CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Related To CWE-78

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-3655 78 Exec Code 2016-04-12 2016-04-14
10.0
User Remote Low Not required Complete Complete Complete
The management web interface in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5 allows remote attackers to execute arbitrary OS commands via an unspecified API call.
2 CVE-2016-1352 78 Exec Code 2016-04-13 2016-04-18
7.5
None Remote Low Not required Partial Partial Partial
Cisco Unified Computing System (UCS) Central Software 1.3(1b) and earlier allows remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuv33856.
3 CVE-2016-1339 78 +Priv 2016-04-15 2016-04-18
7.2
None Local Low Not required Complete Complete Complete
Cisco Unified Computing System (UCS) Platform Emulator 2.5(2)TS4, 3.0(2c)A, and 3.0(2c)TS9 allows local users to gain privileges via crafted arguments on a ucspe-copy command line, aka Bug ID CSCux68832.
4 CVE-2016-1320 78 Exec Code 2016-02-11 2016-02-25
6.8
Admin Local Low Single system Complete Complete Complete
The CLI in Cisco Prime Collaboration 9.0 and 11.0 allows local users to execute arbitrary OS commands as root by leveraging administrator privileges, aka Bug ID CSCux69286.
5 CVE-2016-1297 78 Exec Code Bypass 2016-02-26 2016-03-17
9.0
None Remote Low Single system Complete Complete Complete
The Device Manager GUI in Cisco Application Control Engine (ACE) 4710 A5 before A5(3.1) allows remote authenticated users to bypass intended RBAC restrictions and execute arbitrary CLI commands with admin privileges via an unspecified parameter in a POST request, aka Bug ID CSCul84801.
6 CVE-2016-1142 78 Exec Code 2016-01-16 2016-01-21
9.0
None Remote Low Single system Complete Complete Complete
Seeds acmailer before 3.8.21 and 3.9.x before 3.9.15 Beta allows remote authenticated users to execute arbitrary OS commands via unspecified vectors.
7 CVE-2016-1141 78 Exec Code 2016-01-30 2016-02-02
6.5
None Remote Low Single system Partial Partial Partial
KDDI HOME SPOT CUBE devices before 2 allow remote authenticated users to execute arbitrary OS commands via unspecified vectors.
8 CVE-2015-8557 78 Exec Code 2016-01-08 2016-01-13
9.3
None Remote Medium Not required Complete Complete Complete
The FontManager._get_nix_font_path function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name.
9 CVE-2015-8151 78 Exec Code 2016-02-18 2016-02-25
5.8
User Remote Low Multiple systems Partial Partial Partial
Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote authenticated users to execute arbitrary OS commands by leveraging console administrator access.
10 CVE-2015-8024 78 Bypass 2015-12-02 2015-12-03
9.3
None Remote Medium Not required Complete Complete Complete
McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), and Enterprise Security Manager/Receiver (ESMREC) 9.3.x before 9.3.2MR19, 9.4.x before 9.4.2MR9, and 9.5.x before 9.5.0MR8, when configured to use Active Directory or LDAP authentication sources, allow remote attackers to bypass authentication by logging in with the username "NGCP|NGCP|NGCP;" and any password.
11 CVE-2015-7901 78 Exec Code 2015-10-28 2015-10-28
6.5
None Remote Low Single system Partial Partial Partial
Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote authenticated users to execute arbitrary OS commands via unspecified vectors.
12 CVE-2015-7774 78 Exec Code 2015-11-13 2015-11-16
6.5
None Remote Low Single system Partial Partial Partial
PC-EGG pWebManager before 3.3.10, and before 2.2.2 for PHP 4.x, allows remote authenticated users to execute arbitrary OS commands by leveraging the editor role.
13 CVE-2015-7769 78 Exec Code 2016-02-19 2016-03-03
6.5
None Remote Low Single system Partial Partial Partial
baserCMS 3.0.2 through 3.0.8 allows remote authenticated users to execute arbitrary OS commands via unspecified vectors.
14 CVE-2015-7698 78 Exec Code 2015-10-21 2015-10-22
9.0
None Remote Low Single system Complete Complete Complete
icewind1991 SMB before 1.0.3 allows remote authenticated users to execute arbitrary SMB commands via shell metacharacters in the user argument in the (1) listShares function in Server.php or the (2) connect or (3) read function in Share.php.
15 CVE-2015-7426 78 Exec Code 2016-01-02 2016-01-07
10.0
None Remote Low Not required Complete Complete Complete
The Data Protection extension in the VMware GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 7.1 before 7.1.3.0 and Tivoli Storage FlashCopy Manager for VMware (aka Spectrum Protect Snapshot) 4.1 before 4.1.3.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
16 CVE-2015-7310 78 Exec Code 2015-09-22 2015-09-23
6.5
None Remote Low Single system Partial Partial Partial
McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), and Enterprise Security Manager/Receiver (ESMREC) before 9.3.2MR18, 9.4.x before 9.4.2MR8, and 9.5.x before 9.5.0MR7 allow remote authenticated users to execute arbitrary OS commands via a crafted filename, which is not properly handled when downloading the file.
17 CVE-2015-7253 78 Exec Code 2015-11-03 2015-11-04
10.0
None Remote Low Not required Complete Complete Complete
The Web Console in Commvault Edge Server 10 R2 allows remote attackers to execute arbitrary OS commands via crafted serialized data in a cookie.
18 CVE-2015-6554 78 Exec Code 2015-11-11 2015-11-12
7.5
None Remote Low Not required Partial Partial Partial
Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 allows remote attackers to execute arbitrary OS commands via crafted data.
19 CVE-2015-6435 78 Exec Code 2016-01-22 2016-01-25
10.0
None Remote Low Not required Complete Complete Complete
An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS) Manager before 2.2(4b), 2.2(5) before 2.2(5a), and 3.0 before 3.0(2e) allows remote attackers to execute arbitrary shell commands via a crafted HTTP request, aka Bug ID CSCur90888.
20 CVE-2015-6380 78 Exec Code 2015-11-23 2015-11-24
6.5
None Remote Low Single system Partial Partial Partial
An unspecified script in the web interface in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote authenticated users to execute arbitrary OS commands via crafted parameters, aka Bug ID CSCux10622.
21 CVE-2015-6370 78 Exec Code 2015-11-18 2015-11-19
7.2
None Local Low Not required Complete Complete Complete
The Management I/O (MIO) component in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows local users to execute arbitrary OS commands as root via crafted CLI input, aka Bug ID CSCux10578.
22 CVE-2015-6298 78 2015-11-06 2015-11-06
9.0
None Remote Low Single system Complete Complete Complete
The admin web interface in Cisco AsyncOS 8.x before 8.0.8-113, 8.1.x and 8.5.x before 8.5.3-051, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance (WSA) devices allows remote authenticated users to obtain root privileges via crafted certificate-generation arguments, aka Bug ID CSCus83445.
23 CVE-2015-6008 78 Exec Code 2015-09-27 2015-09-28
7.5
None Remote Low Not required Partial Partial Partial
install.php in Web Reference Database (aka refbase) through 0.9.6 allows remote attackers to execute arbitrary commands via the adminPassword parameter, a different issue than CVE-2015-7381.
24 CVE-2015-5690 78 Exec Code Bypass 2015-09-20 2015-09-21
8.5
None Remote Medium Single system Complete Complete Complete
The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to bypass intended access restrictions and execute arbitrary commands by leveraging a "redirect."
25 CVE-2015-5673 78 Exec Code 2015-11-03 2015-11-04
6.5
None Remote Low Single system Partial Partial Partial
eventapp/lib/gcloud.rb in the ISUCON5 qualifier portal (aka eventapp) web application before 2015-10-30 makes improper popen calls, which allows remote attackers to execute arbitrary commands via an HTTP request that includes shell metacharacters in an argument to a "gcloud compute" command.
26 CVE-2015-5672 78 Exec Code 2015-11-06 2015-11-06
10.0
None Remote Low Not required Complete Complete Complete
TYPE-MOON Fate/stay night, Fate/hollow ataraxia, Witch on the Holy Night, and Fate/stay night + hollow ataraxia set allow remote attackers to execute arbitrary OS commands via crafted saved data.
27 CVE-2015-5018 78 Exec Code 2016-01-02 2016-01-06
8.5
None Remote Medium Single system Complete Complete Complete
IBM Security Access Manager for Web 7.0.0 before FP19 and 8.0 before 8.0.1.3 IF3, and Security Access Manager 9.0 before 9.0.0.0 IF1, allows remote authenticated users to execute arbitrary OS commands by leveraging Local Management Interface (LMI) access.
28 CVE-2015-4956 78 Exec Code 2016-02-14 2016-02-29
6.5
None Remote Low Single system Partial Partial Partial
The Web UI in IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 allows remote authenticated users to execute unspecified OS commands via unknown vectors.
29 CVE-2015-4718 78 Exec Code 2015-10-21 2015-10-22
9.0
None Remote Low Single system Complete Complete Complete
The external SMB storage driver in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 allows remote authenticated users to execute arbitrary SMB commands via a ; (semicolon) character in a file.
30 CVE-2015-4330 78 Exec Code +Priv 2015-09-02 2015-09-03
6.9
None Local Medium Not required Complete Complete Complete
A local file script in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges for OS command execution via invalid parameters, aka Bug ID CSCuv10556.
31 CVE-2015-4279 78 +Priv 2015-07-20 2015-07-21
7.2
None Local Low Not required Complete Complete Complete
The Manager component in Cisco Unified Computing System (UCS) 2.2(3b) on B Blade Server devices allows local users to gain privileges for executing arbitrary CLI commands by leveraging access to the subordinate fabric interconnect, aka Bug ID CSCut32778.
32 CVE-2015-4244 78 Exec Code 2015-07-10 2015-07-10
7.2
None Local Low Not required Complete Complete Complete
The boot implementation on Cisco ASR 5000 and 5500 devices with software 14.0 allows local users to execute arbitrary Linux commands by leveraging administrative privileges for storage of these commands in a Compact Flash (CF) file, aka Bug ID CSCuu75278.
33 CVE-2015-4237 78 Exec Code 2015-07-03 2015-07-10
4.6
None Local Low Not required Partial Partial Partial
The CLI parser in Cisco NX-OS 4.1(2)E1(1), 6.2(11b), 6.2(12), 7.2(0)ZZ(99.1), 7.2(0)ZZ(99.3), and 9.1(1)SV1(3.1.8) on Nexus devices allows local users to execute arbitrary OS commands via crafted characters in a filename, aka Bug IDs CSCuv08491, CSCuv08443, CSCuv08480, CSCuv08448, CSCuu99291, CSCuv08434, and CSCuv08436.
34 CVE-2015-4224 78 Exec Code 2015-06-26 2015-06-26
7.2
None Local Low Not required Complete Complete Complete
Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0) allow local users to execute arbitrary OS commands in a privileged context via crafted CLI commands, aka Bug ID CSCuj39474.
35 CVE-2015-4186 78 Exec Code +Priv 2015-06-17 2015-06-17
7.2
Admin Local Low Not required Complete Complete Complete
The diagnostics subsystem in the administrative web interface on Cisco Virtualization Experience (aka VXC) Client 6215 devices with firmware 11.2(27.4) allows local users to gain privileges for OS command execution via a crafted option value, aka Bug ID CSCug54412.
36 CVE-2015-4183 78 Exec Code +Priv 2015-06-17 2015-06-17
7.2
None Local Low Not required Complete Complete Complete
Cisco UCS Central Software 1.2(1a) allows local users to gain privileges for OS command execution via a crafted CLI parameter, aka Bug ID CSCut32795.
37 CVE-2015-2980 78 Exec Code +Info 2015-08-07 2015-08-10
6.8
None Remote Medium Not required Partial Partial Partial
The Yodobashi application 1.2.1.0 and earlier for Android allows remote attackers to execute arbitrary Java methods, and consequently obtain sensitive information or execute OS commands, via a crafted HTML document.
38 CVE-2015-2979 78 Exec Code 2015-07-29 2015-07-29
7.5
None Remote Low Not required Partial Partial Partial
Webservice-DIC yoyaku_v41 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
39 CVE-2015-2955 78 Exec Code 2015-06-13 2015-06-15
7.5
None Remote Low Not required Partial Partial Partial
Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.
40 CVE-2015-2845 78 Exec Code 2015-05-12 2015-05-14
10.0
None Remote Low Not required Complete Complete Complete
The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1421902800 allows remote attackers to execute arbitrary commands via the $type portion of the PATH_INFO.
41 CVE-2015-2844 78 Exec Code 2015-05-12 2015-05-14
10.0
None Remote Low Not required Complete Complete Complete
The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1420434000 allows remote attackers to execute arbitrary commands via the $action portion of the PATH_INFO.
42 CVE-2015-1388 78 Exec Code 2015-03-24 2015-03-26
7.2
None Local Low Not required Complete Complete Complete
The "RAP console" feature in ArubaOS 5.x through 6.2.x, 6.3.x before 6.3.1.15, and 6.4.x before 6.4.2.4 on Aruba access points in Remote Access Point (AP) mode allows remote attackers to execute arbitrary commands via unspecified vectors.
43 CVE-2015-0977 78 Exec Code 2015-02-26 2015-02-27
10.0
None Remote Low Not required Complete Complete Complete
Network Vision IntraVue before 2.3.0a14 on Windows allows remote attackers to execute arbitrary OS commands via unspecified vectors.
44 CVE-2015-0525 78 Exec Code 2015-03-12 2015-09-10
7.5
None Remote Low Not required Partial Partial Partial
The Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
45 CVE-2014-9727 78 1 Exec Code 2015-05-29 2016-04-06
10.0
None Remote Low Not required Complete Complete Complete
AVM Fritz!Box allows remote attackers to execute arbitrary commands via shell metacharacters in the var:lang parameter to cgi-bin/webcm.
46 CVE-2014-9284 78 Exec Code 2015-06-08 2015-06-16
7.7
None Local Network Low Single system Complete Complete Complete
The Buffalo WHR-1166DHP 1.60 and earlier, WSR-600DHP 1.60 and earlier, WHR-600D 1.60 and earlier, WHR-300HP2 1.60 and earlier, WMR-300 1.60 and earlier, WEX-300 1.60 and earlier, and BHR-4GRV2 1.04 and earlier routers allow remote authenticated users to execute arbitrary OS commands via unspecified vectors.
47 CVE-2014-8387 78 Exec Code 2014-11-20 2014-11-20
9.0
None Remote Low Single system Complete Complete Complete
cgi/utility.cgi in Advantech EKI-6340 2.05 Wi-Fi Mesh Access Point allows remote authenticated users to execute arbitrary commands via shell metacharacters in the pinghost parameter to ping.cgi.
48 CVE-2014-8334 78 Exec Code 2014-10-31 2014-11-03
6.5
None Remote Low Single system Partial Partial Partial
The WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) $backup['filepath'] (aka "Path to Backup:" field) or (2) $backup['mysqldumppath'] variable.
49 CVE-2014-7269 78 Exec Code 2015-02-01 2015-02-03
6.5
None Remote Low Single system Partial Partial Partial
ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allow remote authenticated users to execute arbitrary OS commands via unspecified vectors.
50 CVE-2014-7253 78 Exec Code 2014-12-05 2014-12-08
7.2
None Local Low Not required Complete Complete Complete
FUJITSU F-12C, ARROWS Tab LTE F-01D, ARROWS Kiss F-03D, and REGZA Phone T-01D for Android allows local users to execute arbitrary commands via unspecified vectors.
Total number of vulnerabilities : 196   Page : 1 (This Page)2 3 4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.