Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-10-04 | CVE-2015-2011 | Command Injection vulnerability in IBM Qradar Security Information and Event Manager The xmlrpc.cgi Webmin script in IBM QRadar SIEM 7.1 MR2 before Patch 11 IF02 and 7.2.x before 7.2.5 Patch 4 allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors. | 9.0 |
| 2015-09-28 | CVE-2015-5082 | Command Injection vulnerability in Endian Firewall Endian Firewall Endian Firewall before 3.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) NEW_PASSWORD_1 or (2) NEW_PASSWORD_2 parameter to cgi-bin/chpasswd.cgi. | 10.0 |
| 2015-09-20 | CVE-2015-6547 | Command Injection vulnerability in Symantec web Gateway The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary commands at boot time via unspecified vectors. | 8.3 |
| 2015-09-11 | CVE-2015-6912 | Command Injection vulnerability in Synology Video Station Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary shell commands via shell metacharacters in the subtitle_codepage parameter to subtitle.cgi. | 10.0 |
| 2015-08-13 | CVE-2015-5474 | Command Injection vulnerability in multiple products BitTorrent and uTorrent allow remote attackers to inject command line parameters and execute arbitrary commands via a crafted URL using the (1) bittorrent or (2) magnet protocol. | 9.3 |
| 2015-07-16 | CVE-2015-5080 | Command Injection vulnerability in Citrix products The Management Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before 10.1.132.8, 10.5 before Build 56.15, and 10.5.e before Build 56.1505.e allows remote authenticated users to execute arbitrary shell commands via shell metacharacters in the filter parameter to rapi/ipsec_logs. | 9.0 |
| 2015-07-14 | CVE-2015-1561 | Command Injection vulnerability in Centreon The escape_command function in include/Administration/corePerformance/getStats.php in Centreon (formerly Merethis Centreon) 2.5.4 and earlier (fixed in Centreon 19.10.0) uses an incorrect regular expression, which allows remote authenticated users to execute arbitrary commands via shell metacharacters in the ns_id parameter. | 6.5 |
| 2015-07-08 | CVE-2015-5453 | Command Injection vulnerability in Watchguard XCS 10.0/9.2 Watchguard XCS 9.2 and 10.0 before build 150522 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the id parameter to ADMIN/mailqueue.spl. | 6.5 |
| 2015-07-04 | CVE-2015-4525 | Command Injection vulnerability in EMC Isilon Onefs The log-gather implementation in the web administration interface in EMC Isilon OneFS 6.5.x.x through 7.1.1.x before 7.1.1.5 and 7.2.0.x before 7.2.0.2 allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors. | 9.0 |
| 2015-07-03 | CVE-2015-3716 | Command Injection vulnerability in Apple mac OS X Spotlight in Apple OS X before 10.10.4 allows attackers to execute arbitrary commands via a crafted name of a photo file within the local photo library. | 4.4 |