Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-05-07 | CVE-2015-0538 | Command Injection vulnerability in EMC Autostart 5.5.0 ftagent.exe in EMC AutoStart 5.4.x and 5.5.x before 5.5.0.508 HF4 allows remote attackers to execute arbitrary commands via crafted packets. | 9.3 |
| 2015-04-13 | CVE-2015-2846 | Command Injection vulnerability in Bittorrent Sync BitTorrent Sync allows remote attackers to execute arbitrary commands via a crafted btsync: link. | 9.3 |
| 2015-03-26 | CVE-2015-2746 | Command Injection vulnerability in Websense Triton and V-Series Appliances The network diagnostics tool (CommandLineServlet) in the Appliance Manager command line utility (CLU) in Websense TRITON 7.8.3 and V-Series appliances before 7.8.4 Hotfix 02 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the "second" parameter of a command, as demonstrated by the Destination parameter in the ping command. | 6.5 |
| 2015-03-24 | CVE-2015-2265 | Command Injection vulnerability in multiple products The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. | 7.5 |
| 2015-03-12 | CVE-2015-2208 | Command Injection vulnerability in Avinu PHPmoadmin 1.1.2 The saveObject function in moadmin.php in phpMoAdmin 1.1.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the object parameter. | 7.5 |
| 2015-03-04 | CVE-2015-0934 | Command Injection vulnerability in Sharelatex 0.1.2 Common LaTeX Service Interface (CLSI) before 0.1.3, as used in ShareLaTeX before 0.1.3, allows remote authenticated users to execute arbitrary code via ` (backtick) characters in a filename. | 6.5 |
| 2015-02-28 | CVE-2014-9682 | Command Injection vulnerability in Dns-Sync Project Dns-Sync 0.1.0 The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function. | 10.0 |
| 2015-02-01 | CVE-2014-8630 | Command Injection vulnerability in multiple products Bugzilla before 4.0.16, 4.1.x and 4.2.x before 4.2.12, 4.3.x and 4.4.x before 4.4.7, and 5.x before 5.0rc1 allows remote authenticated users to execute arbitrary commands by leveraging the editcomponents privilege and triggering crafted input to a two-argument Perl open call, as demonstrated by shell metacharacters in a product name. | 6.5 |
| 2015-01-21 | CVE-2014-9622 | Command Injection vulnerability in Gentoo Xdg-Utils 1.1.0 Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open. | 6.8 |
| 2015-01-06 | CVE-2014-7209 | Command Injection vulnerability in Debian Mime-Support run-mailcap in the Debian mime-support package before 3.52-1+deb7u1 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename. | 7.5 |