Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2017-03-23 CVE-2017-6361 OS Command Injection vulnerability in Qnap QTS
QNAP QTS before 4.2.4 Build 20170313 allows attackers to execute arbitrary commands via unspecified vectors.
network
low complexity
qnap CWE-78
critical
9.8
2017-03-23 CVE-2017-6360 OS Command Injection vulnerability in Qnap QTS
QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and obtain sensitive information via unspecified vectors.
network
low complexity
qnap CWE-78
critical
9.8
2017-03-23 CVE-2017-6359 OS Command Injection vulnerability in Qnap QTS
QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and execute arbitrary commands via unspecified vectors.
network
low complexity
qnap CWE-78
critical
9.8
2017-03-22 CVE-2017-6970 OS Command Injection vulnerability in multiple products
AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow local users to execute arbitrary commands in a privileged context via an NfSen socket, aka AlienVault ID ENG-104863.
local
low complexity
alienvault nfsen CWE-78
8.4
2017-03-06 CVE-2017-6334 OS Command Injection vulnerability in Netgear Dgn2200 Series Firmware 10.0.0.50
dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the host_name field of an HTTP POST request, a different vulnerability than CVE-2017-6077.
network
low complexity
netgear CWE-78
8.8
2017-02-22 CVE-2017-6077 OS Command Injection vulnerability in Netgear Dgn2200 Firmware
ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ping_IPAddr field of an HTTP POST request.
network
low complexity
netgear CWE-78
critical
9.8
2017-02-03 CVE-2017-3806 OS Command Injection vulnerability in Cisco Firepower Threat Defense
A vulnerability in CLI command processing in the Cisco Firepower 4100 Series Next-Generation Firewall and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to inject arbitrary shell commands that are executed by the device.
local
low complexity
cisco CWE-78
5.3
2017-02-01 CVE-2016-6065 OS Command Injection vulnerability in IBM Security Guardium
IBM Security Guardium Database Activity Monitor appliance could allow a local user to inject commands that would be executed as root.
local
low complexity
ibm CWE-78
7.8
2017-01-31 CVE-2016-10043 OS Command Injection vulnerability in MRF web Panel 9.0.1
An issue was discovered in Radisys MRF Web Panel (SWMS) 9.0.1.
network
low complexity
mrf CWE-78
critical
10.0
2017-01-26 CVE-2017-3796 OS Command Injection vulnerability in Cisco Webex Meetings Server 2.6.0
A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute predetermined shell commands on other hosts.
network
low complexity
cisco CWE-78
7.2