Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2016-01-08 CVE-2015-7541 Command Injection vulnerability in Colorscore Project Colorscore
The initialize method in the Histogram class in lib/colorscore/histogram.rb in the colorscore gem before 0.0.5 for Ruby allows context-dependent attackers to execute arbitrary code via shell metacharacters in the (1) image_path, (2) colors, or (3) depth variable.
network
low complexity
colorscore-project CWE-77
critical
10.0
2016-01-03 CVE-2015-5003 Command Injection vulnerability in IBM Tivoli Monitoring 6.2.2/6.2.3/6.3.0
The portal in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 before FP7 allows remote authenticated users to execute arbitrary commands by leveraging Take Action view authority and providing crafted input.
network
high complexity
ibm CWE-77
8.5
2015-02-23 CVE-2015-2051 Command Injection vulnerability in Dlink Dir-645 Firmware
The D-Link DIR-645 Wired/Wireless Router Rev.
network
low complexity
dlink CWE-77
critical
9.8
2012-05-11 CVE-2012-1823 Command Injection vulnerability in multiple products
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.
network
low complexity
php fedoraproject debian hp opensuse suse apple redhat CWE-77
critical
9.8