telnetd argument injection vulnerability

Added: 01/26/2026 Background The Telnet service allows remote users to authenticate to a system and use an interactive command shell. The Telnet service is implemented by the Telnet daemon, telnetd. Problem The telnetd program included in GNU Inetutils allows authentication to be bypassed with a ...

Oracle HTTP Server and Weblogic Proxy Plug-in vulnerability

Added: 01/23/2026 Background Oracle HTTP Server is the web server component for Oracle Fusion Middleware. Problem A vulnerability in Oracle HTTP Server and Weblogic Proxy Plug-in could allow a remote attacker to execute arbitrary commands by requesting a specially crafted path which allows...

Airspan AirSpot pingDiagnostic command injection

Added: 09/27/2022 Background Airspan AirSpot 5410 is an advanced, LTE, CAT12, outdoor, multi-service product specifically designed to meet data needs for residential, business and enterprise users. Problem A command injection vulnerability when diagnostics.cgi handles the pingDiagnostic command...

Bash environment variable code injection over HTTP

Added: 09/26/2014 CVE: CVE-2014-6271 BID: 70103 OSVDB: 112004 Background GNU Bash Bourne Again SHell is a command shell commonly used on Linux and Unix systems. Problem The Bash shell executes commands injected after function definitions contained in environment variables. This could be used by a...

Internet Explorer VML Dashstyle Attributes Integer Overflow

Added: 06/03/2013 CVE: CVE-2013-2551 BID: 58570 OSVDB: 91197 Background Vector Markup Language VML is an XML-based format for vector graphics. Problem An integer overflow vulnerability in vml.dll when processing dashstyle attributes of certain VML elements in a web page allows arbitrary command...

F5 BIG-IP SSH private key

Added: 07/03/2012 CVE: CVE-2012-1493 BID: 53897 OSVDB: 82780 Background SSH Private keys are used for authentication for many F5 BIG-IP devices. Devices shipped with a default, static key are vulnerable to compromise if the public discovers the key. The private key can be re-used by an attacker t...

Sun Java Web Start JNLP file j2se element heap-size buffer overflow

Added: 07/23/2008 CVE: CVE-2008-3111 BID: 30148 OSVDB: 46959 Background Sun Java Web Start allows standalone Java applications, called JNLP files, to be executed by the Java Runtime Environment JRE. Problem A buffer overflow vulnerability in Sun Java Web Start allows command execution when the us...

Bash environment variable code injection over HTTP

Added: 09/26/2014 CVE: CVE-2014-6271 BID: 70103 OSVDB: 112004 Background GNU Bash Bourne Again SHell is a command shell commonly used on Linux and Unix systems. Problem The Bash shell executes commands injected after function definitions contained in environment variables. This could be used by a...

SugarCRM EmailTemplates PNG file upload

Added: 03/22/2023 Background SugarCRM is customer relationship management software written in PHP. Problem A vulnerability in the EmailTemplates module allows remote, unauthenticated attackers to execute arbitrary commands on the server by uploading a PNG image file containing embedded PHP code...

Moxa AWK-3131A iw_console privilege escalation vulnerability

Added: 02/27/2020 CVE: CVE-2019-5136 Background Moxa AWK-3131A is a 3-in-1 industrial wireless AP/bridge/client device. Problem A privilege escalation vulnerability exists in the iwconsole functionality where a specially crafted menu selection string can cause an escape from the restricted consol...

ABRT/sosreport privilege elevation

Added: 12/14/2015 CVE: CVE-2015-5287 Background The Automatic Bug Reporting Tool ABRT is an application that runs as a daemon on some Linux systems. ABRT collects relevant crash data when another application crashes and can report it to a relevant issue tracker for analysis. After saving some...

Java Runtime Environment Soundbank Resource Name Stack Buffer Overflow

Added: 04/22/2010 CVE: CVE-2010-0839 BID: 39070 OSVDB: 63494 Background The Java Runtime Environment JRE is part of the Java Development Kit JDK, a set of programming tools for developing Java applications. The JRE Java programming class library contains the Java Sound Application Interface API t...

Novell GroupWise Client IMG SRC buffer overflow

Added: 01/15/2008 CVE: CVE-2007-6435 BID: 26875 OSVDB: 40870 Background Novell GroupWise is an e-mail and collaboration product suite. Problem A buffer overflow vulnerability in the GroupWise client allows command execution when a user replies to or forwards a message containing an IMG tag with a...

ntdll.dll buffer overflow via IIS 5.0 WebDAV

Added: 07/18/2006 CVE: CVE-2003-0109 BID: 7116 OSVDB: 4467 Background The dynamic link library ntdll.dll is a core component of the Windows operating system. It is used by many operating system components including the WebDAV component of Microsoft IIS. Problem A buffer overflow in ntdll.dll allo...

BentoML runner server deserialization vulnerability

Added: 10/24/2025 CVE: CVE-2024-9070 Background BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Problem A deserialization vulnerability in the BentoML runner server allows remote attackers to execute arbitrary commands by sending a...

Windows SMBv1 Remote Command Execution

Added: 04/26/2017 CVE: CVE-2017-0143 BID: 96703 Background Server Message Block SMB is the protocol used by Microsoft Windows computers to communicate over a network. SMBv1 was the first version of this protocol and is still supported by modern Windows versions. Problem A vulnerability in the...

MagicINFO SWUpdateFileUploader remote command execution

Added: 05/23/2025 CVE: CVE-2025-4632 Background MagicINFO is digital signage software from Samsung. Problem A path traversal, unsafe file upload, and missing authentication vulnerability allows remote, unauthenticated attackers to upload arbitrary files to the server and then execute them using a...

Apache HugeGraph Gremlin command injection

Added: 08/20/2024 Background Apache HugeGraph is a graph database. HugeGraph supports Gremlin, a graph traversal language. Problem A vulnerability in Apache HugeGraph allows remote attackers to bypass sandbox restrictions and execute arbitrary commands through Gremlin. Resolution Upgrade to...

WebSVN search command execution

Added: 06/23/2021 Background WebSVN is a web interface for Subversion repositories. Problem A command injection vulnerability allows remote unauthenticated attackers to execute arbitrary commands by sending a specially crafted search request. Resolution Upgrade to WebSVN 2.6.1 or higher. Referenc...

Solaris SunSSH libpam buffer overflow

Added: 01/08/2021 Background SunSSH is a fork of OpenSSH for Solaris. It provides remote login capability on Solaris platforms. Problem A buffer overflow vulnerability in libpam could allow a remote attacker to execute arbitrary commands by sending a specially crafted authentication request to...

vBulletin remote command execution via the widgetConfig[code] parameter

Added: 09/27/2019 Background vBulletin is a commercial web bulletin board application written in PHP using MySQL. Problem vBulletin allows remote command execution via the widgetConfigcode parameter in an ajax/render/widgetphp routestring request. Resolution Upgrade vBulletin to version higher th...

FortiOS Fortimanager_Access SSH account backdoor

Added: 01/25/2016 CVE: CVE-2016-1909 Background FortiOS is the operating system used by FortiGate network security appliances. Problem An undocumented account can be used to gain unauthorized access to the appliance. Resolution Upgrade to FortiOS 4.1.11, 4.2.16, 4.3.17, 5.0.8, 5.2.0, 5.4.0, or...

Samba call_trans2open buffer overflow

Added: 06/02/2006 CVE: CVE-2003-0201 BID: 7294 OSVDB: 4469 Background Samba is a software package which implements the SMB protocol on a variety of platforms, providing compatibility with Windows systems. Problem A buffer overflow in the calltrans2open function allows anonymous remote attackers t...

Rejetto HTTP File Server template injection

Added: 07/10/2024 Background Rejetto HTTP File Server is a web-based file system application. Problem A template injection vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted GET request. Resolution Upgrade to a version higher than HTTP File Server H...

GeoServer JAI-EXT extension command injection

Added: 06/27/2024 Background GeoServer is an open source server for sharing geospatial data. Java Advanced Imaging JAI is an API which provides a set of high level objects for the image processing. JAI-EXT is an open source project which extends the JAI API. Jiffle is a map algebra language...

Bash Environment Variable Handling Shell Command Injection Via CUPS

Added: 11/05/2014 CVE: CVE-2014-6271 BID: 70103 OSVDB: 112004 Background GNU Bash Bourne Again SHell is a command shell commonly used on Linux and Unix systems. CUPS is printing software for UNIX-like systems that allows a computer to act as a print server. Problem The Bash shell executes command...

Ruby on Rails XML Processor YAML Deserialization

Added: 02/15/2013 CVE: CVE-2013-0156 BID: 57187 OSVDB: 89026 Background Ruby on Rails is a full stack, Web application framework optimized for sustainable programming productivity, allowing writing sound code by favoring convention over configuration. Problem Ruby on Rails versions prior to 2.3.1...

Cisco Unified Communications Manager command injection

Added: 01/26/2026 Background Cisco Unified Communications Manager is a product suite for managing voice and video communication and messaging. Problem A command injection vulnerability in multiple Cisco communications products could allow a remote attacker to execute arbitrary commands. Resolutio...

Control Web Panel key parameter command injection

Added: 01/21/2026 Background Control Web Panel is a web hosting panel for Linux. Problem A command injection vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted key parameter. Resolution Upgrade to Control Web Panel 0.9.8.1209 or higher. References...

Atlassian Confluence Server OGNL injection

Added: 06/06/2022 Background Atlassian Confluence is a collaboration and knowledge management application. Problem Atlassian Confluence has an OGNL injection vulnerability that could allow an unauthenticated user to execute arbitrary code on a Confluence Server. Resolution Upgrade to Confluence...

OpenSMTPD MAIL FROM command injection

Added: 02/10/2020 CVE: CVE-2020-7247 Background OpenSMTPD is a free SMTP implementation. It comes with the OpenBSD operating system but is also available for other platforms. Problem The smtpmailaddr function does not properly sanitize user input, allowing remote attackers to inject arbitrary...

Microsoft SharePoint Office Document Load Balancer SOAP Vulnerability

Added: 11/23/2011 CVE: CVE-2010-3964 BID: 45264 OSVDB: 69817 Background Microsoft SharePoint is a web application platform that provides web content management and document management as an aid to collaboration among users. SharePoint's multi-purpose design allows for managing and provisioning of...

Adobe Reader CoolType.dll buffer overflow

Added: 09/17/2010 CVE: CVE-2010-2883 BID: 43057 OSVDB: 67849 Background Adobe Reader is free software for viewing PDF documents. Problem A buffer overflow in the CoolType.dll module allows command execution when a user opens a PDF document containing a long, specially crafted field in a SING tabl...

Sophos UTM Webadmin remote command execution

Added: 08/27/2021 Background Sophos UTM is a network security appliance. Problem A vulnerability in the Webadmin interface allows remote attackers to execute arbitrary commands by sending a specially crafted POST request. Resolution Upgrade to Sophos SG UTM v9.511 MR11, v9.607 MR7, or v9.705 MR5 ...

Oracle Secure Backup Administration preauth variable command injection

Added: 12/06/2010 CVE: CVE-2010-0906 BID: 41597 OSVDB: 67128 Background Oracle Secure Backup is a centralized tape backup management solution for Oracle Database. Problem A vulnerability in the Administration server allows remote, authenticated attackers to execute arbitrary commands which are...

Windows Server Service buffer overflow MS08-067

Added: 10/24/2008 CVE: CVE-2008-4250 BID: 31874 OSVDB: 49243 Background The Windows Server service supports file, print, and named-pipe sharing over the network. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted RPC reques...

HPE OneView id-pools command execution

Added: 12/19/2025 Background HPE OneView is integrated IT infrastructure management software. Problem A vulnerability in the id-pools feature allow remote attackers to execute arbitrary commands by sending a PUT request to the executeCommand API endpoint. Resolution Apply the hotfix referenced in...

Oracle Fusion Middleware Identity Manager authentication bypass

Added: 11/24/2025 Background Oracle Fusion Middleware is a platform for creating and running applications. Problem An authentication bypass vulnerability in the Identity Manager component allows remote attackers to execute arbitrary commands by appending ;.wadl to a URL. Resolution See Oracle Pat...

WingFTP username null byte command execution

Added: 07/02/2025 Background Wing FTP Server is free FTP server software for Windows, Linux, and Mac OS. Problem A command injection vulnerability allows a remote unauthenticated attacker to execute arbitrary commands by sending a username with a null byte in a login request. Resolution Upgrade t...

Bash Environment Variable Handling Shell Command Injection Via CUPS

Added: 11/05/2014 CVE: CVE-2014-6271 BID: 70103 OSVDB: 112004 Background GNU Bash Bourne Again SHell is a command shell commonly used on Linux and Unix systems. CUPS is printing software for UNIX-like systems that allows a computer to act as a print server. Problem The Bash shell executes command...

MySQL yaSSL SSL Hello message buffer overflow

Added: 03/10/2008 CVE: CVE-2008-0226 BID: 27140 OSVDB: 41935 Background MySQL is an open-source database software package available for multiple platforms. yaSSL is an SSL library. MySQL, if SSL support is enabled, uses yaSSL by default. Problem A buffer overflow vulnerability in the...

React Server Components deserialization vulnerability

Added: 12/11/2025 Background React is a Javascript library for building user interfaces. React Server Components are React components designed for running on web servers. Problem A deserialization vulnerability in React Server Components allows a remote attacker to execute arbitrary commands by...

Apache Struts file upload path traversal

Added: 12/20/2024 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem A directory traversal vulnerability in Apache...

ColdFusion verifyldapserver vulnerability

Added: 03/07/2022 Background Adobe ColdFusion is a web application development platform written in Java. Problem The verifyldapserver method in utils.cfc allows a remote attacker to cause the server to download a Java class from an arbitrary LDAP server, leading to remote code execution. Resoluti...

HP Performance Manager Apache Tomcat Policy Bypass

Added: 11/05/2010 CVE: CVE-2009-3548 BID: 36954 OSVDB: 60176 Background HP Performance Manager Software is a web-based analysis and visualization tool that analyzes performance trends of applications, systems, and services. HP Performance Manager incorporates Apache Tomcat 5 to help serve custom...

Apache chunked encoding buffer overflow

Added: 05/08/2006 CVE: CVE-2002-0392 BID: 5033 OSVDB: 838 Background Apache web servers support chunked encoding, which is used by a web client to send data to the server in parts, or chunks. Problem A flaw in the calculation of the size of chunked encoding leads to a buffer overflow, allowing...

Control Web Panel key parameter command injection

Added: 01/21/2026 Background Control Web Panel is a web hosting panel for Linux. Problem A command injection vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted key parameter. Resolution Upgrade to Control Web Panel 0.9.8.1209 or higher. References...

FortiManager fgfmd remote command execution

Added: 11/15/2024 Background FortiManager is an integrated platform for the centralized management of products in a Fortinet security infrastructure. Problem Missing authentication in the fgfmd service could allow a remote attacker to execute arbitrary commands. Resolution Upgrade to FortiManager...

libssh authentication bypass

Added: 10/29/2018 BID: 105677 Background libssh is a C library implementing the SSHv2 protocol. Problem A vulnerability in libssh allows remote users to bypass authentication by sending a SSH2MSGUSERAUTHSUCCESS message instead of a SSH2MSGUSERAUTHREQUEST message. Resolution Upgrade to libssh 0.7....

Microsoft OLE Object File Handling vulnerability

Added: 06/15/2012 CVE: CVE-2011-3400 BID: 50977 OSVDB: 77663 Background Object Linking and Embedding OLE allows applications to create and edit compound documents. For example, a Microsoft Excel spreadsheet can be embedded within a Microsoft Word application. Problem A vulnerability when handling...