Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-07-03 | CVE-2015-3678 | Command Injection vulnerability in Apple mac OS X AppleThunderboltEDMService in Apple OS X before 10.10.4 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified Thunderbolt commands. | 7.2 |
| 2015-06-30 | CVE-2015-1986 | Command Injection vulnerability in IBM Tivoli Storage Manager Fastback The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2015-1938. | 10.0 |
| 2015-06-30 | CVE-2015-1949 | Command Injection vulnerability in IBM Tivoli Storage Manager Fastback The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to execute arbitrary commands with SYSTEM privileges via unspecified vectors. | 10.0 |
| 2015-06-30 | CVE-2015-1938 | Command Injection vulnerability in IBM Tivoli Storage Manager Fastback The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2015-1986. | 10.0 |
| 2015-06-17 | CVE-2015-4336 | Command Injection vulnerability in Xcloner 3.1.2 cloner.functions.php in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to execute arbitrary commands via a file containing filenames with shell metacharacters, as demonstrated by using the backup comments feature to create the file. | 6.5 |
| 2015-05-19 | CVE-2015-3408 | Command Injection vulnerability in multiple products Module::Signature before 0.74 allows remote attackers to execute arbitrary shell commands via a crafted SIGNATURE file which is not properly handled when generating checksums from a signed manifest. | 10.0 |
| 2015-05-07 | CVE-2015-0538 | Command Injection vulnerability in EMC Autostart 5.5.0 ftagent.exe in EMC AutoStart 5.4.x and 5.5.x before 5.5.0.508 HF4 allows remote attackers to execute arbitrary commands via crafted packets. | 9.3 |
| 2015-04-13 | CVE-2015-2846 | Command Injection vulnerability in Bittorrent Sync BitTorrent Sync allows remote attackers to execute arbitrary commands via a crafted btsync: link. | 9.3 |
| 2015-03-26 | CVE-2015-2746 | Command Injection vulnerability in Websense Triton and V-Series Appliances The network diagnostics tool (CommandLineServlet) in the Appliance Manager command line utility (CLU) in Websense TRITON 7.8.3 and V-Series appliances before 7.8.4 Hotfix 02 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the "second" parameter of a command, as demonstrated by the Destination parameter in the ping command. | 6.5 |
| 2015-03-24 | CVE-2015-2265 | Command Injection vulnerability in multiple products The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. | 7.5 |