Vulnerabilities > Argument Injection or Modification
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-23 | CVE-2018-3856 | Argument Injection or Modification vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17 An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. | 9.9 |
| 2018-07-24 | CVE-2018-13386 | Argument Injection or Modification vulnerability in Atlassian Sourcetree There was an argument injection vulnerability in Sourcetree for Windows via filenames in Mercurial repositories. | 6.8 |
| 2018-07-24 | CVE-2018-13385 | Argument Injection or Modification vulnerability in Atlassian Sourcetree There was an argument injection vulnerability in Sourcetree for macOS via filenames in Mercurial repositories. | 7.5 |
| 2018-07-18 | CVE-2018-0345 | Argument Injection or Modification vulnerability in Cisco products A vulnerability in the configuration and management database of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary commands with the privileges of the vmanage user in the configuration management system of the affected software. | 9.0 |
| 2018-05-11 | CVE-2018-10992 | Argument Injection or Modification vulnerability in Lilypond 2.19.80 lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument, because the GNU Guile code uses the system Scheme procedure instead of the system* Scheme procedure. | 7.5 |
| 2017-11-29 | CVE-2017-14591 | Argument Injection or Modification vulnerability in Atlassian Crucible and Fisheye Atlassian Fisheye and Crucible versions less than 4.4.3 and version 4.5.0 are vulnerable to argument injection through filenames in Mercurial repositories, allowing attackers to execute arbitrary code on a system running the impacted software. | 9.3 |
| 2017-06-16 | CVE-2016-1000222 | Argument Injection or Modification vulnerability in Elastic Logstash Logstash prior to version 2.1.2, the CSV output can be attacked via engineered input that will create malicious formulas in the CSV data. | 5.0 |
| 2016-12-30 | CVE-2016-10033 | Argument Injection or Modification vulnerability in multiple products The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property. | 9.8 |
| 2004-07-07 | CVE-2004-0473 | Argument Injection or Modification vulnerability in Opera Browser Argument injection vulnerability in Opera before 7.50 does not properly filter "-" characters that begin a hostname in a telnet URI, which allows remote attackers to insert options to the resulting command line and overwrite arbitrary files via (1) the "-f" option on Windows XP or (2) the "-n" option on Linux. | 2.6 |