Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-02-17 | CVE-2016-2397 | Command Injection vulnerability in Sonicwall products The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted XML data. | 9.8 |
2016-02-17 | CVE-2016-2396 | Command Injection vulnerability in Sonicwall products The GMS ViewPoint (GMSVP) web application in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote authenticated users to execute arbitrary commands via vectors related to configuration input. | 9.9 |
2016-02-05 | CVE-2016-0861 | Command Injection vulnerability in GE UPS Snmp web Adapter Firmware General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to execute arbitrary commands via unspecified vectors. | 8.8 |
2016-01-08 | CVE-2015-7541 | Command Injection vulnerability in Colorscore Project Colorscore The initialize method in the Histogram class in lib/colorscore/histogram.rb in the colorscore gem before 0.0.5 for Ruby allows context-dependent attackers to execute arbitrary code via shell metacharacters in the (1) image_path, (2) colors, or (3) depth variable. | 10.0 |
2016-01-03 | CVE-2015-5003 | Command Injection vulnerability in IBM Tivoli Monitoring 6.2.2/6.2.3/6.3.0 The portal in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 before FP7 allows remote authenticated users to execute arbitrary commands by leveraging Take Action view authority and providing crafted input. | 8.5 |
2015-02-23 | CVE-2015-2051 | Command Injection vulnerability in Dlink Dir-645 Firmware The D-Link DIR-645 Wired/Wireless Router Rev. | 9.8 |