Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-22 | CVE-2017-14081 | Command Injection vulnerability in Trendmicro Mobile Security 9.7 Proxy command injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations. | 8.8 |
| 2017-09-12 | CVE-2017-1352 | Command Injection vulnerability in IBM Maximo Asset Management 7.5/7.6 IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to inject commands into work orders that could be executed by another user that downloads the affected file. | 5.5 |
| 2017-09-07 | CVE-2017-6794 | Command Injection vulnerability in Cisco Meeting Server A vulnerability in the CLI command-parsing code of Cisco Meeting Server could allow an authenticated, local attacker to perform command injection and escalate their privileges to root. | 6.7 |
| 2017-09-06 | CVE-2015-2210 | Command Injection vulnerability in Epicor CRS Retail Store 3.2.03.01.008 The help window in Epicor CRS Retail Store before 3.2.03.01.008 allows local users to execute arbitrary code by injecting Javascript into the window source to create a button that spawns a command shell. | 7.8 |
| 2017-08-22 | CVE-2015-2857 | Command Injection vulnerability in Accellion File Transfer Appliance 80540/911200 Accellion File Transfer Appliance before FTA_9_11_210 allows remote attackers to execute arbitrary code via shell metacharacters in the oauth_token parameter. | 9.8 |
| 2017-08-09 | CVE-2017-12756 | Command Injection vulnerability in Extplorer Command inject in transfer from another server in extplorer 2.1.9 and prior allows attacker to inject command via the userfile[0] parameter. | 7.2 |
| 2017-08-03 | CVE-2017-11392 | Command Injection vulnerability in Trendmicro Interscan Messaging Security Virtual Appliance 9.0/9.1 Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. | 8.8 |
| 2017-08-03 | CVE-2017-11391 | Command Injection vulnerability in Trendmicro Interscan Messaging Security Virtual Appliance 9.0/9.1 Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. | 8.8 |
| 2017-08-02 | CVE-2014-8903 | Command Injection vulnerability in IBM Curam Social Program Management IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5iFix10 and 6.0.5 before 6.0.5.6 allows remote authenticated users to load arbitrary Java classes via unspecified vectors. | 8.8 |
| 2017-07-21 | CVE-2017-9980 | Command Injection vulnerability in Greenpacket Dx-350 Firmware 2.8.9.5G1.4.8Atheeb In Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, the "PING" (aka tag_ipPing) feature within the web interface allows performing command injection, via the "pip" parameter. | 9.8 |