Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-10-26 | CVE-2015-5011 | Command Injection vulnerability in IBM Integration BUS and Websphere Message Broker IBM WebSphere Message Broker 8 before 8.0.0.6 and Integration Bus 9 before 9.0.0.4 do not check authorization for MQSISTARTMSGFLOW and MQSISTOPMSGFLOW commands, which allows local users to bypass intended access restrictions, and start or stop a service, by issuing a command. | 3.2 |
2015-10-26 | CVE-2015-4974 | Command Injection vulnerability in IBM General Parallel File System and Spectrum Scale IBM General Parallel File System (GPFS) 3.5.x before 3.5.0.27 and 4.1.x before 4.1.1.2 and Spectrum Scale 4.1.1.x before 4.1.1.2 allow local users to obtain root privileges for command execution via unspecified vectors. | 7.2 |
2015-10-15 | CVE-2015-7839 | Command Injection vulnerability in Solarwinds LOG and Event Manager SolarWinds Log and Event Manager (LEM) allows remote attackers to execute arbitrary commands on managed computers via a request to services/messagebroker/nonsecurestreamingamf involving the traceroute functionality. | 7.5 |
2015-10-04 | CVE-2015-4930 | Command Injection vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.1 MR2 before Patch 11 IF02 and 7.2.x before 7.2.5 Patch 4 allows remote authenticated users to execute arbitrary commands with root privileges by leveraging admin access. | 9.0 |
2015-10-04 | CVE-2015-2011 | Command Injection vulnerability in IBM Qradar Security Information and Event Manager The xmlrpc.cgi Webmin script in IBM QRadar SIEM 7.1 MR2 before Patch 11 IF02 and 7.2.x before 7.2.5 Patch 4 allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors. | 9.0 |
2015-09-28 | CVE-2015-5082 | Command Injection vulnerability in Endian Firewall Endian Firewall Endian Firewall before 3.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) NEW_PASSWORD_1 or (2) NEW_PASSWORD_2 parameter to cgi-bin/chpasswd.cgi. | 10.0 |
2015-09-20 | CVE-2015-6547 | Command Injection vulnerability in Symantec web Gateway The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary commands at boot time via unspecified vectors. | 8.3 |
2015-09-11 | CVE-2015-6912 | Command Injection vulnerability in Synology Video Station Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary shell commands via shell metacharacters in the subtitle_codepage parameter to subtitle.cgi. | 10.0 |
2015-08-13 | CVE-2015-5474 | Command Injection vulnerability in multiple products BitTorrent and uTorrent allow remote attackers to inject command line parameters and execute arbitrary commands via a crafted URL using the (1) bittorrent or (2) magnet protocol. | 9.3 |
2015-07-16 | CVE-2015-5080 | Command Injection vulnerability in Citrix products The Management Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before 10.1.132.8, 10.5 before Build 56.15, and 10.5.e before Build 56.1505.e allows remote authenticated users to execute arbitrary shell commands via shell metacharacters in the filter parameter to rapi/ipsec_logs. | 9.0 |