Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-12-30 | CVE-2016-10034 | Command Injection vulnerability in Zend Framework The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address. | 9.8 |
2016-12-16 | CVE-2016-6656 | Command Injection vulnerability in Pivotal Software Greenplum An issue was discovered in Pivotal Greenplum before 4.3.10.0. | 7.2 |
2016-12-11 | CVE-2016-6609 | Command Injection vulnerability in PHPmyadmin An issue was discovered in phpMyAdmin. | 8.8 |
2016-11-03 | CVE-2015-8969 | Command Injection vulnerability in Squareup Git-Fastclone 1.0.0/1.0.1 git-fastclone before 1.0.5 passes user modifiable strings directly to a shell command. | 9.8 |
2016-11-03 | CVE-2015-8968 | Command Injection vulnerability in Squareup Git-Fastclone 1.0.0 git-fastclone before 1.0.1 permits arbitrary shell command execution from .gitmodules. | 8.8 |
2016-10-22 | CVE-2016-0328 | Command Injection vulnerability in IBM Security Guardium Database Activity Monitor IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows local users to obtain administrator privileges for command execution via unspecified vectors. | 7.8 |
2016-10-22 | CVE-2016-0326 | Command Injection vulnerability in IBM products IBM Rational Quality Manager (RQM) and Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.x before 4.0.7 iFix11, 5.x before 5.0.2 iFix17, and 6.x before 6.0.1 ifix3 allow remote authenticated users to execute arbitrary OS commands via a crafted "HTML request." | 8.8 |
2016-10-21 | CVE-2016-0236 | Command Injection vulnerability in IBM Security Guardium Database Activity Monitor IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote authenticated users to execute arbitrary commands with root privileges via the search field. | 8.8 |
2016-09-21 | CVE-2016-0920 | Command Injection vulnerability in EMC Avamar Server Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root access via a crafted parameter to a command that is available in the sudo configuration. | 7.8 |
2016-08-18 | CVE-2016-6367 | Command Injection vulnerability in Cisco Adaptive Security Appliance Software Cisco Adaptive Security Appliance (ASA) Software before 8.4(1) on ASA 5500, ASA 5500-X, PIX, and FWSM devices allows local users to gain privileges via invalid CLI commands, aka Bug ID CSCtu74257 or EPICBANANA. | 7.8 |