Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2018-04-24 CVE-2017-2832 Command Injection vulnerability in Foscam C1 Firmware 2.52.2.37
An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37.
network
low complexity
foscam CWE-77
7.2
2018-04-12 CVE-2014-8888 Command Injection vulnerability in Dlink Dir-815 Firmware 2.03.B02
The remote administration interface in D-Link DIR-815 devices with firmware before 2.03.B02 allows remote attackers to execute arbitrary commands via vectors related to an "HTTP command injection issue."
network
low complexity
dlink CWE-77
critical
9.8
2018-04-12 CVE-2014-6120 Command Injection vulnerability in IBM Rational Appscan Source and Security Appscan Source
IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through 8.5.0.1 and Security AppScan Source 8.6 through 8.6.0.2, 8.7 through 8.7.0.1, 8.8, 9.0 through 9.0.0.1, and 9.0.1 allow remote attackers to execute arbitrary commands on the installation server via unspecified vectors.
network
low complexity
ibm CWE-77
critical
9.8
2018-04-12 CVE-2014-6633 Command Injection vulnerability in Tryton
The safe_eval function in trytond in Tryton before 2.4.15, 2.6.x before 2.6.14, 2.8.x before 2.8.11, 3.0.x before 3.0.7, and 3.2.x before 3.2.3 allows remote authenticated users to execute arbitrary commands via shell metacharacters in (1) the collection.domain in the webdav module or (2) the formula field in the price_list module.
network
low complexity
tryton CWE-77
8.8
2018-04-10 CVE-2014-3114 Command Injection vulnerability in Ezpz-One-Click-Backup Project Ezpz-One-Click-Backup
The EZPZ One Click Backup (ezpz-one-click-backup) plugin 12.03.10 and earlier for WordPress allows remote attackers to execute arbitrary commands via the cmd parameter to functions/ezpz-archive-cmd.php.
network
low complexity
ezpz-one-click-backup-project CWE-77
critical
9.8
2018-04-03 CVE-2017-7161 Command Injection vulnerability in multiple products
An issue was discovered in certain Apple products.
network
low complexity
apple canonical CWE-77
8.8
2018-02-19 CVE-2018-5439 Command Injection vulnerability in Nortekcontrol Emerge E3 Firmware 0.3207E
A Command Injection issue was discovered in Nortek Linear eMerge E3 series Versions V0.32-07e and prior.
network
low complexity
nortekcontrol CWE-77
critical
9.8
2018-02-15 CVE-2016-8523 Command Injection vulnerability in HP Smart Storage Administrator
A Remote Arbitrary Code Execution vulnerability in HPE Smart Storage Administrator version before v2.60.18.0 was found.
network
low complexity
hp CWE-77
8.8
2018-02-13 CVE-2017-1720 Command Injection vulnerability in IBM Client Application Access and Notes
IBM Notes 8.5 and 9.0 could allow a local attacker to execute arbitrary commands by carefully crafting a command line sent via the shared memory IPC.
local
low complexity
ibm CWE-77
5.3
2018-02-12 CVE-2016-5397 Command Injection vulnerability in Apache Thrift
The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool.
network
low complexity
apache CWE-77
8.8