upgrade to Confluence...

inoERP form personalization module command execution

Added: 10/28/2020 Background inoERP is an open source web based enterprise management system. Problem A vulnerability in the formpersonalization module allows remote, unauthenticated attackers to execute arbitrary PHP code injected in the templatecode parameter. Resolution No fix is available at...

Java MBeanInstantiator findClass and Introspector Sandbox Escape

Added: 03/04/2013 CVE: CVE-2013-0431 BID: 57726 OSVDB: 89613 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Probl...

Citrix Session Recording deserialization vulnerability

Added: 08/27/2025 CVE: CVE-2024-8069 Background Citrix Session Recording is software for recording and archiving sessions for retrieval and playback. Problem Unsafe object deserialization in Citrix Session Recording could allow a remote attacker to execute arbitrary commands by sending a speciall...

PAN-OS management interface authentication bypass

Added: 11/20/2024 CVE: CVE-2024-0012 Background Palo Alto Networks firewall provides policy-based visibility and control over applications, users and threats. Problem An authentication bypass vulnerability combined with a command injection vulnerability in the PAN-OS management interface allows...

ShellShock DHCP Server

Added: 11/20/2014 CVE: CVE-2014-6271 BID: 70103 OSVDB: 112004 Background Bash is vulnerable to command injection using environment variables. When an application takes user input and uses setenv a malicious actor is able to execute commands on the target in the security context of the running...

HP Operations Manager hidden Tomcat account

Added: 06/18/2010 CVE: CVE-2009-3843 BID: 37086 OSVDB: 60317 Background HP Operations Manager is a consolidated event and performance management console that correlates infrastructure, network and end-user experience events across an IT infrastructure. Problem A hidden Apache Tomcat account allow...

VLC media player TY file parse_master buffer overflow

Added: 12/04/2008 CVE: CVE-2008-4654 BID: 31813 OSVDB: 49181 Background VLC media player is a media player supporting various audio and video formats for multiple platforms. Problem A buffer overflow vulnerability in the parsemaster function in the Ty demux plugin allows command execution when a...

MySQL yaSSL SSL Hello message buffer overflow

Added: 03/10/2008 CVE: CVE-2008-0226 BID: 27140 OSVDB: 41935 Background MySQL is an open-source database software package available for multiple platforms. yaSSL is an SSL library. MySQL, if SSL support is enabled, uses yaSSL by default. Problem A buffer overflow vulnerability in the...

Langflow /api/v1/validate/code command injection

Added: 04/11/2025 CVE: CVE-2025-3248 Background Langflow is a low-code tool for building AI agents and workflows. Problem A command injection vulnerability in the /api/v1/validate/code API endpoint could allow a remote unauthenticated attacker to execute arbitrary commands by sending a specially...

Google Chrome SimplifiedLowering bug

Added: 04/09/2021 Background Google Chrome is a web browser application available for multiple platforms. Problem A bug in the SimplifiedLowering function can potentially lead to a heap overflow which can be exploited to execute arbitrary commands when a user opens a malicious web page. Resolutio...

Linux kernel futex_requeue privilege elevation

Added: 12/03/2014 CVE: CVE-2014-3153 BID: 67906 OSVDB: 107752 Background The futex system call in Linux provides a mechanism for user-space locking. Problem A vulnerability in the Linux kernel allows an unprivileged user to gain root access using a specially crafted futexrequeue call. Resolution...

CoolPlayer m3u playlist processing filename buffer overflow

Added: 08/13/2008 CVE: CVE-2008-3408 BID: 30418 OSVDB: 47194 Background CoolPlayer is a free audio player for Windows platforms. Problem A buffer overflow vulnerability in CoolPlayer allows command execution when a user opens an m3u playlist file containing a specially crafted filename. Resolutio...

Four-Faith Router adjust_sys_time command injection

Added: 01/03/2025 Background Four Faith F3x24 is a wifi industrial router. F3x36 is an LTE wireless router. Problem A default password and command injection vulnerability in the adjustsystime function in the F3x24 and F3x36 routers could allow an attacker to execute arbitrary commands. Resolution...

VMware Cloud Foundation XStream Deserialization

Added: 10/31/2022 Background VMware Cloud Foundation is a hybrid cloud platform. Problem An XStream deserialization vulnerability in the NSM Manager component of VMware Cloud Foundation NSX-V allows a remote attacker to execute arbitrary commands. Resolution Apply the patch referenced in...

ShellShock DHCP Server

Added: 11/20/2014 CVE: CVE-2014-6271 BID: 70103 OSVDB: 112004 Background Bash is vulnerable to command injection using environment variables. When an application takes user input and uses setenv a malicious actor is able to execute commands on the target in the security context of the running...

HP Power Manager Remote Code Execution

Added: 11/06/2009 CVE: CVE-2009-2685 BID: 36933 OSVDB: 59684 Background HP Power Manager is a web-based application that enables administrators to manage an HP UPS from a browser-based management console. Problem A stack-based buffer overflow in the HP Power Manager management web server allows...

IMail IMAP LOGIN special character vulnerability

Added: 01/04/2006 CVE: CVE-2005-1255 BID: 13727 OSVDB: 16804 Background IMail is a mail server for Windows platforms. It includes SMTP, POP, IMAP, and LDAP services, a web interface, and web calendaring. Problem A remote attacker could execute arbitrary commands by sending a long specially crafte...

Schneider Electric StruxureWare Building Operation Automation Server msh bypass

Added: 03/14/2016 CVE: CVE-2016-2278 Background The Schneider Electric StruxureWare Building Operation software suite provides integrated monitoring, control, and management of energy, HVAC, lighting and fire safety. The Automation Server is a building automation system for small and medium-sized...

MITRE Caldera dynamic compilation command injection

Added: 02/28/2025 Background MITRE Caldera is a security platform for emulating adversaries. Problem The dynamic compilation functionality in the Manx and Sandcat agents is affected by an injection vulnerability which could allow remote command execution. Resolution Upgrade to Caldera 5.1.0 or...

VMware VCenter Server file upload

Added: 02/25/2021 Background VMware VCenter Server is server management software for controlling VMware VSphere environments. Problem A vulnerability in VMware VCenter Server allows remote, unauthenticated attackers to upload files to arbitrary locations on the server, leading to command executio...

Webmin password_change.cgi backdoor

Added: 08/26/2019 Background Webmin is a web-based interface for system administration of Unix systems. The Webmin web server listens by default on port 10000/tcp. Problem A backdoor in Webmin allows a remote attacker to execute arbitrary commands by sending a POST request for passwordchange.cgi...

Oracle WebLogic Server deserialization remote code execution

Added: 05/02/2019 CVE: CVE-2019-2725 BID: 108074 Background Oracle WebLogic Server formerly BEA WebLogic Server is a Java web application platform. Problem Oracle WebLogic Server component of Oracle Fusion Middleware has a deserialization vulnerability in Web Services subcomponent, which allows...

netkit telnetd nextitem vulnerability

Added: 03/24/2020 Background netkit telnetd is a server implementation of the Telnet protocol which comes with many Linux and Unix operating systems. Problem An unbounded read and write condition in the nextitem function allows remote attackers to execute arbitrary commands on the server...

Sun Java Web Start JNLP file j2se element heap-size buffer overflow

Added: 07/23/2008 CVE: CVE-2008-3111 BID: 30148 OSVDB: 46959 Background Sun Java Web Start allows standalone Java applications, called JNLP files, to be executed by the Java Runtime Environment JRE. Problem A buffer overflow vulnerability in Sun Java Web Start allows command execution when the us...

Microsoft Office PNG File Handling Buffer Overflow

Added: 06/18/2013 CVE: CVE-2013-1331 BID: 60408 OSVDB: 94127 Background Microsoft Office is a package which provides word processing, spreadsheet, presentation, e-mail, and calendaring capabilities for Microsoft Windows workstations. Problem An error in Microsoft Office 2003 SP3 for Windows when...

React Server Components deserialization vulnerability

Added: 12/11/2025 Background React is a Javascript library for building user interfaces. React Server Components are React components designed for running on web servers. Problem A deserialization vulnerability in React Server Components allows a remote attacker to execute arbitrary commands by...

Dell OpenManage Network Manager MySQL vulnerability

Added: 11/20/2018 BID: 105912 Background Dell OpenManage Network Manager is a product for monitoring and managing network devices. Problem Dell OpenManage Network Manager runs the MySQL database service with root privileges and enables default database accounts, allowing a remote attacker to writ...

Java Runtime Environment java.awt.image.IntegerComponentRaster buffer overflow

Added: 09/04/2013 CVE: CVE-2013-2471 BID: 60659 OSVDB: 94357 Background The Java Runtime Environment JRE is part of the Java Development Kit JDK, a set of programming tools for developing Java applications. The Java Runtime Environment provides the minimum requirements for executing a Java...

IBM Rational ClearQuest CQOle ActiveX

Added: 05/30/2012 CVE: CVE-2012-0708 BID: 53170 OSVDB: 81443 Background Rational ClearQuest is an enterprise workflow automation tool. It functions as a bug tracking tool and can act as a CRM or process tracker. Problem The ClearQuest web client installs ActiveX modules on the client system. Thes...

Windows SMB2 buffer overflow

Added: 09/20/2010 CVE: CVE-2009-3103 BID: 36299 OSVDB: 57799 Background SMB2 is the replacement protocol for the SMB Windows filesharing protocol. Problem A buffer overflow vulnerability in the SMB2 Service allows remote attackers to execute arbitrary commands. Resolution Apply the patch referenc...

Windows Help and Support Center -FromHCP URL whitelist bypass

Added: 06/15/2010 CVE: CVE-2010-1885 BID: 40725 OSVDB: 65264 Background The Microsoft Windows Help and Support Center is a resource in Microsoft Windows operating systems for online help, support, tools, how-to articles, and other resources. Problem A vulnerability in Windows Help and Support...

Cisco Unified Communications Manager command injection

Added: 01/26/2026 Background Cisco Unified Communications Manager is a product suite for managing voice and video communication and messaging. Problem A command injection vulnerability in multiple Cisco communications products could allow a remote attacker to execute arbitrary commands. Resolutio...