Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-02-17 | CVE-2016-2397 | Command Injection vulnerability in Sonicwall products The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted XML data. | 10.0 |
| 2016-02-17 | CVE-2016-2396 | Command Injection vulnerability in Sonicwall products The GMS ViewPoint (GMSVP) web application in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote authenticated users to execute arbitrary commands via vectors related to configuration input. | 9.9 |
| 2016-02-05 | CVE-2016-0861 | Command Injection vulnerability in GE UPS Snmp web Adapter Firmware General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to execute arbitrary commands via unspecified vectors. | 9.0 |
| 2016-01-08 | CVE-2015-7541 | Command Injection vulnerability in Colorscore Project Colorscore 0.0.4 The initialize method in the Histogram class in lib/colorscore/histogram.rb in the colorscore gem before 0.0.5 for Ruby allows context-dependent attackers to execute arbitrary code via shell metacharacters in the (1) image_path, (2) colors, or (3) depth variable. | 10.0 |
| 2016-01-03 | CVE-2015-5003 | Command Injection vulnerability in IBM Tivoli Monitoring 6.2.2/6.2.3/6.3.0 The portal in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 before FP7 allows remote authenticated users to execute arbitrary commands by leveraging Take Action view authority and providing crafted input. | 8.5 |
| 2015-11-03 | CVE-2015-6613 | Command Injection vulnerability in Google Android Bluetooth in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to send commands to a debugging port, and consequently gain privileges, via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24371736. | 5.1 |
| 2015-10-26 | CVE-2015-5011 | Command Injection vulnerability in IBM Integration BUS and Websphere Message Broker IBM WebSphere Message Broker 8 before 8.0.0.6 and Integration Bus 9 before 9.0.0.4 do not check authorization for MQSISTARTMSGFLOW and MQSISTOPMSGFLOW commands, which allows local users to bypass intended access restrictions, and start or stop a service, by issuing a command. | 3.2 |
| 2015-10-26 | CVE-2015-4974 | Command Injection vulnerability in IBM General Parallel File System and Spectrum Scale IBM General Parallel File System (GPFS) 3.5.x before 3.5.0.27 and 4.1.x before 4.1.1.2 and Spectrum Scale 4.1.1.x before 4.1.1.2 allow local users to obtain root privileges for command execution via unspecified vectors. | 7.2 |
| 2015-10-15 | CVE-2015-7839 | Command Injection vulnerability in Solarwinds LOG and Event Manager SolarWinds Log and Event Manager (LEM) allows remote attackers to execute arbitrary commands on managed computers via a request to services/messagebroker/nonsecurestreamingamf involving the traceroute functionality. | 7.5 |
| 2015-10-04 | CVE-2015-4930 | Command Injection vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.1 MR2 before Patch 11 IF02 and 7.2.x before 7.2.5 Patch 4 allows remote authenticated users to execute arbitrary commands with root privileges by leveraging admin access. | 9.0 |