Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-03-12 | CVE-2015-2208 | Command Injection vulnerability in Avinu PHPmoadmin 1.1.2 The saveObject function in moadmin.php in phpMoAdmin 1.1.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the object parameter. | 7.5 |
| 2015-03-04 | CVE-2015-0934 | Command Injection vulnerability in Sharelatex 0.1.2 Common LaTeX Service Interface (CLSI) before 0.1.3, as used in ShareLaTeX before 0.1.3, allows remote authenticated users to execute arbitrary code via ` (backtick) characters in a filename. | 6.5 |
| 2015-02-28 | CVE-2014-9682 | Command Injection vulnerability in Dns-Sync Project Dns-Sync 0.1.0 The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function. | 10.0 |
| 2015-02-23 | CVE-2015-2051 | Command Injection vulnerability in Dlink Dir-645 Firmware 1.03/1.04/1.04B11 The D-Link DIR-645 Wired/Wireless Router Rev. | 9.8 |
| 2015-02-01 | CVE-2014-8630 | Command Injection vulnerability in multiple products Bugzilla before 4.0.16, 4.1.x and 4.2.x before 4.2.12, 4.3.x and 4.4.x before 4.4.7, and 5.x before 5.0rc1 allows remote authenticated users to execute arbitrary commands by leveraging the editcomponents privilege and triggering crafted input to a two-argument Perl open call, as demonstrated by shell metacharacters in a product name. | 6.5 |
| 2015-01-21 | CVE-2014-9622 | Command Injection vulnerability in Gentoo Xdg-Utils 1.1.0 Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open. | 6.8 |
| 2015-01-06 | CVE-2014-7209 | Command Injection vulnerability in Debian Mime-Support run-mailcap in the Debian mime-support package before 3.52-1+deb7u1 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename. | 7.5 |
| 2015-01-04 | CVE-2014-9277 | Command Injection vulnerability in Mediawiki The wfMangleFlashPolicy function in OutputHandler.php in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7 allows remote attackers to conduct PHP object injection attacks via a crafted string containing <cross-domain-policy> in a PHP format request, which causes the string length to change when converting the request to <NOT-cross-domain-policy>. | 7.5 |
| 2015-01-02 | CVE-2013-7418 | Command Injection vulnerability in Ipcop 2.1.2/2.1.4 cgi-bin/iptablesgui.cgi in IPCop (aka IPCop Firewall) before 2.1.5 allows remote authenticated users to execute arbitrary code via shell metacharacters in the TABLE parameter. | 6.5 |
| 2014-12-29 | CVE-2014-3556 | Command Injection vulnerability in F5 Nginx The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. | 6.8 |