Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2016-12-30 CVE-2016-10045 Command Injection vulnerability in multiple products
The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP.
network
low complexity
phpmailer-project wordpress joomla CWE-77
critical
9.8
2016-12-30 CVE-2016-10034 Command Injection vulnerability in Zend Framework
The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address.
network
low complexity
zend CWE-77
critical
9.8
2016-12-16 CVE-2016-6656 Command Injection vulnerability in Pivotal Software Greenplum
An issue was discovered in Pivotal Greenplum before 4.3.10.0.
network
low complexity
pivotal-software CWE-77
7.2
2016-12-11 CVE-2016-6609 Command Injection vulnerability in PHPmyadmin
An issue was discovered in phpMyAdmin.
network
low complexity
phpmyadmin CWE-77
8.8
2016-11-03 CVE-2015-8969 Command Injection vulnerability in Squareup Git-Fastclone 1.0.0/1.0.1
git-fastclone before 1.0.5 passes user modifiable strings directly to a shell command.
network
low complexity
squareup CWE-77
critical
9.8
2016-11-03 CVE-2015-8968 Command Injection vulnerability in Squareup Git-Fastclone 1.0.0
git-fastclone before 1.0.1 permits arbitrary shell command execution from .gitmodules.
network
low complexity
squareup CWE-77
8.8
2016-10-22 CVE-2016-0328 Command Injection vulnerability in IBM Security Guardium Database Activity Monitor
IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows local users to obtain administrator privileges for command execution via unspecified vectors.
local
low complexity
ibm CWE-77
7.8
2016-10-22 CVE-2016-0326 Command Injection vulnerability in IBM products
IBM Rational Quality Manager (RQM) and Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.x before 4.0.7 iFix11, 5.x before 5.0.2 iFix17, and 6.x before 6.0.1 ifix3 allow remote authenticated users to execute arbitrary OS commands via a crafted "HTML request."
network
low complexity
ibm CWE-77
8.8
2016-10-21 CVE-2016-0236 Command Injection vulnerability in IBM Security Guardium Database Activity Monitor
IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote authenticated users to execute arbitrary commands with root privileges via the search field.
network
low complexity
ibm CWE-77
8.8
2016-09-21 CVE-2016-0920 Command Injection vulnerability in EMC Avamar Server
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root access via a crafted parameter to a command that is available in the sudo configuration.
local
low complexity
emc CWE-77
7.8