Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2018-02-02 CVE-2014-1834 Command Injection vulnerability in Echor Project Echor 0.1.6
The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to inject arbitrary code by adding a semi-colon in their username or password.
local
low complexity
echor-project CWE-77
7.8
2018-01-26 CVE-2017-14593 Command Injection vulnerability in Atlassian Sourcetree
Sourcetree for Windows had several argument and command injection bugs in Mercurial and Git repository handling.
network
low complexity
atlassian CWE-77
8.8
2018-01-26 CVE-2017-14592 Command Injection vulnerability in Atlassian Sourcetree
Sourcetree for macOS had several argument and command injection bugs in Mercurial and Git repository handling.
network
low complexity
atlassian CWE-77
8.8
2018-01-12 CVE-2016-0324 Command Injection vulnerability in IBM Security Identity Manager Virtual Appliance
IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote authenticated users to execute arbitrary code with administrator privileges via unspecified vectors.
network
low complexity
ibm CWE-77
8.8
2018-01-10 CVE-2018-0007 Command Injection vulnerability in Juniper Junos
An unauthenticated network-based attacker able to send a maliciously crafted LLDP packet to the local segment, through a local segment broadcast, may be able to cause a Junos device to enter an improper boundary check condition allowing a memory corruption to occur, leading to a denial of service.
network
low complexity
juniper CWE-77
critical
9.8
2017-12-11 CVE-2017-15940 Command Injection vulnerability in Paloaltonetworks Pan-Os
The web interface packet capture management component in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote authenticated users to execute arbitrary code via unspecified vectors.
network
low complexity
paloaltonetworks CWE-77
critical
9.8
2017-12-04 CVE-2017-15889 Command Injection vulnerability in Synology Diskstation Manager
Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) before 5.2-5967-5 allows remote authenticated users to execute arbitrary commands via disk field.
network
low complexity
synology CWE-77
8.8
2017-11-30 CVE-2017-12352 Command Injection vulnerability in Cisco Application Policy Infrastructure Controller 2.3(1F)
A vulnerability in certain system script files that are installed at boot time on Cisco Application Policy Infrastructure Controllers could allow an authenticated, local attacker to gain elevated privileges and execute arbitrary commands with root privileges on an affected host operating system.
local
low complexity
cisco CWE-77
6.7
2017-11-30 CVE-2017-12341 Command Injection vulnerability in Cisco Nx-Os and Unified Computing System
A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack.
local
low complexity
cisco CWE-77
6.7
2017-11-30 CVE-2017-12339 Command Injection vulnerability in Cisco LAN Switch Software and Nx-Os
A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack.
local
low complexity
cisco CWE-77
5.7