Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-12-29 | CVE-2014-1905 | Command Injection vulnerability in Videowhisper Live Streaming Integration Unrestricted file upload vulnerability in ls/vw_snapshots.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a double extension, and then accessing the file via a direct request to a wp-content/plugins/videowhisper-live-streaming-integration/ls/snapshots/ pathname, as demonstrated by a .php.jpg filename. | 10.0 |
| 2014-12-28 | CVE-2013-4663 | Command Injection vulnerability in Redmine GIT Hosting Plugin git_http_controller.rb in the redmine_git_hosting plugin for Redmine allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the service parameter to info/refs, related to the get_info_refs function or (2) the reqfile argument to the file_exists function. | 7.5 |
| 2014-12-19 | CVE-2014-7208 | Command Injection vulnerability in Gparted GParted before 0.15.0 allows local users to execute arbitrary commands with root privileges via shell metacharacters in a crafted filesystem label. | 7.2 |
| 2014-12-17 | CVE-2014-7285 | Command Injection vulnerability in Symantec web Gateway The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP scripts. | 6.5 |
| 2014-12-15 | CVE-2014-6260 | Command Injection vulnerability in Zenoss Core Zenoss Core through 5 Beta 3 does not require a password for modifying the pager command string, which allows remote attackers to execute arbitrary commands or cause a denial of service (paging outage) by leveraging an unattended workstation, aka ZEN-15412. | 6.8 |
| 2014-12-12 | CVE-2014-8515 | Command Injection vulnerability in Bittorrent The web interface in BitTorrent allows remote attackers to execute arbitrary commands by leveraging knowledge of the pairing values and a crafted request to port 10000. | 6.8 |
| 2014-12-08 | CVE-2013-2810 | Command Injection vulnerability in Emerson products Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to execute arbitrary commands via a TCP replay attack. | 10.0 |
| 2014-12-05 | CVE-2014-8990 | Command Injection vulnerability in multiple products default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a filename. | 7.5 |
| 2014-12-05 | CVE-2014-9144 | Command Injection vulnerability in Technicolor Td5130 Router Firmware 2.05.C29Gv Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to execute arbitrary commands via shell metacharacters in the ping field (setobject_ip parameter). | 7.5 |
| 2014-12-03 | CVE-2013-7416 | Command Injection vulnerability in Canto Curses 0.8.4/0.9.0 canto_curses/guibase.py in Canto Curses before 0.9.0 allows remote feed servers to execute arbitrary commands via shell metacharacters in a URL in a feed. | 7.5 |