Vulnerabilities (CVE)

Filtered by CWE-77
Total 3413 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-5330 1 Ui 1 Airos 2026-06-16 5.0 MEDIUM 9.8 CRITICAL
On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show AP info) because the ifname variable is not sanitized, as demonstrated by shell metacharacters. The fixed version is v4.0.1 for 802.11 ISP products, v5.3.5 for AirMax ISP products, and v5.4.5 for AirSync firmware. For example, Nanostation5 (Air OS) is affected.
CVE-2010-4345 4 Canonical, Debian, Exim and 1 more 4 Ubuntu Linux, Debian Linux, Exim and 1 more 2026-06-16 6.9 MEDIUM 7.8 HIGH
Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.
CVE-2010-2008 3 Canonical, Fedoraproject, Oracle 3 Ubuntu Linux, Fedora, Mysql 2026-06-16 3.5 LOW N/A
MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory.
CVE-2010-0136 3 Apache, Canonical, Debian 3 Openoffice, Ubuntu Linux, Debian Linux 2026-06-16 9.3 HIGH N/A
OpenOffice.org (OOo) 2.0.4, 2.4.1, and 3.1.1 does not properly enforce Visual Basic for Applications (VBA) macro security settings, which allows remote attackers to run arbitrary macros via a crafted document.
CVE-2009-5157 1 Linksys 2 Wag54g2, Wag54g2 Firmware 2026-06-16 9.0 HIGH 8.8 HIGH
On Linksys WAG54G2 1.00.10 devices, there is authenticated command injection via shell metacharacters in the setup.cgi c4_ping_ipaddr variable.
CVE-2009-5156 1 Veracomp 2 Asmax Ar-804gu, Asmax Ar-804gu Firmware 2026-06-16 10.0 HIGH 9.8 CRITICAL
An issue was discovered on ASMAX AR-804gu 66.34.1 devices. There is Command Injection via the cgi-bin/script query string.
CVE-2008-7319 1 Net-ping-external Project 1 Net-ping-external 2026-06-16 10.0 HIGH 9.8 CRITICAL
The Net::Ping::External extension through 0.15 for Perl does not properly sanitize arguments (e.g., invalid hostnames) containing shell metacharacters before use of backticks in External.pm, allowing for shell command injection and arbitrary command execution if untrusted input is used.
CVE-2008-7315 1 Cpan 1 Ui\ 2026-06-16 7.5 HIGH 9.8 CRITICAL
UI-Dialog 1.09 and earlier allows remote attackers to execute arbitrary commands.
CVE-2008-7313 3 Nagios, Redhat, Snoopy 3 Nagios, Openstack, Snoopy 2026-06-16 7.5 HIGH 9.8 CRITICAL
The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796.
CVE-2007-3010 1 Al-enterprise 1 Omnipcx Enterprise Communication Server 2026-06-16 10.0 HIGH 9.8 CRITICAL
masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action.
CVE-2005-2793 1 Phpldapadmin Project 1 Phpldapadmin 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to execute arbitrary PHP code via the custom_welcome_page parameter.
CVE-2005-2773 1 Hp 1 Openview Network Node Manager 2026-06-16 7.5 HIGH 9.8 CRITICAL
HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) node parameter to connectedNodes.ovpl, (2) cdpView.ovpl, (3) freeIPaddrs.ovpl, and (4) ecscmg.ovpl.
CVE-1999-0039 1 Sgi 1 Irix 2026-06-16 7.5 HIGH 7.3 HIGH
webdist CGI program (webdist.cgi) in SGI IRIX allows remote attackers to execute arbitrary commands via shell metacharacters in the distloc parameter.