Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2016-12-30 CVE-2016-10034 Command Injection vulnerability in Zend Framework
The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address.
network
low complexity
zend CWE-77
critical
9.8
2016-12-16 CVE-2016-6656 Command Injection vulnerability in Pivotal Software Greenplum
An issue was discovered in Pivotal Greenplum before 4.3.10.0.
network
low complexity
pivotal-software CWE-77
7.2
2016-12-11 CVE-2016-6609 Command Injection vulnerability in PHPmyadmin
An issue was discovered in phpMyAdmin.
network
low complexity
phpmyadmin CWE-77
8.8
2016-11-03 CVE-2015-8969 Command Injection vulnerability in Squareup Git-Fastclone 1.0.0/1.0.1
git-fastclone before 1.0.5 passes user modifiable strings directly to a shell command.
network
low complexity
squareup CWE-77
critical
9.8
2016-11-03 CVE-2015-8968 Command Injection vulnerability in Squareup Git-Fastclone 1.0.0
git-fastclone before 1.0.1 permits arbitrary shell command execution from .gitmodules.
network
low complexity
squareup CWE-77
8.8
2016-10-22 CVE-2016-0328 Command Injection vulnerability in IBM Security Guardium Database Activity Monitor
IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows local users to obtain administrator privileges for command execution via unspecified vectors.
local
low complexity
ibm CWE-77
7.8
2016-10-22 CVE-2016-0326 Command Injection vulnerability in IBM products
IBM Rational Quality Manager (RQM) and Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.x before 4.0.7 iFix11, 5.x before 5.0.2 iFix17, and 6.x before 6.0.1 ifix3 allow remote authenticated users to execute arbitrary OS commands via a crafted "HTML request."
network
low complexity
ibm CWE-77
8.8
2016-10-21 CVE-2016-0236 Command Injection vulnerability in IBM Security Guardium Database Activity Monitor
IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote authenticated users to execute arbitrary commands with root privileges via the search field.
network
low complexity
ibm CWE-77
8.8
2016-09-21 CVE-2016-0920 Command Injection vulnerability in EMC Avamar Server
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root access via a crafted parameter to a command that is available in the sudo configuration.
local
low complexity
emc CWE-77
7.8
2016-08-18 CVE-2016-6367 Command Injection vulnerability in Cisco Adaptive Security Appliance Software
Cisco Adaptive Security Appliance (ASA) Software before 8.4(1) on ASA 5500, ASA 5500-X, PIX, and FWSM devices allows local users to gain privileges via invalid CLI commands, aka Bug ID CSCtu74257 or EPICBANANA.
local
low complexity
cisco CWE-77
7.8