Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-03 | CVE-2016-10107 | Command Injection vulnerability in Western Digital Mycloud NAS 2.11.142 Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 index.php page via a modified Cookie header. | 9.8 |
| 2016-12-30 | CVE-2016-10074 | Command Injection vulnerability in Swiftmailer The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer before 5.4.5 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address in the (1) From, (2) ReturnPath, or (3) Sender header. | 9.8 |
| 2016-12-30 | CVE-2016-10045 | Command Injection vulnerability in multiple products The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP. | 9.8 |
| 2016-12-30 | CVE-2016-10034 | Command Injection vulnerability in Zend Framework The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address. | 9.8 |
| 2016-12-16 | CVE-2016-6656 | Command Injection vulnerability in Pivotal Software Greenplum An issue was discovered in Pivotal Greenplum before 4.3.10.0. | 7.2 |
| 2016-12-11 | CVE-2016-6609 | Command Injection vulnerability in PHPmyadmin An issue was discovered in phpMyAdmin. | 8.8 |
| 2016-11-03 | CVE-2015-8969 | Command Injection vulnerability in Squareup Git-Fastclone 1.0.0/1.0.1 git-fastclone before 1.0.5 passes user modifiable strings directly to a shell command. | 9.8 |
| 2016-11-03 | CVE-2015-8968 | Command Injection vulnerability in Squareup Git-Fastclone 1.0.0 git-fastclone before 1.0.1 permits arbitrary shell command execution from .gitmodules. | 8.8 |
| 2016-10-22 | CVE-2016-0328 | Command Injection vulnerability in IBM Security Guardium Database Activity Monitor IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows local users to obtain administrator privileges for command execution via unspecified vectors. | 7.8 |
| 2016-10-22 | CVE-2016-0326 | Command Injection vulnerability in IBM products IBM Rational Quality Manager (RQM) and Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.x before 4.0.7 iFix11, 5.x before 5.0.2 iFix17, and 6.x before 6.0.1 ifix3 allow remote authenticated users to execute arbitrary OS commands via a crafted "HTML request." | 8.8 |