Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-04-11 | CVE-2016-4446 | Command Injection vulnerability in multiple products The allow_execstack plugin for setroubleshoot allows local users to execute arbitrary commands by triggering an execstack SELinux denial with a crafted filename, related to the commands.getoutput function. | 7.0 |
2017-04-11 | CVE-2016-4445 | Command Injection vulnerability in multiple products The fix_lookup_id function in sealert in setroubleshoot before 3.2.23 allows local users to execute arbitrary commands as root by triggering an SELinux denial with a crafted file name, related to executing external commands with the commands.getstatusoutput function. | 7.0 |
2017-04-11 | CVE-2016-4444 | Command Injection vulnerability in multiple products The allow_execmod plugin for setroubleshoot before 3.2.23 allows local users to execute arbitrary commands by triggering an execmod SELinux denial with a crafted binary filename, related to the commands.getstatusoutput function. | 7.0 |
2017-04-10 | CVE-2016-10322 | Command Injection vulnerability in Synology Photo Station Synology Photo Station before 6.3-2958 allows remote authenticated guest users to execute arbitrary commands via shell metacharacters in the X-Forwarded-For HTTP header to photo/login.php. | 8.8 |
2017-04-10 | CVE-2016-6534 | Command Injection vulnerability in Opmantek Network Management Information System 4.3.6F/8.5.10G Opmantek NMIS before 4.3.7c has command injection via man, finger, ping, trace, and nslookup in the tools.pl CGI script. | 7.5 |
2017-04-10 | CVE-2016-5067 | Command Injection vulnerability in Sierrawireless Aleos Firmware 4.3.2 Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Hayes AT command injection. | 8.8 |
2017-04-10 | CVE-2016-5065 | Command Injection vulnerability in Sierrawireless Aleos Firmware 4.3.2 Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Embedded_Ace_Set_Task.cgi command injection. | 9.8 |
2017-04-03 | CVE-2016-10312 | Command Injection vulnerability in Jensenofscandinavia Al3G Firmware, Al5000Ac Firmware and Al59300 Firmware Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. | 9.8 |
2017-04-02 | CVE-2016-8801 | Command Injection vulnerability in Huawei Oceanstor 5600 V3 Firmware V300R003C00/V300R003C00C10 Huawei OceanStor 5600 V3 with V300R003C00C10 and earlier versions allows attackers with administrator privilege to inject a command into a specific command's parameters, and run this injected command with root privilege. | 7.2 |
2017-03-31 | CVE-2014-9114 | Command Injection vulnerability in multiple products Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code. | 7.8 |