Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2017-01-30 CVE-2016-10182 Command Injection vulnerability in Dlink Dwr-932B Firmware 02.02Eu
An issue was discovered on the D-Link DWR-932B router.
network
low complexity
dlink CWE-77
critical
9.8
2017-01-28 CVE-2016-9554 Command Injection vulnerability in Sophos web Appliance 4.2.1.3
The Sophos Web Appliance Remote / Secure Web Gateway server (version 4.2.1.3) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface.
network
low complexity
sophos CWE-77
7.2
2017-01-28 CVE-2016-9553 Command Injection vulnerability in Sophos web Appliance 4.2.1.3
The Sophos Web Appliance (version 4.2.1.3) is vulnerable to two Remote Command Injection vulnerabilities affecting its web administrative interface.
network
low complexity
sophos CWE-77
7.2
2017-01-23 CVE-2015-8971 Command Injection vulnerability in multiple products
Terminology 0.7.0 allows remote attackers to execute arbitrary commands via escape sequences that modify the window title and then are written to the terminal, a similar issue to CVE-2003-0063.
local
low complexity
debian enlightenment CWE-77
7.8
2017-01-05 CVE-2015-3441 Command Injection vulnerability in Genexia Drgos 1.14
The Parental Control panel in Genexis devices with DRGOS before 1.14.1 allows remote authenticated users to execute arbitrary CLI commands via the (1) start_hour, (2) start_minute, (3) end_hour, (4) end_minute, or (5) hostname parameter.
network
low complexity
genexia CWE-77
8.8
2017-01-04 CVE-2016-7399 Command Injection vulnerability in Veritas Netbackup Appliance Firmware
scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, 2.7.x through 2.7.3, and 3.0.x allow remote attackers to execute arbitrary commands via shell metacharacters in the hostName parameter to appliancews/getLicense.
network
low complexity
veritas CWE-77
critical
9.8
2017-01-03 CVE-2016-10108 Command Injection vulnerability in Western Digital Mycloud NAS 2.11.142
Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/google_analytics.php URL via a modified arg parameter in the POST data.
network
low complexity
western-digital CWE-77
critical
9.8
2017-01-03 CVE-2016-10107 Command Injection vulnerability in Western Digital Mycloud NAS 2.11.142
Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 index.php page via a modified Cookie header.
network
low complexity
western-digital CWE-77
critical
9.8
2016-12-30 CVE-2016-10074 Command Injection vulnerability in Swiftmailer
The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer before 5.4.5 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address in the (1) From, (2) ReturnPath, or (3) Sender header.
network
low complexity
swiftmailer CWE-77
critical
9.8
2016-12-30 CVE-2016-10045 Command Injection vulnerability in multiple products
The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP.
network
low complexity
phpmailer-project wordpress joomla CWE-77
critical
9.8