Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-07-14 | CVE-2015-1561 | Command Injection vulnerability in Centreon The escape_command function in include/Administration/corePerformance/getStats.php in Centreon (formerly Merethis Centreon) 2.5.4 and earlier (fixed in Centreon 19.10.0) uses an incorrect regular expression, which allows remote authenticated users to execute arbitrary commands via shell metacharacters in the ns_id parameter. | 6.5 |
2015-07-08 | CVE-2015-5453 | Command Injection vulnerability in Watchguard XCS 10.0/9.2 Watchguard XCS 9.2 and 10.0 before build 150522 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the id parameter to ADMIN/mailqueue.spl. | 6.5 |
2015-07-04 | CVE-2015-4525 | Command Injection vulnerability in EMC Isilon Onefs The log-gather implementation in the web administration interface in EMC Isilon OneFS 6.5.x.x through 7.1.1.x before 7.1.1.5 and 7.2.0.x before 7.2.0.2 allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors. | 9.0 |
2015-07-03 | CVE-2015-3716 | Command Injection vulnerability in Apple mac OS X Spotlight in Apple OS X before 10.10.4 allows attackers to execute arbitrary commands via a crafted name of a photo file within the local photo library. | 4.4 |
2015-07-03 | CVE-2015-3678 | Command Injection vulnerability in Apple mac OS X AppleThunderboltEDMService in Apple OS X before 10.10.4 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified Thunderbolt commands. | 7.2 |
2015-06-30 | CVE-2015-1986 | Command Injection vulnerability in IBM Tivoli Storage Manager Fastback The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2015-1938. | 10.0 |
2015-06-30 | CVE-2015-1949 | Command Injection vulnerability in IBM Tivoli Storage Manager Fastback The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to execute arbitrary commands with SYSTEM privileges via unspecified vectors. | 10.0 |
2015-06-30 | CVE-2015-1938 | Command Injection vulnerability in IBM Tivoli Storage Manager Fastback The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2015-1986. | 10.0 |
2015-06-17 | CVE-2015-4336 | Command Injection vulnerability in Xcloner 3.1.2 cloner.functions.php in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to execute arbitrary commands via a file containing filenames with shell metacharacters, as demonstrated by using the backup comments feature to create the file. | 6.5 |
2015-05-19 | CVE-2015-3408 | Command Injection vulnerability in multiple products Module::Signature before 0.74 allows remote attackers to execute arbitrary shell commands via a crafted SIGNATURE file which is not properly handled when generating checksums from a signed manifest. | 10.0 |