Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2016-09-02 CVE-2016-4853 OS Command Injection vulnerability in Akabei Soft2 Happy Wardrobe
AKABEi SOFT2 games allow remote attackers to execute arbitrary OS commands via crafted saved data, as demonstrated by Happy Wardrobe.
local
low complexity
akabei-soft2 CWE-78
7.8
2016-08-31 CVE-2016-5679 OS Command Injection vulnerability in multiple products
cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the transfer_license command.
network
low complexity
nuuo netgear CWE-78
8.8
2016-08-08 CVE-2016-1468 OS Command Injection vulnerability in Cisco Telepresence Video Communication Server X8.5.2
The administrative web interface in Cisco TelePresence Video Communication Server Expressway X8.5.2 allows remote authenticated users to execute arbitrary commands via crafted fields, aka Bug ID CSCuv12531.
network
low complexity
cisco CWE-78
8.8
2016-08-08 CVE-2015-6396 OS Command Injection vulnerability in Cisco products
The CLI command parser on Cisco RV110W, RV130W, and RV215W devices allows local users to execute arbitrary shell commands as an administrator via crafted parameters, aka Bug IDs CSCuv90134, CSCux58161, and CSCux73567.
local
low complexity
cisco CWE-78
7.8
2016-08-05 CVE-2016-6147 OS Command Injection vulnerability in SAP Trex 7.10
An unspecified interface in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands with SIDadm privileges via unspecified vectors, aka SAP Security Note 2234226.
network
low complexity
sap CWE-78
critical
9.8
2016-06-07 CVE-2015-7611 OS Command Injection vulnerability in Apache James Server 2.3.2
Apache James Server 2.3.2, when configured with file-based user repositories, allows attackers to execute arbitrary system commands via unspecified vectors.
network
high complexity
apache CWE-78
8.1
2016-05-16 CVE-2015-4642 OS Command Injection vulnerability in PHP
The escapeshellarg function in ext/standard/exec.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 on Windows allows remote attackers to execute arbitrary OS commands via a crafted string to an application that accepts command-line arguments for a call to the PHP system function.
network
low complexity
php CWE-78
critical
9.8
2016-04-16 CVE-2016-1339 OS Command Injection vulnerability in Cisco Unified Computing System Platform Emulator 2.5(2)Ts4/3.0(2C)A/3.0(2C)Ts9
Cisco Unified Computing System (UCS) Platform Emulator 2.5(2)TS4, 3.0(2c)A, and 3.0(2c)TS9 allows local users to gain privileges via crafted arguments on a ucspe-copy command line, aka Bug ID CSCux68832.
local
low complexity
cisco CWE-78
7.8
2016-04-14 CVE-2016-1352 OS Command Injection vulnerability in Cisco Unified Computing System Central Software 1.3(0.1)
Cisco Unified Computing System (UCS) Central Software 1.3(1b) and earlier allows remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuv33856.
network
low complexity
cisco CWE-78
critical
9.8
2016-04-12 CVE-2016-3655 OS Command Injection vulnerability in Paloaltonetworks Pan-Os
The management web interface in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5 allows remote attackers to execute arbitrary OS commands via an unspecified API call.
network
low complexity
paloaltonetworks CWE-78
critical
9.8