Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-17 | CVE-2017-1000215 | OS Command Injection vulnerability in Xrootd 4.6.0 ROOT xrootd version 4.6.0 and below is vulnerable to an unauthenticated shell command injection resulting in remote code execution | 9.8 |
| 2017-11-17 | CVE-2017-1000203 | OS Command Injection vulnerability in Cern Root ROOT version 6.9.03 and below is vulnerable to an authenticated shell metacharacter injection in the rootd daemon resulting in remote code execution | 8.8 |
| 2017-11-17 | CVE-2017-1000235 | OS Command Injection vulnerability in I-Librarian I Librarian I, Librarian version <=4.6 & 4.7 is vulnerable to OS Command Injection in batchimport.php resulting the web server being fully compromised. | 9.8 |
| 2017-11-17 | CVE-2017-1000220 | OS Command Injection vulnerability in Pidusage Project Pidusage soyuka/pidusage <=1.1.4 is vulnerable to command injection in the module resulting in arbitrary command execution | 9.8 |
| 2017-11-17 | CVE-2017-1000219 | OS Command Injection vulnerability in Windows-Cpu Project Windows-Cpu 0.1.1/0.1.2 npm/KyleRoss windows-cpu all versions vulnerable to command injection resulting in code execution as Node.js user | 9.8 |
| 2017-11-16 | CVE-2017-12305 | OS Command Injection vulnerability in Cisco IP Phone 8800 Series Firmware A vulnerability in the debug interface of Cisco IP Phone 8800 series could allow an authenticated, local attacker to execute arbitrary commands, aka Debug Shell Command Injection. | 6.7 |
| 2017-11-14 | CVE-2017-12636 | OS Command Injection vulnerability in Apache Couchdb CouchDB administrative users can configure the database server via HTTP(S). | 7.2 |
| 2017-11-13 | CVE-2017-1453 | OS Command Injection vulnerability in IBM Security Access Manager 9.0 Firmware 9.0.3.0 IBM Security Access Manager Appliance 9.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. | 8.8 |
| 2017-11-08 | CVE-2017-16667 | OS Command Injection vulnerability in Backintime Project Backintime backintime (aka Back in Time) before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. | 7.8 |
| 2017-11-07 | CVE-2017-16641 | OS Command Injection vulnerability in Cacti 1.1.27 lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php. | 7.2 |