Vulmon
Recent Vulnerabilities
Trends
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
command injection vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2015-9059
picocom before 2.0 has a command injection vulnerability in the 'send and receive file' command because the command line is executed by /bin/sh unsafely....
Picocom Project
Picocom
7.5
CVSSv2
CVE-2005-3750
Opera before 8.51 on Linux and Unix systems allows remote attackers to execute arbitrary code via shell metacharacters (backticks) in a URL that another product provides in a command line argument when launching Opera....
Opera Software
Opera Web Browser
4.6
CVSSv2
CVE-2017-1000159
Command injection in evince via filename when printing to PDF. This affects versions earlier than 3.25.91....
Gnome
Evince
4.3
CVSSv2
CVE-2006-0188
webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter. NOTE: this has been called a cross-site scripting (XSS) issue, but it is different than what is normally identified as...
Squirrelmail
4.3
CVSSv2
CVE-2006-0195
Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via style sheet specifiers with invalid (1) "/*" and "*/" comments, or (2) a newline in a "url"...
Squirrelmail
5
CVSSv2
CVE-2006-0377
CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary IMAP commands via newline characters in the mailbox parameter of the sqimap_mailbox_select command, aka "IMAP injection."...
Squirrelmail
9
CVSSv2
CVE-2012-3366
The Trigger plugin in bcfg2 1.2.x before 1.2.3 allows remote attackers with root access to the client to execute arbitrary commands via shell metacharacters in the UUID field to the server process (bcfg2-server)....
Anl
Bcfg2
10
CVSSv2
CVE-2014-7169
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by...
Gnu
Bash
32 Github repositories available
6 Articles available
10
CVSSv2
CVE-2014-7186
The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted use of here documents, aka the...
Gnu
Bash
2 EDB exploits available
14 Github repositories available
3 Articles available
10
CVSSv2
CVE-2014-7187
Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the...
Gnu
Bash
2 EDB exploits available
13 Github repositories available
2 Articles available
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
maximo asset management
CVE-2020-6291
disclosure management
CVE-2020-15105
CVE-2020-4511
application delivery controller firmware
qradar security information and event manager
CVE-2020-10045
CVE-2020-8196
client side
insecure direct object reference
wireless
CVE-2020-5902
1
2
3
4
5
NEXT »
Vulmon