Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-19 | CVE-2017-6048 | Command Injection vulnerability in Satel-Iberia products A Command Injection issue was discovered in Satel Iberia SenNet Data Logger and Electricity Meters: SenNet Optimal DataLogger V5.37c-1.43c and prior, SenNet Solar Datalogger V5.03-1.56a and prior, and SenNet Multitask Meter V5.21a-1.18b and prior. | 8.8 |
| 2017-05-12 | CVE-2016-10329 | Command Injection vulnerability in Synology Photo Station Command injection vulnerability in login.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to execute arbitrary code via shell metacharacters in the crafted 'X-Forwarded-For' header. | 9.8 |
| 2017-05-02 | CVE-2015-8257 | Command Injection vulnerability in Axis Network Camera Firmware The devtools.sh script in AXIS network cameras allows remote authenticated users to execute arbitrary commands via shell metacharacters in the app parameter to (1) app_license.shtml, (2) app_license_custom.shtml, (3) app_index.shtml, or (4) app_params.shtml. | 8.8 |
| 2017-04-24 | CVE-2017-2324 | Command Injection vulnerability in Juniper Northstar Controller 2.1.0 A command injection vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to cause a denial of service condition. | 5.3 |
| 2017-04-21 | CVE-2016-1555 | Command Injection vulnerability in Netgear products (1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands. | 9.8 |
| 2017-04-12 | CVE-2017-7722 | Command Injection vulnerability in Solarwinds LOG & Event Manager 6.3.1 In SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with "cmc" and "password" (the default username and password). | 10.0 |
| 2017-04-11 | CVE-2017-7689 | Command Injection vulnerability in Schneider-Electric Homelynk Controller Lss100100 Firmware 1.3.0 A Command Injection vulnerability in Schneider Electric homeLYnk Controller exists in all versions before 1.5.0. | 9.8 |
| 2017-04-11 | CVE-2016-4989 | Command Injection vulnerability in multiple products setroubleshoot allows local users to bypass an intended container protection mechanism and execute arbitrary commands by (1) triggering an SELinux denial with a crafted file name, which is handled by the _set_tpath function in audit_data.py or via a crafted (2) local_id or (3) analysis_id field in a crafted XML document to the run_fix function in SetroubleshootFixit.py, related to the subprocess.check_output and commands.getstatusoutput functions, a different vulnerability than CVE-2016-4445. | 7.0 |
| 2017-04-11 | CVE-2016-4446 | Command Injection vulnerability in multiple products The allow_execstack plugin for setroubleshoot allows local users to execute arbitrary commands by triggering an execstack SELinux denial with a crafted filename, related to the commands.getoutput function. | 7.0 |
| 2017-04-11 | CVE-2016-4445 | Command Injection vulnerability in multiple products The fix_lookup_id function in sealert in setroubleshoot before 3.2.23 allows local users to execute arbitrary commands as root by triggering an SELinux denial with a crafted file name, related to executing external commands with the commands.getstatusoutput function. | 7.0 |