Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-23 | CVE-2014-3741 | Command Injection vulnerability in Node-Printer Project Node-Printer 0.0.1 The printDirect function in lib/printer.js in the node-printer module 0.0.1 and earlier for Node.js allows remote attackers to execute arbitrary commands via unspecified characters in the lpr command. | 9.8 |
| 2017-10-23 | CVE-2013-7377 | Command Injection vulnerability in Codem-Transcode Project Codem-Transcode The codem-transcode module before 0.5.0 for Node.js, when ffprobe is enabled, allows remote attackers to execute arbitrary commands via a POST request to /probe. | 8.1 |
| 2017-10-17 | CVE-2015-7806 | Command Injection vulnerability in Form Manager Project Form Manager 1.7.2 Eval injection vulnerability in the fm_saveHelperGatherItems function in ajax.php in the Form Manager plugin before 1.7.3 for WordPress allows remote attackers to execute arbitrary code via unspecified vectors. | 9.8 |
| 2017-10-17 | CVE-2014-9118 | Command Injection vulnerability in Dasanzhone Znid 2426A Firmware The web administrative portal in Zhone zNID GPON 2426A before S3.0.501 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddr parameter to zhnping.cmd. | 8.8 |
| 2017-10-13 | CVE-2016-4922 | Command Injection vulnerability in Juniper Junos Certain combinations of Junos OS CLI commands and arguments have been found to be exploitable in a way that can allow unauthorized access to the operating system. | 7.8 |
| 2017-10-11 | CVE-2013-6924 | Command Injection vulnerability in Seagate Blackarmor NAS 220 Firmware Sg20002000.1331 Seagate BlackArmor NAS devices with firmware sg2000-2000.1331 allow remote attackers to execute arbitrary commands via shell metacharacters in the ip parameter to backupmgt/getAlias.php. | 9.8 |
| 2017-10-10 | CVE-2008-7315 | Command Injection vulnerability in Cpan Ui::Dialog UI-Dialog 1.09 and earlier allows remote attackers to execute arbitrary commands. | 9.8 |
| 2017-10-06 | CVE-2017-13069 | Command Injection vulnerability in Qnap Music Station QNAP discovered a number of command injection vulnerabilities found in Music Station versions 4.8.6 (for QTS 4.2.x), 5.0.7 (for QTS 4.3.x), and earlier. | 9.8 |
| 2017-10-03 | CVE-2015-7841 | Command Injection vulnerability in Huawei products The login page of the server on Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with software before V100R003C00SPC602, RH2288A V2 with software before V100R002C00SPC701, RH1288A V2 with software before V100R002C00SPC502, RH8100 V3 with software before V100R003C00SPC110, CH222 V3 with software before V100R001C00SPC161, CH220 V3 with software before V100R001C00SPC161, and CH121 V3 with software before V100R001C00SPC161 allows remote attackers to bypass access restrictions and enter commands via unspecified parameters, as demonstrated by a "user creation command." | 9.8 |
| 2017-10-03 | CVE-2015-6971 | Command Injection vulnerability in Lenovo System Update 5.06.0027/5.06.0034 Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0013 allows local users to submit commands to the System Update service (SUService.exe) and gain privileges by launching signed Lenovo executables. | 7.8 |