Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2016-12-11 CVE-2016-6631 OS Command Injection vulnerability in PHPmyadmin
An issue was discovered in phpMyAdmin.
network
high complexity
phpmyadmin CWE-78
7.5
2016-11-30 CVE-2016-2876 OS Command Injection vulnerability in IBM Qradar Security Information and Event Manager
IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 executes unspecified processes at an incorrect privilege level, which makes it easier for remote authenticated users to obtain root access by leveraging a command-injection issue.
network
high complexity
ibm CWE-78
7.5
2016-11-25 CVE-2016-3028 OS Command Injection vulnerability in IBM products
IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0.1.4 IF3 and Security Access Manager 9.0 before 9.0.1.0 IF5 allow remote authenticated users to execute arbitrary commands by leveraging LMI admin access.
network
low complexity
ibm CWE-78
critical
9.1
2016-11-24 CVE-2016-0325 OS Command Injection vulnerability in IBM Rational Team Concert
IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 allow remote authenticated users to execute arbitrary OS commands via a crafted request.
network
low complexity
ibm CWE-78
6.3
2016-11-19 CVE-2016-6459 OS Command Injection vulnerability in Cisco Telepresence TC Software
Cisco TelePresence endpoints running either CE or TC software contain a vulnerability that could allow an authenticated, local attacker to execute a local shell command injection.
local
low complexity
cisco CWE-78
5.5
2016-10-10 CVE-2016-1000216 OS Command Injection vulnerability in Ruckus Wireless H500
Ruckus Wireless H500 web management interface authenticated command injection
network
low complexity
ruckus CWE-78
8.8
2016-09-22 CVE-2016-6414 OS Command Injection vulnerability in Cisco IOS 15.6(1)T1
iox in Cisco IOS, possibly 15.6 and earlier, and IOS XE, possibly 3.18 and earlier, allows local users to execute arbitrary IOx Linux commands on the guest OS via crafted iox command-line options, aka Bug ID CSCuz59223.
local
low complexity
cisco CWE-78
7.8
2016-09-22 CVE-2016-6373 OS Command Injection vulnerability in Cisco Cloud Services Platform 2100 2.0.0Base
The web-based GUI in Cisco Cloud Services Platform (CSP) 2100 2.0 allows remote authenticated administrators to execute arbitrary OS commands as root via crafted platform commands, aka Bug ID CSCva00541.
network
low complexity
cisco CWE-78
7.2
2016-09-21 CVE-2016-4965 OS Command Injection vulnerability in Fortinet Fortiwan
Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users with access to the nslookup functionality to execute arbitrary commands with root privileges via the graph parameter to diagnosis_control.php.
network
low complexity
fortinet CWE-78
8.8
2016-09-17 CVE-2016-1482 OS Command Injection vulnerability in Cisco Webex Meetings Server 2.6.0
Cisco WebEx Meetings Server 2.6 allows remote attackers to execute arbitrary commands by injecting these commands into an application script, aka Bug ID CSCuy83130.
network
high complexity
cisco CWE-78
8.1