Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2016-02-26 CVE-2016-1297 OS Command Injection vulnerability in Cisco Application Control Engine Software
The Device Manager GUI in Cisco Application Control Engine (ACE) 4710 A5 before A5(3.1) allows remote authenticated users to bypass intended RBAC restrictions and execute arbitrary CLI commands with admin privileges via an unspecified parameter in a POST request, aka Bug ID CSCul84801.
network
low complexity
cisco CWE-78
8.8
2016-02-19 CVE-2015-7769 OS Command Injection vulnerability in Basercms
baserCMS 3.0.2 through 3.0.8 allows remote authenticated users to execute arbitrary OS commands via unspecified vectors.
network
low complexity
basercms CWE-78
6.3
2016-02-18 CVE-2015-8151 OS Command Injection vulnerability in Symantec Encryption Management Server 3.3.2
Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote authenticated users to execute arbitrary OS commands by leveraging console administrator access.
network
low complexity
symantec CWE-78
critical
9.1
2016-02-15 CVE-2015-4956 OS Command Injection vulnerability in IBM Qradar Security Information and Event Manager 7.1.0
The Web UI in IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 allows remote authenticated users to execute unspecified OS commands via unknown vectors.
network
low complexity
ibm CWE-78
7.4
2016-02-12 CVE-2016-1320 OS Command Injection vulnerability in Cisco Prime Collaboration 11.0.0/9.0.0/9.0.5
The CLI in Cisco Prime Collaboration 9.0 and 11.0 allows local users to execute arbitrary OS commands as root by leveraging administrator privileges, aka Bug ID CSCux69286.
local
low complexity
cisco CWE-78
6.7
2016-01-30 CVE-2016-1141 OS Command Injection vulnerability in Kddi Home Spot Cube Firmware 2.0
KDDI HOME SPOT CUBE devices before 2 allow remote authenticated users to execute arbitrary OS commands via unspecified vectors.
network
low complexity
kddi CWE-78
4.7
2016-01-22 CVE-2015-6435 OS Command Injection vulnerability in Cisco products
An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS) Manager before 2.2(4b), 2.2(5) before 2.2(5a), and 3.0 before 3.0(2e) allows remote attackers to execute arbitrary shell commands via a crafted HTTP request, aka Bug ID CSCur90888.
network
low complexity
cisco CWE-78
critical
9.8
2016-01-16 CVE-2016-1142 OS Command Injection vulnerability in Seeds Acmailer
Seeds acmailer before 3.8.21 and 3.9.x before 3.9.15 Beta allows remote authenticated users to execute arbitrary OS commands via unspecified vectors.
network
low complexity
seeds CWE-78
critical
9.1
2016-01-08 CVE-2015-8557 OS Command Injection vulnerability in multiple products
The FontManager._get_nix_font_path function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name.
network
high complexity
canonical pygments CWE-78
critical
9.0
2016-01-02 CVE-2015-7426 OS Command Injection vulnerability in IBM products
The Data Protection extension in the VMware GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 7.1 before 7.1.3.0 and Tivoli Storage FlashCopy Manager for VMware (aka Spectrum Protect Snapshot) 4.1 before 4.1.3.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
network
low complexity
ibm CWE-78
critical
10.0