Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-12-08 | CVE-2013-2810 | Command Injection vulnerability in Emerson products Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to execute arbitrary commands via a TCP replay attack. | 10.0 |
2014-12-05 | CVE-2014-8990 | Command Injection vulnerability in multiple products default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a filename. | 7.5 |
2014-12-05 | CVE-2014-9144 | Command Injection vulnerability in Technicolor Td5130 Router Firmware 2.05.C29Gv Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to execute arbitrary commands via shell metacharacters in the ping field (setobject_ip parameter). | 7.5 |
2014-12-03 | CVE-2013-7416 | Command Injection vulnerability in Canto Curses 0.8.4/0.9.0 canto_curses/guibase.py in Canto Curses before 0.9.0 allows remote feed servers to execute arbitrary commands via shell metacharacters in a URL in a feed. | 7.5 |
2014-11-17 | CVE-2014-8517 | Command Injection vulnerability in multiple products The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an HTTP redirect. | 7.5 |
2014-08-26 | CVE-2014-3524 | Command Injection vulnerability in multiple products Apache OpenOffice before 4.1.1 allows remote attackers to execute arbitrary commands and possibly have other unspecified impact via a crafted Calc spreadsheet. | 9.3 |
2014-06-22 | CVE-2014-4336 | Command Injection vulnerability in Linuxfoundation Cups-Filters The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the host name. | 5.8 |
2013-09-25 | CVE-2012-4086 | Command Injection vulnerability in Cisco Unified Computing System A setup script for fabric interconnect devices in Cisco Unified Computing System (UCS) allows remote attackers to execute arbitrary commands via invalid parameters, aka Bug ID CSCtg20790. | 5.1 |
2010-07-13 | CVE-2010-2008 | Command Injection vulnerability in multiple products MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . | 3.5 |
2005-09-02 | CVE-2005-2793 | Command Injection vulnerability in PHPldapadmin Project PHPldapadmin 0.9.6/0.9.7 PHP remote file inclusion vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to execute arbitrary PHP code via the custom_welcome_page parameter. | 7.5 |