Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-11-17 | CVE-2014-8517 | Command Injection vulnerability in multiple products The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an HTTP redirect. | 7.5 |
| 2014-08-26 | CVE-2014-3524 | Command Injection vulnerability in multiple products Apache OpenOffice before 4.1.1 allows remote attackers to execute arbitrary commands and possibly have other unspecified impact via a crafted Calc spreadsheet. | 9.3 |
| 2014-06-22 | CVE-2014-4336 | Command Injection vulnerability in Linuxfoundation Cups-Filters The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the host name. | 5.8 |
| 2013-09-25 | CVE-2012-4086 | Command Injection vulnerability in Cisco Unified Computing System A setup script for fabric interconnect devices in Cisco Unified Computing System (UCS) allows remote attackers to execute arbitrary commands via invalid parameters, aka Bug ID CSCtg20790. | 5.1 |
| 2010-07-13 | CVE-2010-2008 | Command Injection vulnerability in multiple products MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . | 3.5 |
| 2005-09-02 | CVE-2005-2793 | Command Injection vulnerability in PHPldapadmin Project PHPldapadmin 0.9.6/0.9.7 PHP remote file inclusion vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to execute arbitrary PHP code via the custom_welcome_page parameter. | 7.5 |