Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2017-03-31 CVE-2014-5009 Command Injection vulnerability in multiple products
Snoopy allows remote attackers to execute arbitrary commands.
network
low complexity
snoopy redhat nagios CWE-77
critical
9.8
2017-03-31 CVE-2014-5008 Command Injection vulnerability in multiple products
Snoopy allows remote attackers to execute arbitrary commands.
network
low complexity
snoopy redhat debian CWE-77
critical
9.8
2017-03-31 CVE-2008-7313 Command Injection vulnerability in multiple products
The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands.
network
low complexity
snoopy redhat nagios CWE-77
critical
9.8
2017-03-30 CVE-2017-6184 Command Injection vulnerability in Sophos web Appliance
In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via the token parameter, aka NSWA-1303.
network
low complexity
sophos CWE-77
4.7
2017-03-30 CVE-2017-6183 Command Injection vulnerability in Sophos web Appliance
In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's configuration utilities for adding (and detecting) Active Directory servers was vulnerable to remote command injection, aka NSWA-1314.
network
low complexity
sophos CWE-77
7.2
2017-03-20 CVE-2016-4929 Command Injection vulnerability in Juniper Junos Space
Command injection vulnerability in Junos Space before 15.2R2 allows attackers to execute arbitrary code as a root user.
network
low complexity
juniper CWE-77
8.8
2017-03-14 CVE-2015-8988 Command Injection vulnerability in Mcafee EPO Deep Command 2.1/2.2
Unquoted executable path vulnerability in Client Management and Gateway components in McAfee (now Intel Security) ePO Deep Command (eDC) 2.2 and 2.1 allows authenticated users to execute a command of their choice via dropping a malicious file for the path.
network
low complexity
mcafee CWE-77
8.8
2017-03-13 CVE-2017-5675 Command Injection vulnerability in Embedthis Goahead
A command-injection vulnerability exists in a web application on a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models.
network
low complexity
embedthis CWE-77
8.8
2017-03-03 CVE-2016-10194 Command Injection vulnerability in Festivaltts4R Project Festivaltts4R
The festivaltts4r gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a string to the (1) to_speech or (2) to_mp3 method in lib/festivaltts4r/festival4r.rb.
network
low complexity
festivaltts4r-project CWE-77
critical
9.8
2017-02-22 CVE-2014-4677 Command Injection vulnerability in Gpgtools Libmacgpg 0.6
The installPackage function in the installerHelper subcomponent in Libmacgpg in GPG Suite before 2015.06 allows local users to execute arbitrary commands with root privileges via shell metacharacters in the xmlPath argument.
local
low complexity
gpgtools CWE-77
7.8