CVE List - 2015 / May
Showing 201 - 300 of 410 CVEs for May 2015 (Page 3 of 5)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2015-0717 | 2015-05-16 | Cisco Unified Communications Manager 10.0(1.10000.12) allows local users to gain privileges via a command string in an unspecified parameter, aka Bug ID CSCut19546. |
| CVE-2015-0723 | 2015-05-16 | The wireless web-authentication subsystem on Cisco Wireless LAN Controller (WLC) devices 7.5.x and 7.6.x before 7.6.120 allows remote attackers to cause a denial of service (process crash and device restart)... |
| CVE-2015-0726 | 2015-05-16 | The web administration interface on Cisco Wireless LAN Controller (WLC) devices before 7.0.241, 7.1.x through 7.4.x before 7.4.122, and 7.5.x and 7.6.x before 7.6.120 allows remote authenticated users to cause... |
| CVE-2015-0729 | 2015-05-16 | Cross-site scripting (XSS) vulnerability in Cisco Secure Access Control Server Solution Engine (ACSE) 5.5(0.1) allows remote attackers to inject arbitrary web script or HTML via a file-inclusion attack, aka Bug... |
| CVE-2015-0730 | 2015-05-16 | The SMB module in Cisco Wide Area Application Services (WAAS) 6.0(1) allows remote attackers to cause a denial of service (module reload) via an invalid field in a Negotiate Protocol... |
| CVE-2014-9204 | 2015-05-17 | Stack-based buffer overflow in OPCTest.exe in Rockwell Automation RSLinx Classic before 3.73.00 allows remote attackers to execute arbitrary code via a crafted CSV file. |
| CVE-2015-0735 | 2015-05-17 | Cross-site request forgery (CSRF) vulnerability in Cisco Unified Customer Voice Portal (CVP) 10.5(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut93970. |
| CVE-2015-0738 | 2015-05-17 | Cross-site scripting (XSS) vulnerability in the Web Tracking Report page on Cisco Web Security Appliance (WSA) devices 8.5.0-497 allows remote attackers to inject arbitrary web script or HTML via an... |
| CVE-2014-8383 | 2015-05-18 | The InFocus IN3128HD projector with firmware 0.26 allows remote attackers to bypass authentication via a direct request to main.html. |
| CVE-2014-8384 | 2015-05-18 | The InFocus IN3128HD projector with firmware 0.26 does not restrict access to cgi-bin/webctrl.cgi.elf, which allows remote attackers to modify the DHCP server and device IP configuration, reboot the device, change... |
| CVE-2015-0278 | 2015-05-18 | libuv before 0.10.34 does not properly drop group privileges, which allows context-dependent attackers to gain privileges via unspecified vectors. |
| CVE-2015-1868 | 2015-05-18 | The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote attackers... |
| CVE-2015-2346 | 2015-05-18 | XML external entity (XXE) vulnerability in Huawei SEQ Analyst before V200R002C03LG0001CP0022 allows remote authenticated users to read arbitrary files via the req parameter. |
| CVE-2015-2667 | 2015-05-18 | Untrusted search path vulnerability in GNS3 1.2.3 allows local users to gain privileges via a Trojan horse uuid.dll in an unspecified directory. |
| CVE-2015-2704 | 2015-05-18 | realmd allows remote attackers to inject arbitrary configurations in to sssd.conf and smb.conf via a newline character in an LDAP response. |
| CVE-2015-3306 | 2015-05-18 | The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands. |
| CVE-2015-3455 | 2015-05-18 | Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509... |
| CVE-2015-3627 | 2015-05-18 | Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in... |
| CVE-2015-3629 | 2015-05-18 | Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in... |
| CVE-2015-3630 | 2015-05-18 | Docker Engine before 1.6.1 uses weak permissions for (1) /proc/asound, (2) /proc/timer_stats, (3) /proc/latency_stats, and (4) /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform... |
| CVE-2015-3631 | 2015-05-18 | Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules (LSM) and docker_t policies via an image that allows volumes to override files in /proc. |
| CVE-2015-0739 | 2015-05-19 | The Lights-Out Management (LOM) implementation in Cisco FireSIGHT System Software 5.3.0 on Sourcefire 3D Sensor devices allows remote authenticated users to perform arbitrary Baseboard Management Controller (BMC) file uploads via... |
| CVE-2015-0267 | 2015-05-19 | The Red Hat module-setup.sh script for kexec-tools, as distributed in the kexec-tools before 2.0.7-19 packages in Red Hat Enterprise Linux, allows local users to write to arbitrary files via a... |
| CVE-2015-1845 | 2015-05-19 | Buffer overflow in the EntrReadArch function in unzoo might allow remote attackers to execute arbitrary code via unspecified vectors. |
| CVE-2015-1846 | 2015-05-19 | unzoo allows remote attackers to cause a denial of service (infinite loop and resource consumption) via unspecified vectors to the (1) ExtrArch or (2) ListArch function, related to pointer handling. |
| CVE-2015-3407 | 2015-05-19 | Module::Signature before 0.74 allows remote attackers to bypass signature verification for files via a signature file that does not list the files. |
| CVE-2015-3408 | 2015-05-19 | Module::Signature before 0.74 allows remote attackers to execute arbitrary shell commands via a crafted SIGNATURE file which is not properly handled when generating checksums from a signed manifest. |
| CVE-2015-3409 | 2015-05-19 | Untrusted search path vulnerability in Module::Signature before 0.75 allows local users to gain privileges via a Trojan horse module under the current working directory, as demonstrated by a Trojan horse... |
| CVE-2015-3885 | 2015-05-19 | Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow,... |
| CVE-2015-3988 | 2015-05-19 | Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2015.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the metadata to a (1) Glance image, (2)... |
| CVE-2015-0740 | 2015-05-20 | Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus28826. |
| CVE-2015-1920 | 2015-05-20 | IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.47, 7.0 before 7.0.0.39, 8.0 before 8.0.0.11, and 8.5 before 8.5.5.6 allows remote attackers to execute arbitrary code by sending crafted instructions in... |
| CVE-2014-6211 | 2015-05-20 | The command-line scripts in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 through 7.0.0.9, and 7.0 Feature Pack 2 through 8, when debugging is configured, do not properly restrict the logging... |
| CVE-2014-4776 | 2015-05-20 | IBM License Metric Tool 9 before 9.1.0.2 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an... |
| CVE-2014-8924 | 2015-05-20 | The server in IBM License Metric Tool 7.2.2 before IF15 and 7.5 before IF24 and Tivoli Asset Discovery for Distributed 7.2.2 before IF15 and 7.5 before IF24 allows remote attackers... |
| CVE-2015-0189 | 2015-05-20 | The cluster repository manager in IBM WebSphere MQ 7.5 before 7.5.0.5 and 8.0 before 8.0.0.2 allows remote authenticated administrators to cause a denial of service (memory overwrite and daemon outage)... |
| CVE-2015-1251 | 2015-05-20 | Use-after-free vulnerability in the SpeechRecognitionClient implementation in the Speech subsystem in Google Chrome before 43.0.2357.65 allows remote attackers to execute arbitrary code via a crafted document. |
| CVE-2015-1252 | 2015-05-20 | common/partial_circular_buffer.cc in Google Chrome before 43.0.2357.65 does not properly handle wraps, which allows remote attackers to bypass a sandbox protection mechanism or cause a denial of service (out-of-bounds write) via... |
| CVE-2015-1253 | 2015-05-20 | core/html/parser/HTMLConstructionSite.cpp in the DOM implementation in Blink, as used in Google Chrome before 43.0.2357.65, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that appends a... |
| CVE-2015-1254 | 2015-05-20 | core/dom/Document.cpp in Blink, as used in Google Chrome before 43.0.2357.65, enables the inheritance of the designMode attribute, which allows remote attackers to bypass the Same Origin Policy by leveraging the... |
| CVE-2015-1255 | 2015-05-20 | Use-after-free vulnerability in content/renderer/media/webaudio_capturer_source.cc in the WebAudio implementation in Google Chrome before 43.0.2357.65 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other... |
| CVE-2015-1256 | 2015-05-20 | Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 43.0.2357.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact... |
| CVE-2015-1257 | 2015-05-20 | platform/graphics/filters/FEColorMatrix.cpp in the SVG implementation in Blink, as used in Google Chrome before 43.0.2357.65, does not properly handle an insufficient number of values in an feColorMatrix filter, which allows remote... |
| CVE-2015-1258 | 2015-05-20 | Google Chrome before 43.0.2357.65 relies on libvpx code that was not built with an appropriate --size-limit value, which allows remote attackers to trigger a negative value for a size field,... |
| CVE-2015-1259 | 2015-05-20 | PDFium, as used in Google Chrome before 43.0.2357.65, does not properly initialize memory, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via... |
| CVE-2015-1260 | 2015-05-20 | Multiple use-after-free vulnerabilities in content/renderer/media/user_media_client_impl.cc in the WebRTC implementation in Google Chrome before 43.0.2357.65 allow remote attackers to cause a denial of service or possibly have unspecified other impact via... |
| CVE-2015-1261 | 2015-05-20 | android/java/src/org/chromium/chrome/browser/WebsiteSettingsPopup.java in Google Chrome before 43.0.2357.65 on Android does not properly restrict use of a URL's fragment identifier during construction of a page-info popup, which allows remote attackers to spoof... |
| CVE-2015-1262 | 2015-05-20 | platform/fonts/shaping/HarfBuzzShaper.cpp in Blink, as used in Google Chrome before 43.0.2357.65, does not initialize a certain width field, which allows remote attackers to cause a denial of service or possibly have... |
| CVE-2015-1263 | 2015-05-20 | The Spellcheck API implementation in Google Chrome before 43.0.2357.65 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or... |
| CVE-2015-1264 | 2015-05-20 | Cross-site scripting (XSS) vulnerability in Google Chrome before 43.0.2357.65 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted data that is improperly handled by the Bookmarks... |
| CVE-2015-1265 | 2015-05-20 | Multiple unspecified vulnerabilities in Google Chrome before 43.0.2357.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. |
| CVE-2015-1902 | 2015-05-20 | Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and 9.0 before 9.0.1 FP3 IF3 allows remote attackers to execute arbitrary code via a crafted BMP image, aka... |
| CVE-2015-1903 | 2015-05-20 | Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and 9.0 before 9.0.1 FP3 IF3 allows remote attackers to execute arbitrary code via a crafted BMP image, aka... |
| CVE-2015-3910 | 2015-05-20 | Multiple unspecified vulnerabilities in Google V8 before 4.3.61.21, as used in Google Chrome before 43.0.2357.65, allow attackers to cause a denial of service or possibly have other impact via unknown... |
| CVE-2012-1664 | 2015-05-20 | Multiple cross-site scripting (XSS) vulnerabilities in the admin panel in osCMax before 2.5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter in a... |
| CVE-2012-1665 | 2015-05-20 | Multiple SQL injection vulnerabilities in the admin panel in osCMax before 2.5.1 allow (1) remote attackers to execute arbitrary SQL commands via the username parameter in a process action to... |
| CVE-2012-3243 | 2015-05-20 | Cross-site scripting (XSS) vulnerability in the SEOgento plugin for Magento allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: the provenance of this information... |
| CVE-2012-6691 | 2015-05-20 | Multiple cross-site request forgery (CSRF) vulnerabilities in the admin panel in osCMax before 2.5.1 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks... |
| CVE-2015-1188 | 2015-05-20 | The certificate verification functions in the HNDS service in Swisscom Centro Grande (ADB) DSL routers with firmware before 6.14.00 allows remote attackers to access the management functions via unknown vectors. |
| CVE-2015-3990 | 2015-05-20 | The GMS ViewPoint (GMSVP) web application in Dell Sonicwall GMS, Analyzer, and UMA EM5000 before 7.2 SP4 allows remote authenticated users to execute arbitrary commands via vectors related to configuration. |
| CVE-2015-3999 | 2015-05-20 | Piriform CCleaner 3.26.0.1988 through 5.02.5101 writes the filenames to disk when overwriting files, which allows local users to obtain sensitive information by searching unallocated disk space. |
| CVE-2015-4016 | 2015-05-20 | The client detection protocol in Valve Steam allows remote attackers to cause a denial of service (process crash) via a crafted response to a broadcast packet. |
| CVE-2012-4901 | 2015-05-20 | Cross-site scripting (XSS) vulnerability in Template CMS 2.1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the themes_editor parameter in an add_template action to admin/index.php. |
| CVE-2012-4902 | 2015-05-20 | Multiple cross-site request forgery (CSRF) vulnerabilities in Template CMS 2.1.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator user via... |
| CVE-2015-3141 | 2015-05-20 | Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies Xeams 4.5 Build 5755 and earlier allow remote attackers to hijack the authentication of administrators for requests that create an (1)... |
| CVE-2015-4000 | 2015-05-21 | The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle... |
| CVE-2015-3036 | 2015-05-21 | Stack-based buffer overflow in the run_init_sbus function in the KCodes NetUSB module for the Linux kernel, as used in certain NETGEAR products, TP-LINK products, and other products, allows remote attackers... |
| CVE-2015-0741 | 2015-05-21 | Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Prime Central for Hosted Collaboration Solution (PC4HCS) 10.6(1) and earlier allow remote attackers to hijack the authentication of arbitrary users, aka Bug... |
| CVE-2015-0742 | 2015-05-21 | The Protocol Independent Multicast (PIM) application in Cisco Adaptive Security Appliance (ASA) Software 9.2(0.0), 9.2(0.104), 9.2(3.1), 9.2(3.4), 9.3(1.105), 9.3(2.100), 9.4(0.115), 100.13(0.21), 100.13(20.3), 100.13(21.9), and 100.14(1.1) does not properly implement multicast-forwarding... |
| CVE-2015-3911 | 2015-05-21 | Huawei E587 Mobile WiFi with firmware before 11.203.30.00.00 allows remote attackers to bypass authentication, change configurations, send messages, and cause a denial of service (device restart) via unspecified vectors. |
| CVE-2015-3912 | 2015-05-21 | Huawei E355s Mobile WiFi with firmware before 22.158.45.02.625 and WEBUI before 13.100.04.01.625 allows remote attackers to obtain sensitive configuration information by sniffing the network or sending unspecified commands. |
| CVE-2012-1978 | 2015-05-21 | Multiple cross-site request forgery (CSRF) vulnerabilities in Simple PHP Agenda 2.2.8 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator via... |
| CVE-2015-3647 | 2015-05-21 | Multiple cross-site scripting (XSS) vulnerabilities in wppa-ajax-front.php in the WP Photo Album Plus (aka WPPA) plugin before 6.1.3 for WordPress allow remote attackers to inject arbitrary web script or HTML... |
| CVE-2015-4018 | 2015-05-21 | SQL injection vulnerability in feedwordpresssyndicationpage.class.php in the FeedWordPress plugin before 2015.0514 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the link_ids[] parameter in an Update action... |
| CVE-2015-0746 | 2015-05-22 | The REST API in Cisco Access Control Server (ACS) 5.5(0.46.2) allows remote attackers to cause a denial of service (API outage) by sending many requests, aka Bug ID CSCut62022. |
| CVE-2015-0915 | 2015-05-22 | Cross-site scripting (XSS) vulnerability in RAKUS MailDealer 11.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted attachment filename. |
| CVE-2015-0916 | 2015-05-22 | SQL injection vulnerability in graph.php in Cacti before 0.8.6f allows remote authenticated users to execute arbitrary SQL commands via the local_graph_id parameter, a different vulnerability than CVE-2007-6035. |
| CVE-2015-0750 | 2015-05-23 | The administrative web interface in Cisco Hosted Collaboration Solution (HCS) 10.6(1) and earlier allows remote authenticated users to execute arbitrary commands via crafted input to unspecified fields, aka Bug ID... |
| CVE-2014-2174 | 2015-05-25 | Cisco TelePresence T, TelePresence TE, and TelePresence TC before 7.1 do not properly implement access control, which allows remote attackers to obtain root privileges by sending packets on the local... |
| CVE-2015-0713 | 2015-05-25 | The web framework in Cisco TelePresence Advanced Media Gateway Series Software before 1.1(1.40), Cisco TelePresence IP Gateway Series Software, Cisco TelePresence IP VCR Series Software before 3.0(1.27), Cisco TelePresence ISDN... |
| CVE-2015-0722 | 2015-05-25 | The network drivers in Cisco TelePresence T, Cisco TelePresence TE, and Cisco TelePresence TC before 7.3.2 allow remote attackers to cause a denial of service (process restart or device reload)... |
| CVE-2015-1894 | 2015-05-25 | Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere Optim Workload Replay 2.x before 2.1.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. |
| CVE-2015-1895 | 2015-05-25 | IBM InfoSphere Optim Workload Replay 2.x before 2.1.0.3 relies on client-side code to verify authorization, which allows remote attackers to bypass intended access restrictions by modifying the client behavior. |
| CVE-2015-1896 | 2015-05-25 | Stack-based buffer overflow in the FastBackMount process in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.11.1 allows remote attackers to execute arbitrary code via unspecified vectors. |
| CVE-2015-1899 | 2015-05-25 | IBM WebSphere Portal 8.5 through CF05 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. |
| CVE-2015-1909 | 2015-05-25 | The XML parser in the Reference Data Management component in the server in IBM InfoSphere Master Data Management (MDM) 10.1 before IF1, 11.0 before FP3, 11.3, and 11.4 before FP2... |
| CVE-2015-1910 | 2015-05-25 | Cross-site scripting (XSS) vulnerability in the Reference Data Management component in the server in IBM InfoSphere Master Data Management (MDM) 10.1 before IF1, 11.0 before FP3, and 11.3 allows remote... |
| CVE-2015-1911 | 2015-05-25 | Cross-site scripting (XSS) vulnerability in Sterling Order Management 8.5 before HF113, Sterling Selling and Fulfillment Foundation 9.0.0 before FP92, and Sterling Field Sales (SFS) 9.0 before HF7 in IBM Sterling... |
| CVE-2015-1915 | 2015-05-25 | The Endpoint Manager for Remote Control component in IBM Tivoli Endpoint Manager for Lifecycle Management 9.0.1 before IF6 and 9.1.0 before IF6 does not set the secure flag for the... |
| CVE-2015-1921 | 2015-05-25 | Open redirect vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF17 and 8.5.0 before CF06 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via... |
| CVE-2014-4774 | 2015-05-25 | Cross-site request forgery (CSRF) vulnerability in the login page in IBM License Metric Tool 9 before 9.1.0.2 and Endpoint Manager for Software Use Analysis 9 before 9.1.0.2 allows remote attackers... |
| CVE-2014-4778 | 2015-05-25 | IBM License Metric Tool 9 before 9.1.0.2 and Endpoint Manager for Software Use Analysis 9 before 9.1.0.2 do not send an X-Frame-Options HTTP header in response to requests for the... |
| CVE-2014-6190 | 2015-05-25 | The log viewer in IBM Workload Deployer 3.1 before 3.1.0.7 allows remote attackers to obtain sensitive information via a direct request for the URL of a log document. |
| CVE-2014-6192 | 2015-05-25 | Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5 iFix10, 6.0.5 before 6.0.5.6, and 6.0.5.5a before 6.0.5.8 allows remote authenticated users to... |
| CVE-2014-8926 | 2015-05-25 | Common Inventory Technology (CIT) before 2.7.0.2050 in IBM License Metric Tool 7.2.2, 7.5, and 9; Endpoint Manger for Software Use Analysis 9; and Tivoli Asset Discovery for Distributed 7.2.2 and... |
| CVE-2014-8927 | 2015-05-25 | Common Inventory Technology (CIT) before 2.7.0.2050 in IBM License Metric Tool 7.2.2, 7.5, and 9; Endpoint Manger for Software Use Analysis 9; and Tivoli Asset Discovery for Distributed 7.2.2 and... |
| CVE-2015-0120 | 2015-05-25 | Buffer overflow in the FastBackMount process in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.11.1 has unspecified impact and remote attack vectors. |
| CVE-2015-0140 | 2015-05-25 | An unspecified ActiveX control in IBM SPSS Statistics 22.0 through FP1 on 32-bit platforms allows remote attackers to execute arbitrary code via a crafted HTML document. |
| CVE-2015-0156 | 2015-05-25 | Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.6.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote... |
| CVE-2015-0160 | 2015-05-25 | IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to execute arbitrary commands with SYSTEM privileges via unspecified vectors. |