Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2016-08-08 CVE-2016-2875 Command Injection vulnerability in IBM Qradar Security Information and Event Manager
IBM Security QRadar SIEM 7.1.x and 7.2.x before 7.2.7 allows remote authenticated users to execute arbitrary OS commands as root via unspecified vectors.
network
low complexity
ibm CWE-77
8.8
2016-08-03 CVE-2016-5640 Command Injection vulnerability in Crestron Airmedia Am-100 Firmware 1.2.1
Directory traversal vulnerability in cgi-bin/rftest.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to execute arbitrary commands via a ..
network
low complexity
crestron CWE-77
critical
9.8
2016-06-25 CVE-2016-4822 Command Injection vulnerability in Corega Cg-Wlbargl Firmware
Corega CG-WLBARGL devices allow remote authenticated users to execute arbitrary commands via unspecified vectors.
low complexity
corega CWE-77
8.0
2016-06-03 CVE-2016-1388 Command Injection vulnerability in Cisco products
Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) allow remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuy21882.
network
low complexity
cisco CWE-77
critical
9.8
2016-05-06 CVE-2015-0857 Command Injection vulnerability in multiple products
Cool Projects TarDiff allows remote attackers to execute arbitrary commands via shell metacharacters in the name of a (1) tar file or (2) file within a tar file.
network
low complexity
tardiff-project debian CWE-77
critical
9.8
2016-04-26 CVE-2016-3081 Command Injection vulnerability in multiple products
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to chained expressions.
network
high complexity
apache oracle CWE-77
8.1
2016-04-25 CVE-2016-2332 Command Injection vulnerability in Systech Syslink Sl-1000 Modular Gateway Firmware
flu.cgi in the web interface on SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 allows remote authenticated users to execute arbitrary commands via the 5066 (aka dnsmasq) parameter.
network
low complexity
systech CWE-77
8.8
2016-04-20 CVE-2016-2002 Command Injection vulnerability in HP Vertica
The validateAdminConfig handler in the Analytics Management Console in HPE Vertica 7.0.x before 7.0.2.12, 7.1.x before 7.1.2-12, and 7.2.x before 7.2.2-1 allows remote attackers to execute arbitrary commands via the mcPort parameter, aka ZDI-CAN-3417.
network
low complexity
hp CWE-77
critical
9.8
2016-04-13 CVE-2016-2056 Command Injection vulnerability in multiple products
xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the adduser_name argument in (1) web/useradm.c or (2) web/chpasswd.c.
network
low complexity
xymon debian CWE-77
8.8
2016-04-11 CVE-2015-5349 Command Injection vulnerability in Apache Directory Studio and Ldap Studio
The CSV export in Apache LDAP Studio and Apache Directory Studio before 2.0.0-M10 does not properly escape field values, which might allow attackers to execute arbitrary commands by leveraging a crafted LDAP entry that is interpreted as a formula when imported into a spreadsheet.
local
low complexity
apache CWE-77
7.8