Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-01-08 | CVE-2015-7541 | Command Injection vulnerability in Colorscore Project Colorscore The initialize method in the Histogram class in lib/colorscore/histogram.rb in the colorscore gem before 0.0.5 for Ruby allows context-dependent attackers to execute arbitrary code via shell metacharacters in the (1) image_path, (2) colors, or (3) depth variable. | 10.0 |
2016-01-03 | CVE-2015-5003 | Command Injection vulnerability in IBM Tivoli Monitoring 6.2.2/6.2.3/6.3.0 The portal in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 before FP7 allows remote authenticated users to execute arbitrary commands by leveraging Take Action view authority and providing crafted input. | 8.5 |
2015-02-23 | CVE-2015-2051 | Command Injection vulnerability in Dlink Dir-645 Firmware The D-Link DIR-645 Wired/Wireless Router Rev. | 9.8 |
2012-05-11 | CVE-2012-1823 | Command Injection vulnerability in multiple products sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. | 9.8 |