Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-05-12 | CVE-2015-2844 | OS Command Injection vulnerability in Goautodial Goadmin CE 3.0/3.3 The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1420434000 allows remote attackers to execute arbitrary commands via the $action portion of the PATH_INFO. | 10.0 |
| 2015-05-12 | CVE-2015-2842 | Multiple Security vulnerability in GoAutoDial GoAdmin CE 3.0/3.3 Unrestricted file upload vulnerability in go_audiostore.php in the audiostore (Voice Files) upload functionality in GoAutoDial GoAdmin CE 3.x before 3.3-1421902800 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in sounds/. | 10.0 |
| 2015-05-07 | CVE-2015-0701 | Improper Input Validation vulnerability in Cisco Unified Computing System Central Software Cisco UCS Central Software before 1.3(1a) allows remote attackers to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCut46961. | 10.0 |
| 2015-05-07 | CVE-2015-0538 | Command Injection vulnerability in EMC Autostart 5.5.0 ftagent.exe in EMC AutoStart 5.4.x and 5.5.x before 5.5.0.508 HF4 allows remote attackers to execute arbitrary commands via crafted packets. | 9.3 |
| 2015-05-01 | CVE-2015-3446 | Code Injection vulnerability in Alienvault Unified Security Management 4.14 The Framework Daemon in AlienVault Unified Security Management before 4.15 allows remote attackers to execute arbitrary Python code via a crafted plugin configuration file (.cfg). | 9.3 |
| 2015-05-01 | CVE-2015-3435 | Permissions, Privileges, and Access Controls vulnerability in Samsung Security Manager 1.30 Samsung Security Manager (SSM) before 1.31 allows remote attackers to execute arbitrary code by uploading a file with an HTTP (1) PUT or (2) MOVE request. | 10.0 |
| 2015-05-01 | CVE-2014-8361 | The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023. | 9.8 |
| 2015-04-29 | CVE-2015-3459 | Permissions, Privileges, and Access Controls vulnerability in Hospira products The communication module on the Hospira LifeCare PCA Infusion System before 7.0 does not require authentication for root TELNET sessions, which allows remote attackers to modify the pump configuration via unspecified commands. | 10.0 |
| 2015-04-27 | CVE-2015-2116 | Security vulnerability in HP Storage Data Protector Unspecified vulnerability in HP Storage Data Protector 7.x before 7.03 build 107 allows remote authenticated users to execute arbitrary code or cause a denial of service via unknown vectors. | 9.0 |
| 2015-04-27 | CVE-2015-1885 | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server WebSphereOauth20SP.ear in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.39, 8.0 before 8.0.0.11, 8.5 Liberty Profile before 8.5.5.5, and 8.5 Full Profile before 8.5.5.6, when the OAuth grant type requires sending a password, allows remote attackers to gain privileges via unspecified vectors. | 9.3 |