Total
314 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-0113 | 1 Ibm | 1 Aix | 2025-04-03 | 10.0 HIGH | N/A |
| Some implementations of rlogin allow root access if given a -froot parameter. | |||||
| CVE-2004-0489 | 1 Apple | 1 Mac Os X | 2025-04-03 | 7.6 HIGH | N/A |
| Argument injection vulnerability in the SSH URI handler for Safari on Mac OS 10.3.3 and earlier allows remote attackers to (1) execute arbitrary code via the ProxyCommand option or (2) conduct port forwarding via the -R option. | |||||
| CVE-2006-2058 | 1 Avantbrowser | 1 Avant Browser | 2025-04-03 | 5.0 MEDIUM | N/A |
| Argument injection vulnerability in Avant Browser 10.1 Build 17 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API. | |||||
| CVE-2024-47516 | 2025-03-27 | N/A | 9.8 CRITICAL | ||
| A vulnerability was found in Pagure. An argument injection in Git during retrieval of the repository history leads to remote code execution on the Pagure instance. | |||||
| CVE-2023-50232 | 1 Inductiveautomation | 1 Ignition | 2025-03-12 | N/A | 8.8 HIGH |
| Inductive Automation Ignition getParams Argument Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must connect to a malicious server. The specific flaw exists within the getParams method. The issue results from the lack of proper validation of a user-supplied string before using it to prepare an argument for a system call. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22028. | |||||
| CVE-2025-27146 | 1 Matrix | 1 Matrix Irc Bridge | 2025-03-04 | N/A | 2.7 LOW |
| matrix-appservice-irc is a Node.js IRC bridge for Matrix. The matrix-appservice-irc bridge up to version 3.0.3 contains a vulnerability which can lead to arbitrary IRC command execution as the puppeted user. The attacker can only inject commands executed as their own IRC user. The vulnerability has been patched in matrix-appservice-irc version 3.0.4. | |||||
| CVE-2023-47804 | 1 Apache | 1 Openoffice | 2025-02-13 | N/A | 8.8 HIGH |
| Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Several URI Schemes are defined for this purpose. Links can be activated by clicks, or by automatic document events. The execution of such links must be subject to user approval. In the affected versions of OpenOffice, approval for certain links is not requested; when activated, such links could therefore result in arbitrary script execution. This is a corner case of CVE-2022-47502. | |||||
| CVE-2022-47502 | 1 Apache | 1 Openoffice | 2025-02-13 | N/A | 7.8 HIGH |
| Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Several URI Schemes are defined for this purpose. Links can be activated by clicks, or by automatic document events. The execution of such links must be subject to user approval. In the affected versions of OpenOffice, approval for certain links is not requested; when activated, such links could therefore result in arbitrary script execution. | |||||
| CVE-2023-25356 | 1 Coredial | 1 Sipxcom | 2025-02-13 | N/A | 8.8 HIGH |
| CoreDial sipXcom up to and including 21.04 is vulnerable to Improper Neutralization of Argument Delimiters in a Command. XMPP users are able to inject arbitrary arguments into a system command, which can be used to read files from, and write files to, the sipXcom server. This can also be leveraged to gain remote command execution. | |||||
| CVE-2024-51532 | 1 Dell | 12 Powerstore 1000t, Powerstore 1200t, Powerstore 3000t and 9 more | 2025-01-29 | N/A | 7.1 HIGH |
| Dell PowerStore contains an Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files. | |||||
| CVE-2025-0065 | 2025-01-28 | N/A | 7.8 HIGH | ||
| Improper Neutralization of Argument Delimiters in the TeamViewer_service.exe component of TeamViewer Clients prior version 15.62 for Windows allows an attacker with local unprivileged access on a Windows system to elevate privileges via argument injection. | |||||
| CVE-2022-31749 | 2025-01-28 | N/A | 6.5 MEDIUM | ||
| An argument injection vulnerability in the diagnose and import pac commands in WatchGuard Fireware OS before 12.8.1, 12.1.4, and 12.5.10 allows an authenticated remote attacker with unprivileged credentials to upload or read files to limited, arbitrary locations on WatchGuard Firebox and XTM appliances | |||||
| CVE-2024-11633 | 1 Ivanti | 1 Connect Secure | 2025-01-17 | N/A | 9.1 CRITICAL |
| Argument injection in Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution | |||||
| CVE-2024-3367 | 1 Checkmk | 1 Checkmk | 2024-12-05 | N/A | 6.5 MEDIUM |
| Argument injection in websphere_mq agent plugin in Checkmk 2.0.0, 2.1.0, <2.2.0p26 and <2.3.0b5 allows local attacker to inject one argument to runmqsc | |||||
| CVE-2024-47611 | 2024-11-21 | N/A | N/A | ||
| XZ Utils provide a general-purpose data-compression library plus command-line tools. When built for native Windows (MinGW-w64 or MSVC), the command line tools from XZ Utils 5.6.2 and older have a command line argument injection vulnerability. If a command line contains Unicode characters (for example, filenames) that don't exist in the current legacy code page, the characters are converted to similar-looking characters with best-fit mapping. Some best-fit mappings result in ASCII characters that change the meaning of the command line, which can be exploited with malicious filenames to do argument injection or directory traversal attacks. This vulnerability is fixed in 5.6.3. Command line tools built for Cygwin or MSYS2 are unaffected. liblzma is unaffected. | |||||
| CVE-2024-32884 | 2024-11-21 | N/A | 6.4 MEDIUM | ||
| gitoxide is a pure Rust implementation of Git. `gix-transport` does not check the username part of a URL for text that the external `ssh` program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The possibilities are syntactically limited, but if a malicious clone URL is used by an application whose current working directory contains a malicious file, arbitrary code execution occurs. This is related to the patched vulnerability GHSA-rrjw-j4m2-mf34, but appears less severe due to a greater attack complexity. This issue has been patched in versions 0.35.0, 0.42.0 and 0.62.0. | |||||
| CVE-2024-31966 | 2024-11-21 | N/A | 6.2 MEDIUM | ||
| A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an authenticated attacker with administrative privilege to conduct an argument injection attack due to insufficient parameter sanitization. A successful exploit could allow an attacker to access sensitive information, modify system configuration or execute arbitrary commands. | |||||
| CVE-2024-22182 | 2024-11-21 | N/A | 8.6 HIGH | ||
| A remote, unauthenticated attacker may be able to send crafted messages to the web server of the Commend WS203VICM causing the system to restart, interrupting service. | |||||
| CVE-2023-6792 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | N/A | 5.5 MEDIUM |
| An OS command injection vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated API user to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall. | |||||
| CVE-2023-6269 | 1 Atos | 3 Unify Openscape Bcf, Unify Openscape Branch, Unify Openscape Session Border Controller | 2024-11-21 | N/A | 10.0 CRITICAL |
| An argument injection vulnerability has been identified in the administrative web interface of the Atos Unify OpenScape products "Session Border Controller" (SBC) and "Branch", before version V10 R3.4.0, and OpenScape "BCF" before versions V10R10.12.00 and V10R11.05.02. This allows an unauthenticated attacker to gain root access to the appliance via SSH (scope change) and also bypass authentication for the administrative interface and gain access as an arbitrary (administrative) user. | |||||