Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2017-04-06 CVE-2017-6884 OS Command Injection vulnerability in Zyxel Emg2926 Firmware V1.00(Aaqt.4)B8
A command injection vulnerability was discovered on the Zyxel EMG2926 home router with firmware V1.00(AAQT.4)b8.
network
low complexity
zyxel CWE-78
8.8
2017-04-05 CVE-2016-9091 OS Command Injection vulnerability in Bluecoat products
Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content Analysis System (CAS) 1.3 before 1.3.7.4 are susceptible to an OS command injection vulnerability.
network
low complexity
bluecoat CWE-78
7.2
2017-04-04 CVE-2017-7414 OS Command Injection vulnerability in Horde Groupware
In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition 5.x through 5.2.17, OS Command Injection can occur if the user has PGP features enabled in the user's preferences, and has enabled the "Should PGP signed messages be automatically verified when viewed?" preference.
network
high complexity
horde CWE-78
7.5
2017-04-04 CVE-2017-7413 OS Command Injection vulnerability in Horde Groupware
In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition through 5.2.17, OS Command Injection can occur if the attacker is an authenticated Horde Webmail user, has PGP features enabled in their preferences, and attempts to encrypt an email addressed to a maliciously crafted email address.
network
low complexity
horde CWE-78
8.8
2017-03-30 CVE-2017-6182 OS Command Injection vulnerability in Sophos web Appliance
In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304.
network
low complexity
sophos CWE-78
critical
9.8
2017-03-27 CVE-2017-5330 OS Command Injection vulnerability in multiple products
ark before 16.12.1 might allow remote attackers to execute arbitrary code via an executable in an archive, related to associated applications.
local
low complexity
fedoraproject kde CWE-78
7.8
2017-03-24 CVE-2017-6087 OS Command Injection vulnerability in Eonweb Project Eonweb
EyesOfNetwork ("EON") 5.0 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the selected_events[] parameter in the (1) acknowledge, (2) delete, or (3) ownDisown function in module/monitoring_ged/ged_functions.php or the (4) module parameter to module/index.php.
network
low complexity
eonweb-project CWE-78
8.8
2017-03-23 CVE-2017-6361 OS Command Injection vulnerability in Qnap QTS
QNAP QTS before 4.2.4 Build 20170313 allows attackers to execute arbitrary commands via unspecified vectors.
network
low complexity
qnap CWE-78
critical
9.8
2017-03-23 CVE-2017-6360 OS Command Injection vulnerability in Qnap QTS
QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and obtain sensitive information via unspecified vectors.
network
low complexity
qnap CWE-78
critical
9.8
2017-03-23 CVE-2017-6359 OS Command Injection vulnerability in Qnap QTS
QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and execute arbitrary commands via unspecified vectors.
network
low complexity
qnap CWE-78
critical
9.8